💡 Discover how exposure validation can help cybersecurity teams focus on critical vulnerabilities, optimizing resources and improving security posture.

Read: https://thehackernews.com/2024/10/a-sherlock-holmes-approach-to.html

Ensure that your data stays secure in a constantly shifting environment.

Data Detection & Response (DDR) provides real-time protection by detecting threats and stopping data breaches before they happen.

Learn more in Sentra Security's guide: https://thn.news/data-detection-response-sentra

🚨 Over three dozen security flaws found in popular open-source AI models could lead to severe risks, including remote code execution and data theft.

Read: https://thehackernews.com/2024/10/researchers-uncover-vulnerabilities-in.html

Researchers have uncovered a malicious Python package posing as a #cryptocurrency trading tool. Downloaded over 1,300 times before removal, this #malware affects Windows and macOS systems.

Read: https://thehackernews.com/2024/10/researchers-uncover-python-package.html

UPDATE - Microsoft reports a surge in APT29 spear-phishing campaigns using malicious emails containing RDP configuration files, enabling remote control of compromised systems.

Learn more: https://thehackernews.com/2024/10/cert-ua-identifies-malicious-rdp-files.html

A newly discovered flaw in the Opera browser allowed malicious extensions to access private APIs, potentially enabling serious security breaches

Find details here: https://thehackernews.com/2024/10/opera-browser-fixes-big-security-hole.html

⚠️ Alert: SYS01stealer is on the rise! This #malware not only steals data but exploits #Facebook ads to amplify its reach, making it a unique threat for businesses relying on social media for marketing.

Learn more: https://thehackernews.com/2024/10/malvertising-campaign-hijacks-facebook.html

Keeping up with vulnerability management for compliance is a challenge. Let Intruder handle it!

Intruder's platform offers continuous monitoring and automated reporting, helping you stay compliant without the hassle

Read: https://thehackernews.com/2024/10/embarking-on-compliance-journey-heres.html

🔥 North Korean threat actor Jumpy Pisces has allied with the Play #ransomware group, highlighting a troubling milestone in cybercrime. Their tactics, including credential harvesting and advanced persistence.

Learn more: https://thehackernews.com/2024/10/north-korean-group-collaborates-with.html

High-severity CVE-2024-50550 #vulnerability in LiteSpeed Cache plugin allows unauthorized access, highlighting critical security implications for WordPress users.

Read: https://thehackernews.com/2024/10/litespeed-cache-plugin-vulnerability.html

Gather round — we’ve got a spooky story for you. Ever heard of ghost logins? It’s not a tale most IAM teams will tell you.

Ghost logins are forgotten local logins that enable attackers to get around your tightly controlled SSO login and circumvent MFA. With unprecedented levels of credential theft (enabled by infostealer attacks), these accounts are now much more likely to be taken over via credential stuffing attacks.

Learn more 👇 https://thn.news/ghost-logins-explained

🛡️ LottieFiles faced a supply chain attack compromising its npm package, affecting developers using the library—urgent update required.

Read: https://thehackernews.com/2024/10/lottiefiles-issues-warning-about.html

🛑 A new version of LightSpy #spyware targets iOS, expanding its capabilities with destructive features.

With the number of plugins increasing from 12 to 28, it can capture everything from Wi-Fi credentials to SMS messages and even delete data.

Read: https://thehackernews.com/2024/10/new-lightspy-spyware-version-targets.html

🛡️ New phishing kit "Xiū gǒu" targets multiple countries, including Australia and the U.S., with over 2,000 phishing sites.

It uses Golang and Vue.js to allow attackers to exfiltrate sensitive credentials via Telegram from fake sites.

Read: https://thehackernews.com/2024/11/new-phishing-kit-xiu-gou-targets-users.html

⚠️ Attackers are evolving!

Legacy security tools fail against new threats, with 70% of phishing pages bypassing detection. Explore insights from the "Enterprise Identity Threat Report 2024" on critical identity security risks.

Read: https://thehackernews.com/2024/10/enterprise-identity-threat-report-2024.html

Microsoft delays the launch of its Recall feature for Windows Copilot+ PCs, now set for December.

The Recall feature, which creates a comprehensive log of user activity, has faced scrutiny, leading to a redesign focused on privacy controls.

https://thehackernews.com/2024/11/microsoft-delays-windows-copilot-recall.html

🚨 Attention #Cybersecurity Professionals!

Cybercriminals are exploiting identity vulnerabilities, causing data breaches & financial losses.

Join our exclusive WEBINAR to learn key tactics for defending against advanced identity-based threats

Join: https://thehackernews.com/2024/11/stop-lucr-3-attacks-learn-key-identity.html

🚨 Microsoft identifies the Chinese threat actor Storm-0940 using the Quad7 botnet for sophisticated password spray attacks.

Find details here: https://thehackernews.com/2024/11/microsoft-warns-of-chinese-botnet.html

⚠️ Researchers have uncovered EMERALDWHALE, a massive campaign exploiting exposed Git configurations to siphon over 15,000 credentials and clone 10,000 private repositories.

Read: https://thehackernews.com/2024/11/massive-git-config-breach-exposes-15000.html

🚨Cybersecurity at the Olympics: A New Threat Emerges! Learn about the evolving tactics of cyber groups like Emennet Pasargad and their implications for cybersecurity strategies.

Read: https://thehackernews.com/2024/11/inside-irans-cyber-playbook-ai-fake.html