BREAKING: LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults

The Hacker News Daily Updates Cybersecurity Webinar: How to Tackle the Top SaaS Security Challenges of 2023 Don't let your SaaS apps become the next target - Join our expert-led webinar to learn how to protect your ecosystem. Download Now Sponsored LATEST NEWS Feb 28, 2023 Application Security vs. API Security: What is the difference? As digital transformation takes hold and businesses become increasingly reliant on digital services, it has become more important than ever to secure applications and APIs (Application Programming Interfaces). With that said, application security and API security are two critical components of a comprehensive security strategy. By utilizing these practices, organizations can protect ... Read More APT-C-36 Strikes Again: Blind Eagle Hackers Target Key Industries in Colombia The threat actor known as Blind Eagle has been linked to a new campaign targeting various key industries in Colombia. The activity, which was detected by the BlackBerry Research and Intelligence Team on February 20, 2023, is also said to encompass Ecuador, Chile, and Spain, suggesting a slow expansion of the hacking group's victimology footprint. Targeted entities include health, financial, ... Read More XPOSURE: The Security & Exposure Management Virtual Forum Join fellow security professionals for a practical perspective on threat exposure management.>> Read More CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity flaw affecting the ZK Framework to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. Tracked as CVE-2022-36537 (CVSS score: 7.5), the issue impacts ZK Framework versions 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2, and 8.6.4.1, and allows threat actors to retrieve ... Read More LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems. The company said one of its DevOps engineers had their personal home computer breached and infected with a keylogger as part of a sustained cyber attack that ... Read More Researchers Share New Insights Into RIG Exploit Kit Malware's Operations The RIG exploit kit (EK) touched an all-time high successful exploitation rate of nearly 30% in 2022, new findings reveal. "RIG EK is a financially-motivated program that has been active since 2014," Swiss cybersecurity company PRODAFT said in an exhaustive report shared with The Hacker News. "Although it has yet to substantially change its exploits in its more recent activity, the type ... Read More Shocking Findings from the 2023 Third-Party App Access Report Spoiler Alert: Organizations with 10,000 SaaS users that use M365 and Google Workspace average over 4,371 additional connected apps. SaaS-to-SaaS (third-party) app installations are growing nonstop at organizations around the world. When an employee needs an additional app to increase their efficiency or productivity, they rarely think twice before installing. Most employees don't even ... Read More ChromeLoader Malware Targeting Gamers via Fake Nintendo and Steam Game Hacks A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk (VHD) files, marking a deviation from the ISO optical disc image format. "These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games," AhnLab Security Emergency response Center (ASEC) said in a report last week. ... Read More Cybersecurity Webinar: How to Tackle the Top SaaS Security Challenges of 2023 Don't let your SaaS apps become the next target - Join our expert-led webinar to learn how to protect your ecosystem. Download Now Sponsored This email was sent to myemailku.ghdbrevo2018@blogger.com. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please click here. Contact The Hacker News: info@thehackernews.com Unsubscribe The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India

BREAKING: LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults

The Hacker News eBook Update Cybersecurity Webinar: How to Tackle the Top SaaS Security Challenges of 2023 Download For Free Don't let your SaaS apps become the next target - Join our expert-led webinar to learn how to protect your ecosystem. Download your free resource now > This email was sent to myemailku.ghdbrevo2018@blogger.com. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please click here. Contact The Hacker News: info@thehackernews.com Unsubscribe The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India

ChromeLoader Malware Targeting Gamers via Fake Nintendo and Steam Game Hacks

The Hacker News Daily Updates Cybersecurity Webinar: How to Tackle the Top SaaS Security Challenges of 2023 Don't let your SaaS apps become the next target - Join our expert-led webinar to learn how to protect your ecosystem. Download Now Sponsored LATEST NEWS Feb 27, 2023 ChromeLoader Malware Targeting Gamers via Fake Nintendo and Steam Game Hacks A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk (VHD) files, marking a deviation from the ISO optical disc image format. "These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games," AhnLab Security Emergency response Center (ASEC) said in a report last week. ... Read More PureCrypter Malware Targets Government Entities in Asia-Pacific and North America Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware. "The PureCrypter campaign uses the domain of a compromised non-profit organization as a command-and-control (C2) to deliver a secondary payload," Menlo Security ... Read More Time for an upgrade. Go from spreadsheets to seamless, automated compliance 14+ customizable frameworks. Risk management tool. Audit ready at all times. Book a demo. >> Read More PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks The PlugX remote access trojan has been observed masquerading as an open source Windows debugger tool called x64dbg in an attempt to circumvent security protections and gain control of a target system. "This file is a legitimate open-source debugger tool for Windows that is generally used to examine kernel-mode and user-mode code, crash dumps, or CPU registers," Trend Micro researchers ... Read More Dutch Police Arrest 3 Hackers Involved in Massive Data Theft and Extortion Scheme The Dutch police announced the arrest of three individuals in connection with a "large-scale" criminal operation involving data theft, extortion, and money laundering. The suspects include two 21-year-old men from Zandvoort and Rotterdam and an 18-year-old man without a permanent residence. The arrests were made on January 23, 2023. It's estimated that the hackers stole personal data ... Read More Google Teams Up with Ecosystem Partners to Enhance Security of SoC Processors Google said it's working with ecosystem partners to harden the security of firmware that interacts with Android. While the Android operating system runs on what's called the application processor (AP), it's just one of the many processors of a system-on-chip (SoC) that cater to various tasks like cellular communications and multimedia processing. "Securing the Android Platform requires ... Read More How to Tackle the Top SaaS Challenges of 2023 Are you prepared to tackle the top SaaS challenges of 2023? With high-profile data breaches affecting major companies like Nissan and Slack, it's clear that SaaS apps are a prime target for cyberattacks. The vast amounts of valuable information stored in these apps make them a goldmine for hackers. But don't panic just yet. With the right knowledge and tools, you can protect your ... Read More How to Use AI in Cybersecurity and Avoid Being Trapped The use of AI in cybersecurity is growing rapidly and is having a significant impact on threat detection, incident response, fraud detection, and vulnerability management. According to a report by Juniper Research, the use of AI for fraud detection and prevention is expected to save businesses $11 billion annually by 2023. But how to integrate AI into business cybersecurity ... Read More Cybersecurity Webinar: How to Tackle the Top SaaS Security Challenges of 2023 Don't let your SaaS apps become the next target - Join our expert-led webinar to learn how to protect your ecosystem. Download Now Sponsored This email was sent to myemailku.ghdbrevo2018@blogger.com. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please click here. Contact The Hacker News: info@thehackernews.com Unsubscribe The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India