A threat group aligned with Hamas has expanded its cyber warfare beyond espionage, deploying new disruptive wipers and phishing campaigns targeting Israel.

Learn more: https://thehackernews.com/2024/11/hamas-affiliated-wirte-employs-samecoin.html

🔒 Internal vs. External PenTesting: What IT Pros Need to Know!

Cyber threats are up 180% – is your network ready? Regular network pentesting is more important than ever, but do you know the difference between internal vs external pentesting? 🤔

• Internal: Tests from the inside, catching insider threats.
• External: Protects your public-facing assets from outside attacks.

Finding weaknesses first = saving $$$, staying compliant, and peace of mind. And with vPenTest, network pen testing is easier and more affordable than ever!

🔗 Read more: https://thn.news/network-penetration-testing

Exploit alert: Russia-linked threat actors have actively exploited the CVE-2024-43451 #vulnerability to deploy Spark RAT, with the potential for significant damage through credential theft.

Read: https://thehackernews.com/2024/11/russian-hackers-exploit-new-ntlm-flaw.html

🛑 North Korean hackers are back with a new malware campaign targeting macOS. "RustyAttr" leverages extended file attributes to stealthily deliver malicious payloads.

Learn more: https://thehackernews.com/2024/11/new-rustyattr-malware-targets-macos.html

A misconfigured TikTok pixel nearly caused a costly GDPR violation for a global travel company, showing how simple oversights can lead to significant fines and reputational damage.

Learn more: https://thehackernews.com/2024/11/tiktok-pixel-privacy-nightmare-new-case.html

Ransomware is evolving—targeting local backups & SaaS. Avoid 5 BCDR oversights that leave you exposed. Prioritize immutable backups, automated testing, & threat detection.

Read: https://thehackernews.com/2024/11/5-bcdr-oversights-that-leave-you-exposed-to-ransomware.html

Are you ready to recover?

🛑 The rise of cloaking and deepfakes is shaking up cybersecurity.

Google warns that fraudsters are using cloaking tactics to impersonate legitimate sites, leading to scams and malware installs.

Read: https://thehackernews.com/2024/11/google-warns-of-rising-cloaking-scams.html

Stay alert to these evolving threats!

Researchers reveal over 70,000 domains have been hijacked by cybercriminals using a stealthy technique called Sitting Ducks.

This attack targets DNS misconfigurations, making it nearly impossible to detect.

Read: https://thehackernews.com/2024/11/experts-uncover-70000-hijacked-domains.html

🚨 Urgent : CISA warns of active exploitation of critical flaws in Palo Alto Networks Expedition OS and SQL services (CVEs 9463 & 9465).

Read: https://thehackernews.com/2024/11/cisa-flags-critical-palo-alto-network.html

These vulnerabilities could lead to severe breaches if not addressed promptly.

Ilya Lichtenstein sentenced to 5 years for masterminding the 2016 Bitfinex hack, stealing $10.5B in #Bitcoin.

His laundering tactics included crypto mixers and fake identities, highlighting the evolving threat in crypto security.

Read: https://thehackernews.com/2024/11/bitfinex-hacker-sentenced-to-5-years.html

⚠️ Researchers have identified a high-severity #vulnerability (CVE-2024-10979) in PostgreSQL, allowing unprivileged users to alter environment variables, leading to potential code execution or information leaks.

Read: https://thehackernews.com/2024/11/high-severity-flaw-in-postgresql-allows.html

Warning -- PXA Stealer, a new Python-based #malware, is targeting European & Asian gov and education sectors, stealing sensitive data like credentials & financial info.

Learn more: https://thehackernews.com/2024/11/vietnamese-hacker-group-deploys-new-pxa.html

AI in IAM = smarter security!

Machine learning analyzes behavior patterns to detect anomalies, enabling quicker & precise threat responses.

Learn how it reduces false positives, boosts efficiency & strengthens defenses: https://thehackernews.com/2024/11/how-ai-is-transforming-iam-and-identity.html

🔐 Trust is the foundation of your business—how solid is your certificate management?

Join our exclusive webinar to gain actionable insights into crypto agility and post-quantum cryptography from industry experts.

Don’t miss out—secure your spot now: https://thehackernews.com/2024/11/master-certificate-management-join-this.html

Researchers found vulnerabilities in Google’s Vertex AI, allowing attackers to escalate privileges and exfiltrate models through manipulated custom job permissions and AI Pipelines, gaining backdoor access to Google Cloud and Kubernetes.

https://thehackernews.com/2024/11/researchers-warn-of-privilege.html

🔴 Alert: Iranian state-backed group, Cotton Sandstorm, has unleashed a new cyber espionage tool—WezRat.

This remote access trojan can execute malicious commands, steal sensitive data, and even take screenshots.

Read: https://thehackernews.com/2024/11/iranian-hackers-deploy-wezrat-malware.html

🔴 New Threat Alert: BrazenBamboo, a well-resourced group, is exploiting an UNPATCHED zero-day #vulnerability in Fortinet's FortiClient for Windows to extract VPN credentials.

Learn more: https://thehackernews.com/2024/11/warning-deepdata-malware-exploiting.html

⚡ New Zero-Day Alert: Unauthenticated RCE in PAN-OS!

With a CVSS score of 9.3, hackers are exploiting it to deploy web shells, allowing persistent remote access.

🚨 No patches yet—secure your firewall management interface now.

Details: https://thehackernews.com/2024/11/pan-os-firewall-vulnerability-under.html

A critical vulnerability (CVE-2024-10924) in the Really Simple SSL plugin affects 4 Million+ WordPress sites, allowing attackers to bypass 2FA and gain admin access remotely.

Details here: https://thehackernews.com/2024/11/urgent-critical-wordpress-plugin.html

Patch available—update now!

Legal battle exposes NSO Group's continued exploitation of WhatsApp flaws to deploy Pegasus spyware—even after being sued by Meta.

Court docs reveal sophisticated zero-click attacks & ongoing adaptations to bypass WhatsApp's defenses.

Read: https://thehackernews.com/2024/11/nso-group-exploited-whatsapp-to-install.html