Top cybersecurity news stories
## BlackWidow Bites: New Loader Malware Replaces IcedID 🕷️
Latrodectus, a sophisticated malware targeting users with phishing emails, is replacing IcedID and downloading other malware families. #cybersecurity #malware #phishing #security
https://malware.news/t/latrodectus-the-wrath-of-black-widow/87682
https://www.flagthis.com/?pid=5555
## SolarWinds Web Help Desk Flaw Under Active Attack! 🚨
CISA warns of critical vulnerability (CVE-2024-28987) allowing remote code execution, urging immediate patching. #SolarWinds #Cybersecurity #CVE #Vulnerability
https://malware.news/t/solarwinds-web-help-desk-flaw-added-to-cisa-vulnerabilities-catalog/87537
https://www.flagthis.com/?pid=5406
## Ivanti CSA Zero-Days Under Attack 🚨
Three critical vulnerabilities in Ivanti's Cloud Service Appliance are being actively exploited, allowing attackers to gain full control of systems. Urgent patching is crucial for all users. #cybersecurity #zeroDay #Ivanti #vulnerability
https://securityonline.info/ivanti-patches-csa-appliance-against-vulnerabilities-including-actively-exploited-flaws/
https://www.flagthis.com/?pid=5104
## AI Security Gets a Boost: MITRE and the Center for Threat-Informed Defense Partner to Share Vulnerability Information
This partnership aims to create a system that allows for the rapid communication of emerging vulnerabilities in AI systems, bolstering community knowledge and developing new security procedures. #AI #Cybersecurity #ThreatIntelligence #Collaboration
https://malware.news/t/threat-informed-defense-to-secure-ai/86916
https://www.flagthis.com/?pid=4391
## Kimsuky's New Tricks: Spear-phishing emails deliver malicious payloads designed to steal data. #cybersecurity #cyberespionage #malware #hacking
https://malware.news/t/novel-payloads-spread-in-kimsuky-attacks/86846
https://www.flagthis.com/?pid=4278
## **Zero-Click Wi-Fi Flaw Threatens Millions of Devices**
A critical vulnerability in MediaTek Wi-Fi chipsets allows attackers to take control of devices without any user interaction, putting routers and smartphones at risk. #cybersecurity #mediatek #zeroclick #vulnerability
https://blog.sonicwall.com/en-us/2024/09/critical-exploit-in-mediatek-wi-fi-chipsets-zero-click-vulnerability-cve-2024-20017-threatens-routers-and-smartphones/
https://www.flagthis.com/?pid=4091
## GeoServer Flaw Fuels Global Malware Spree
Attackers exploit a critical vulnerability in GeoServer to deploy malware, impacting organizations worldwide, including IT service providers, government entities, and technology companies. #GeoServer #Cybersecurity #Malware #CVE-2024-36401
Clearview AI just got hit with a €30.5 million fine from the Dutch data protection authority for illegally scraping billions of facial images. The company is also facing potential action against its board of directors and customers. This is a major win for privacy advocates and a clear warning to other companies trying to exploit personal data. #GDPR #Privacy #FacialRecognition
https://www.csoonline.com/article/3504697/dutch-regulator-fines-clearview-e30-million-or-more.html
🚨 **Beware of Fake 'noblox.js' Packages!** Cybercriminals are targeting Roblox developers with malicious npm packages designed to steal data and compromise systems. This highlights the critical need to verify package authenticity and stick with reputable sources for open-source tools. #RobloxSecurity #NpmSecurity #OpenSourceSecurity
https://thehackernews.com/2024/09/malicious-npm-packages-mimicking.html
State-backed hackers are using commercial spyware to spy on governments, highlighting the dangers of these tools falling into the wrong hands. #Cybersecurity #Espionage
South Korean hackers are exploiting a zero-day vulnerability in WPS Office to deploy a backdoor on East Asian targets. #CyberSecurity #WPSOffice
https://thehackernews.com/2024/08/apt-c-60-group-exploit-wps-office-flaw.html
Gafgyt botnet is exploiting weak SSH passwords to hijack devices for cryptocurrency mining, highlighting the urgent need for robust security measures. #Cybersecurity #CryptoMining
https://tuxcare.com/blog/gafgyt-botnet-weak-ssh-passwords-targeted-for-gpu-mining/
Cybersecurity agencies warn: Robust event logging is crucial to detect sophisticated LOTL attacks that bypass defenses. #Cybersecurity #ThreatDetection
Ecovacs home robots found vulnerable to spying, allowing attackers access to cameras, microphones, and movement control. #HomeSecurity #RobotVulnerability
https://securityaffairs.com/167508/hacking/researchers-hacked-ecovacs-devices.html
Oil and gas giant Halliburton confirms a cyberattack, leading to system shutdowns and potential impact on business operations. #Cybersecurity #CriticalInfrastructure
https://securityaffairs.com/167435/hacking/halliburton-cyberattack.html
Chinese APT Group Velvet Ant Deployed Custom Backdoor on Cisco Nexus Switches https://thehackernews.com/2024/08/chinese-hackers-exploit-zero-day-cisco.html
ShinyHunters Ransomware Group Shifts to Extortion Tactics https://unit42.paloaltonetworks.com/shinyhunters-ransomware-extortion/