🚨 Fortinet confirms a critical vulnerability (CVE-2024-47575 / CVSS 9.8) affecting FortiManager is being actively exploited!

It could allow unauthorized remote access, potentially compromising sensitive data & configurations.

https://thehackernews.com/2024/10/fortinet-warns-of-critical.html

Don't wait—patch now.

North Korea's Lazarus Group exploits a zero-day #vulnerability (CVE-2024-4947) in Google Chrome to target the #cryptocurrency sector.

Exploitation strategy involved social media manipulation and fake game promotions.

Learn more: https://thehackernews.com/2024/10/lazarus-group-exploits-google-chrome.html

Cisco has patched CVE-2024-20481, a #vulnerability affecting its ASA and Firepower devices that could lead to a denial-of-service (DoS) for Remote Access VPNs.

Learn more: https://thehackernews.com/2024/10/cisco-issues-urgent-fix-for-asa-and-ftd.html

Researchers identified a #vulnerability in AWS CDK that may lead to account takeover, with over 1% of users at risk from predictable S3 bucket names.

The solution: update your CDK version and customize bucket names.

Read: https://thehackernews.com/2024/10/aws-cloud-development-kit-vulnerability.html

Generative AI is revolutionizing phishing attacks, posing new challenges for #cybersecurity professionals.

Discover how to combat this evolving threat.

Read → https://thehackernews.com/2024/10/why-phishing-resistant-mfa-is-no-longer.html

A new advanced Qilin #ransomware variant, Qilin.B, features enhanced AES-256-CTR and RSA-4096 encryption, making recovery nearly impossible without the attackers' keys.

Read → https://thehackernews.com/2024/10/new-qilinb-ransomware-variant-emerges.html

⚖️ LinkedIn has been fined €310 million for breaching GDPR regulations concerning user #privacy.

DPC found #LinkedIn's processing lacked necessary user consent and transparency, which could set a precedent for other companies.

Read → https://thehackernews.com/2024/10/irish-watchdog-imposes-record-310.html

The SEC penalizes four companies—Avaya, Check Point, Mimecast, and Unisys—for misleading investors following the 2020 SolarWinds cyberattack.

Learn more: https://thehackernews.com/2024/10/sec-charges-4-companies-over-misleading.html

🔒 Apple has launched its Private Cloud Compute Virtual Research Environment (VRE) for security researchers to validate its #privacy and security claims.

It offers rewards between $50,000 and $1,000,000 for identifying flaws.

Read: https://thehackernews.com/2024/10/apple-opens-pcc-source-code-for.html

Attention: CVE-2024-41992 #vulnerability in Wi-Fi Test Suite could give attackers full control over Arcadyan routers. The flaw allows for command injection, enabling full administrative access.

Find details here → https://thehackernews.com/2024/10/researchers-discover-command-injection.html

🚨 Four members of the notorious REvil ransomware gang have been sentenced in Russia, a rare conviction in the cybercrime world.

Read 👉 https://thehackernews.com/2024/10/four-revil-ransomware-members-sentenced.html

⚠️ CERT-UA warns of a sophisticated email attack using RDP files to breach sensitive systems in Ukraine.

Read: https://thehackernews.com/2024/10/cert-ua-identifies-malicious-rdp-files.html

Explore the rise of AI impersonation fraud and its implications for cybersecurity.

Learn how to safeguard your organization against these emerging threats.

Read: https://thehackernews.com/2024/10/eliminating-ai-deepfake-threats-is-your.html

TeamTNT shifts tactics to target Docker environments for #cryptocurrency mining by exploiting exposed daemons to deploy malware and cryptominers.

Read: https://thehackernews.com/2024/10/notorious-hacker-group-teamtnt-launches.html

A new attack technique bypasses Microsoft's Driver Signature Enforcement on fully patched Windows systems, enabling attackers to load unsigned kernel drivers and compromising the integrity of OS security.

Learn more: https://thehackernews.com/2024/10/researchers-uncover-os-downgrade.html

A staggering 10-fold increase in phishing pages created with Webflow has been observed, targeting over 120 organizations globally.

Discover how to stay ahead of evolving threats: https://thehackernews.com/2024/10/cybercriminals-use-webflow-to-deceive.html

🦹‍♂️ AI manipulation, 🌩️ cloud storage flaws, and a major 💣 AWS vulnerability - this week's cybersecurity recap is packed!

https://thehackernews.com/2024/10/thn-cybersecurity-recap-top-threats_28.html

Don't let your friends and colleagues fall victim to the latest cyber threats. Share this newsletter with them, it's a must-read!

⚠️ Alert for developers - Three packages found to contain the BeaverTail #malware linked to North Korean cyber campaigns.

Find details here: https://thehackernews.com/2024/10/beavertail-malware-resurfaces-in.html

⚠️ Russian espionage group UNC5812 is using Telegram to deliver #malware designed to undermine military recruitment in Ukraine.

Threats like SUNSPINNER and CraxsRAT exploit vulnerabilities in #Android and Windows.

Read: https://thehackernews.com/2024/10/russian-espionage-group-targets.html

🚨 New OT security threats are emerging as ships and cranes become more digital.

Find out how SSH’s PrivX OT Edition can help tackle these challenges in marine and industrial operations.

Read: https://thehackernews.com/2024/10/sailing-seven-seas-securely-from-port.html