DTCC cuts breach risks by 11% with Automated Security Validation. Using Pentera, they boosted security, reduced costs, and freed up expert resources—without adding staff.

Is your team ahead, or falling behind? 🤔

Read how DTCC is leading the way: https://thehackernews.com/2024/11/the-roi-of-security-investments-how.html

🚨 SEO poisoning attack alert! GootLoader malware spreads by exploiting searches like "Are Bengal Cats legal in Australia?"

Read more: https://thehackernews.com/2024/11/new-gootloader-campaign-targets-users.html

🔐 Imagine your banking app or car's software secretly turning on you...

This isn't a movie plot—it's the world of cyber in 2024. Dive into this week’s wildest cyber threats and top defense tips in our latest weekly recap.

Read it here: https://thehackernews.com/2024/11/thn-recap-top-cybersecurity-threats_11.html

A new ransomware, Ymir, uses advanced memory management tactics to execute malicious code stealthily.

It targeted a Colombian organization after credentials were stolen by RustyStealer.

Read: https://thehackernews.com/2024/11/new-ymir-ransomware-exploits-memory-for.html

🛡️ North Korean hackers are using Flutter apps to target macOS with malware, bypassing traditional Apple security through signed developer IDs. Cryptocurrency companies are at risk.

Learn more: https://thehackernews.com/2024/11/north-korean-hackers-target-macos-using.html

🔑 Revolutionizing SOCs: Behavioral Analytics is Back—Better than Ever!

Discover how behavioral analytics is transforming SOC incident response, improving speed and accuracy, and reducing resource costs.

Read: https://thehackernews.com/2024/11/5-ways-behavioral-analytics-is.html

🚨 Cybercriminals have a new weapon: GoIssue, a tool that targets #GitHub developers with bulk phishing emails.

This method can steal credentials and compromise repositories. With prices slashed, attacks are now more scalable.

Read: https://thehackernews.com/2024/11/new-phishing-tool-goissue-targets.html

Researchers have identified a #vulnerability in Citrix Virtual Apps that allows unauthenticated RCE through improper deserialization.

Read more: https://thehackernews.com/2024/11/new-flaws-in-citrix-virtual-apps-enable.html

Patches are available, but many organizations may still be exposed if not updated.

Protect your organization with a Georgetown Master's in Cybersecurity Risk Management. Attend a sample class on November 19.

https://thn.news/cyber-risk-sample-class-ig

🚨 Microsoft warns of actively exploited flaws in NTLM (CVE-2024-43451) & Task Scheduler (CVE-2024-49039), allowing NTLMv2 hash disclosure and privilege escalation to restricted RPC functions.

Find details on the November Patch Tuesday update: https://thehackernews.com/2024/11/microsoft-fixes-90-new-vulnerabilities.html

The “Dream Job” campaign isn’t just a scam—it’s a sophisticated cyberattack.

Iranian hacker group TA455 mimics North Korean tactics, using fake job offers to deploy malware in the aerospace sector.

Learn more: https://thehackernews.com/2024/11/iranian-hackers-use-dream-job-lures-to.html

🚨 OvrC cloud platform’s critical security flaws (CVE up to 9.2) allow attackers to bypass firewalls, hijack devices, and execute arbitrary code on IoT systems, threatening critical infrastructure.

Learn more: https://thehackernews.com/2024/11/ovrc-platform-vulnerabilities-expose.html

Bitdefender has released a free decryptor for ShrinkLocker, a #ransomware that uses BitLocker to lock files, and can compromise entire networks in under 10 minutes.

Read: https://thehackernews.com/2024/11/free-decryptor-released-for-bitlocker.html

🚨 90% of network traffic flows through browsers. This makes them a prime target for cybercriminals. Phishing, data leakage & credential theft are increasing threats.

Check out LayerX’s guide for CISOs on protecting your teams and data.

Read: https://thehackernews.com/2024/11/comprehensive-guide-to-building-strong.html

On November 19, GigaOm Analyst, Paul Stringfellow and Sentra's Director of Product Marketing, David S., will share the latest insights from Gigaom’s recent DSPM report.

This session will spotlight critical factors in choosing a DSPM provider and reveal why DSPM is emerging as a distinct and essential component of modern data security.

Don’t miss this opportunity to learn directly from the experts!

Reserve your spot here 👇 https://thn.news/dspm-webinar

A threat group aligned with Hamas has expanded its cyber warfare beyond espionage, deploying new disruptive wipers and phishing campaigns targeting Israel.

Learn more: https://thehackernews.com/2024/11/hamas-affiliated-wirte-employs-samecoin.html

🔒 Internal vs. External PenTesting: What IT Pros Need to Know!

Cyber threats are up 180% – is your network ready? Regular network pentesting is more important than ever, but do you know the difference between internal vs external pentesting? 🤔

• Internal: Tests from the inside, catching insider threats.
• External: Protects your public-facing assets from outside attacks.

Finding weaknesses first = saving $$$, staying compliant, and peace of mind. And with vPenTest, network pen testing is easier and more affordable than ever!

🔗 Read more: https://thn.news/network-penetration-testing

Exploit alert: Russia-linked threat actors have actively exploited the CVE-2024-43451 #vulnerability to deploy Spark RAT, with the potential for significant damage through credential theft.

Read: https://thehackernews.com/2024/11/russian-hackers-exploit-new-ntlm-flaw.html

🛑 North Korean hackers are back with a new malware campaign targeting macOS. "RustyAttr" leverages extended file attributes to stealthily deliver malicious payloads.

Learn more: https://thehackernews.com/2024/11/new-rustyattr-malware-targets-macos.html

A misconfigured TikTok pixel nearly caused a costly GDPR violation for a global travel company, showing how simple oversights can lead to significant fines and reputational damage.

Learn more: https://thehackernews.com/2024/11/tiktok-pixel-privacy-nightmare-new-case.html