Iranian nation-state actor TA453 continues to evolve its tactics, deploying novel infection chains and malware (GorjolEcho and NokNok) to infiltrate both Windows and macOS systems.

Learn more: https://thehackernews.com/2023/07/iranian-hackers-sophisticated-malware.html

🚨 New TrueBot variants strike US and Canada. Exploiting Netwrix Auditor's vulnerability, they infiltrate networks, steal data, and distribute ransomware.

Patch up. Details here: https://thehackernews.com/2023/07/cybersecurity-agencies-sound-alarm-on.html

JumpCloud takes precautionary action against an ongoing cybersecurity incident by resetting API keys for affected clients.

Learn more: https://thehackernews.com/2023/07/jumpcloud-resets-api-keys-amid-ongoing.html

Brace yourself for temporary disruptions in certain functionalities.

🔐 Google's latest Android security updates are here! Patching 46 new vulnerabilities, including 3 actively exploited flaws. One flaw enabled spyware infiltration on Samsung devices.

Read details here: https://thehackernews.com/2023/07/google-releases-android-patch-update.html

Microsoft uncovers the ruthless efficiency of ransomware attacks.

In just 5 days, hackers complete the entire attack process, breaching systems, encrypting vital data, and holding organizations hostage.

Details: https://thehackernews.com/2023/07/blackbyte-20-ransomware-infiltrate.html

Mastodon, the decentralized social network, releases critical security update. Update your instance ASAP to prevent potential DoS and remote code execution attacks.

Read details: https://thehackernews.com/2023/07/mastodon-social-network-patches.html

🔒 Yet another critical SQL injection vulnerability (CVE-2023-36934) uncovered in popular MOVEit Transfer—the same software that was exploited in a series of recent cyberattacks to deploy Clop #ransomware.

Read details: https://thehackernews.com/2023/07/another-critical-unauthenticated-sqli.html

🛡️ Struggling with limited visibility into cyber threats? Discover how "Continuous Threat Exposure Management" empowers CISOs and SOC teams to proactively protect their assets, data, and systems.

Read details: https://thehackernews.com/2023/07/close-security-gaps-with-continuous.html

Beware! Voice phishing has taken an advanced twist with "Letscall."

This multi-step vishing attack combines hi-tech malware, voice traffic routing, and social engineering to deceive victims into micro-loans and disclose personal info.

Read: https://thehackernews.com/2023/07/vishing-goes-high-tech-new-letscall.html

🚨 Beware, Android users! Two popular file management apps on #Google Play Store revealed as spyware, sending users' data to servers in China.

Over 1.5M users' security and privacy are at risk.

Read details: https://thehackernews.com/2023/07/two-spyware-apps-on-google-play-with-15.html

🚨 ALERT: $20 million stolen from Revolut in a massive cyber attack. The organized criminal groups took advantage of a loophole, leading to significant financial losses:

Read: http://thehackernews.com/2023/07/hackers-steal-20-million-by-exploiting.html

Beware, LATAM businesses! A sophisticated banking trojan called TOITOIN is targeting Latin American organizations. Evading detection with custom-designed modules and a multi-stage attack strategy, it demands immediate attention.

Read: https://thehackernews.com/2023/07/new-toitoin-banking-trojan-targeting.html

RomCom RAT strikes again! Cyber threat actors are targeting the NATO Summit in Vilnius with phishing attacks.

Read: https://thehackernews.com/2023/07/romcom-rat-targeting-nato-and-ukraine.html

🔒 Mozilla Firefox has introduced a new feature called Quarantined Domains, which blocks certain add-ons on specific sites due to security risks.

Read details: https://thehackernews.com/2023/07/new-mozilla-feature-blocks-risky-add.html

⚡ Apple just released critical updates to patch an actively exploited zero-day (CVE-2023-37450) flaw.

🛡️ Update to iOS 16.5.1 (a), iPadOS 16.5.1 (a), macOS Ventura 13.4.1 (a), and Safari 16.5.2.

Read: https://thehackernews.com/2023/07/apple-issues-urgent-patch-for-zero-day.html

Protect your systems against Big Head ransomware's diverse attack vectors! It's not just about encryption—it also incorporates a file infector called Neshta to deceive security solutions.

Read: https://thehackernews.com/2023/07/beware-of-big-head-ransomware-spreading.html

New report reveals ongoing SCARLETEEL attack campaign targeting AWS Fargate. Cybercriminals escalate privileges, exploit vulnerabilities, and profit through crypto mining.

Learn more about this attack: https://thehackernews.com/2023/07/scarleteel-cryptojacking-campaign.html

Discover the power of MITRE ATT&CK! This widely adopted framework categorizes tactics, techniques, and procedures used in cyberattacks, helping security professionals build strong defense strategies.

Learn more: https://thehackernews.com/2023/07/how-to-apply-mitre-att-to-your.html

🚨 Security Alert: Hackers are exploiting a Microsoft Windows policy loophole to forge signatures on kernel-mode drivers, gaining complete system access.

Learn more about this major threat: https://thehackernews.com/2023/07/hackers-exploit-windows-policy-loophole.html

Heads up, everyone! Microsoft has released updates to fix 130 security flaws, including 6 zero-day vulnerabilities being actively exploited. Update your software now to keep your systems secure.

Learn more: https://thehackernews.com/2023/07/microsoft-releases-patches-for-130.html

A sophisticated threat actor has been employing a new Python-based fileless attack called PyLoose to mine cryptocurrency on cloud workloads, bypassing traditional detection methods.

Read details: https://thehackernews.com/2023/07/python-based-pyloose-fileless-attack.html