Identity security is evolving from mere access management to a strategic business necessity.

Explore the critical state of identity security post-breach, highlighting risks and strategic insights for cybersecurity professionals.

Read: https://thehackernews.com/2024/10/permiso-state-of-identity-security-2024.html

⚠️ New variants of Grandoreiro banking malware are evolving, targeting 1,700 financial institutions in 45 countries, and employing tactics like mouse tracking and CAPTCHA barriers, despite law enforcement efforts.

Read: https://thehackernews.com/2024/10/new-grandoreiro-banking-malware.html

🚨 Fortinet confirms a critical vulnerability (CVE-2024-47575 / CVSS 9.8) affecting FortiManager is being actively exploited!

It could allow unauthorized remote access, potentially compromising sensitive data & configurations.

https://thehackernews.com/2024/10/fortinet-warns-of-critical.html

Don't wait—patch now.

North Korea's Lazarus Group exploits a zero-day #vulnerability (CVE-2024-4947) in Google Chrome to target the #cryptocurrency sector.

Exploitation strategy involved social media manipulation and fake game promotions.

Learn more: https://thehackernews.com/2024/10/lazarus-group-exploits-google-chrome.html

Cisco has patched CVE-2024-20481, a #vulnerability affecting its ASA and Firepower devices that could lead to a denial-of-service (DoS) for Remote Access VPNs.

Learn more: https://thehackernews.com/2024/10/cisco-issues-urgent-fix-for-asa-and-ftd.html

Researchers identified a #vulnerability in AWS CDK that may lead to account takeover, with over 1% of users at risk from predictable S3 bucket names.

The solution: update your CDK version and customize bucket names.

Read: https://thehackernews.com/2024/10/aws-cloud-development-kit-vulnerability.html

Generative AI is revolutionizing phishing attacks, posing new challenges for #cybersecurity professionals.

Discover how to combat this evolving threat.

Read → https://thehackernews.com/2024/10/why-phishing-resistant-mfa-is-no-longer.html

A new advanced Qilin #ransomware variant, Qilin.B, features enhanced AES-256-CTR and RSA-4096 encryption, making recovery nearly impossible without the attackers' keys.

Read → https://thehackernews.com/2024/10/new-qilinb-ransomware-variant-emerges.html

⚖️ LinkedIn has been fined €310 million for breaching GDPR regulations concerning user #privacy.

DPC found #LinkedIn's processing lacked necessary user consent and transparency, which could set a precedent for other companies.

Read → https://thehackernews.com/2024/10/irish-watchdog-imposes-record-310.html

The SEC penalizes four companies—Avaya, Check Point, Mimecast, and Unisys—for misleading investors following the 2020 SolarWinds cyberattack.

Learn more: https://thehackernews.com/2024/10/sec-charges-4-companies-over-misleading.html

🔒 Apple has launched its Private Cloud Compute Virtual Research Environment (VRE) for security researchers to validate its #privacy and security claims.

It offers rewards between $50,000 and $1,000,000 for identifying flaws.

Read: https://thehackernews.com/2024/10/apple-opens-pcc-source-code-for.html

Attention: CVE-2024-41992 #vulnerability in Wi-Fi Test Suite could give attackers full control over Arcadyan routers. The flaw allows for command injection, enabling full administrative access.

Find details here → https://thehackernews.com/2024/10/researchers-discover-command-injection.html

🚨 Four members of the notorious REvil ransomware gang have been sentenced in Russia, a rare conviction in the cybercrime world.

Read 👉 https://thehackernews.com/2024/10/four-revil-ransomware-members-sentenced.html

⚠️ CERT-UA warns of a sophisticated email attack using RDP files to breach sensitive systems in Ukraine.

Read: https://thehackernews.com/2024/10/cert-ua-identifies-malicious-rdp-files.html

Explore the rise of AI impersonation fraud and its implications for cybersecurity.

Learn how to safeguard your organization against these emerging threats.

Read: https://thehackernews.com/2024/10/eliminating-ai-deepfake-threats-is-your.html

TeamTNT shifts tactics to target Docker environments for #cryptocurrency mining by exploiting exposed daemons to deploy malware and cryptominers.

Read: https://thehackernews.com/2024/10/notorious-hacker-group-teamtnt-launches.html

A new attack technique bypasses Microsoft's Driver Signature Enforcement on fully patched Windows systems, enabling attackers to load unsigned kernel drivers and compromising the integrity of OS security.

Learn more: https://thehackernews.com/2024/10/researchers-uncover-os-downgrade.html

A staggering 10-fold increase in phishing pages created with Webflow has been observed, targeting over 120 organizations globally.

Discover how to stay ahead of evolving threats: https://thehackernews.com/2024/10/cybercriminals-use-webflow-to-deceive.html

🦹‍♂️ AI manipulation, 🌩️ cloud storage flaws, and a major 💣 AWS vulnerability - this week's cybersecurity recap is packed!

https://thehackernews.com/2024/10/thn-cybersecurity-recap-top-threats_28.html

Don't let your friends and colleagues fall victim to the latest cyber threats. Share this newsletter with them, it's a must-read!

⚠️ Alert for developers - Three packages found to contain the BeaverTail #malware linked to North Korean cyber campaigns.

Find details here: https://thehackernews.com/2024/10/beavertail-malware-resurfaces-in.html