🚨 Microsoft identifies the Chinese threat actor Storm-0940 using the Quad7 botnet for sophisticated password spray attacks.

Find details here: https://thehackernews.com/2024/11/microsoft-warns-of-chinese-botnet.html

⚠️ Researchers have uncovered EMERALDWHALE, a massive campaign exploiting exposed Git configurations to siphon over 15,000 credentials and clone 10,000 private repositories.

Read: https://thehackernews.com/2024/11/massive-git-config-breach-exposes-15000.html

🚨Cybersecurity at the Olympics: A New Threat Emerges! Learn about the evolving tactics of cyber groups like Emennet Pasargad and their implications for cybersecurity strategies.

Read: https://thehackernews.com/2024/11/inside-irans-cyber-playbook-ai-fake.html

🚨 SaaS Misconfigurations Are a Major Threat!

With so many apps and integrations, the risk of data breaches has never been higher. Here are 5 common misconfigurations you need to address NOW!

Read: https://thehackernews.com/2024/11/5-saas-misconfigurations-leading-to.html

🚨 A new Android malware, FakeCall, has emerged, utilizing sophisticated voice phishing (vishing) techniques to deceive users.

This malware can capture SMS, contacts, and stream live video, redirecting calls to fraudulent sources.

Read: https://thehackernews.com/2024/11/new-fakecall-malware-variant-hijacks.html

Google's AI framework, 🤖 Big Sleep, discovers a zero-day vulnerability in the widely used SQLite database engine, demonstrating the future of automated vulnerability detection.

Learn more: https://thehackernews.com/2024/11/googles-ai-tool-big-sleep-finds-zero.html

🎄🎁🤖 As retail traffic surges this holiday season, AI-driven threats are expected to spike.

Discover how "Grinch bots" are impacting the retail industry and strategies to enhance bot detection for a seamless holiday shopping experience.

https://thehackernews.com/2024/11/cyber-threats-that-could-impact-retail.html

German law enforcement has disrupted the criminal service dstat[.]cc, enabling easy DDoS attacks for non-technical users.

Find details here: https://thehackernews.com/2024/11/german-police-disrupt-ddos-for-hire.html

⚠️ Six critical security flaws have been discovered in the Ollama AI framework, enabling potential model poisoning and theft. With a staggering number of unpatched instances, it’s crucial to filter internet-facing endpoints effectively.

Read: https://thehackernews.com/2024/11/critical-flaws-in-ollama-ai-framework.html

💻 Don't miss out on our latest #cybersecurity newsletter!

This week, we're diving into the chaos as hackers ramp up attacks, including North Korean ransomware collaboration and evasive password spraying tactics.

https://thehackernews.com/2024/11/thn-recap-top-cybersecurity-threats.html

Google warns of active exploitation of CVE-2024-43093 in Android.

This #vulnerability allows unauthorized access to critical directories, emphasizing the need for timely updates and patching processes.

https://thehackernews.com/2024/11/google-warns-of-actively-exploited-cve.html

Canadian authorities have arrested Alexander "Connor" Moucka, a suspect in the Snowflake data breach that impacted around 165 organizations, including major corporations like AT&T and Ticketmaster, some of which were extorted for large sums.

https://thehackernews.com/2024/11/canadian-suspect-arrested-over.html

Synology has released a patch for a critical zero-day vulnerability (CVE-2024-10443) affecting millions of NAS devices, which allows remote code execution without user interaction.

Read: https://thehackernews.com/2024/11/synology-urges-patch-for-critical-zero.html

🚨 Hundreds of typosquatted versions targeting npm developers are attempting to deliver cross-platform #malware by employing Ethereum smart contracts for command-and-control (C2) communications.

Read: https://thehackernews.com/2024/11/malware-campaign-uses-ethereum-smart.html

The Android banking malware "ToxicPanda" has infected over 1,500 devices, facilitating fraudulent transactions by bypassing security measures.

It disguises itself as legitimate apps and intercepts OTPs for unauthorized access.

Read: https://thehackernews.com/2024/11/new-android-banking-malware-toxicpanda.html

Explore how Zero Trust security transforms #cybersecurity by eliminating implicit trust, scrutinizing access requests, and continuously monitoring users to mitigate insider threats and enhance security posture.

Read: https://thehackernews.com/2024/11/leveraging-wazuh-for-zero-trust-security.html

The FBI is seeking public assistance to identify those behind cyber intrusions linked to Chinese APT groups that have exploited vulnerabilities in edge devices and networks for cyber espionage against critical infrastructure.

Learn more: https://thehackernews.com/2024/11/fbi-seeks-public-help-to-identify.html

Google Cloud will enforce mandatory multi-factor authentication (MFA) for all users by the end of 2025

Learn more: https://thehackernews.com/2024/11/google-cloud-to-enforce-multi-factor.html

South Korea fined Meta $15.67 million for sharing sensitive data from 980,000 users with advertisers without proper consent.

Learn more: https://thehackernews.com/2024/11/south-korea-fines-meta-1567m-for.html

INTERPOL has taken down over 22,000 malicious servers in its Operation Synergia II, targeting phishing, ransomware, and malware.

Learn more: https://thehackernews.com/2024/11/interpols-operation-synergia-ii.html