Act Now: Microsoft's New Security Patches Address 80 Flaws � Two Under Active Attack!

The Hacker News Daily Updates [Newsletter]( [cover]( [SBOM and Connected Device Security]( When it comes to device firmware and connected device security, where does a manufacturer or buyer start? Here’s the good news: you can find everything you need to know to mitigate your device risk within the firmware itself. [Download Now]( Sponsored LATEST NEWS Mar 15, 2023 [New Cryptojacking Operation Targeting Kubernetes Clusters for Dero Mining]( Cybersecurity researchers have discovered the first-ever illicit cryptocurrency mining campaign used to mint Dero since the start of February 2023. "The novel Dero cryptojacking operation concentrates on locating Kubernetes clusters with anonymous access enabled on a Kubernetes API and listening on non-standard ports accessible from the internet," CrowdStrike said in a new report shared with ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [The Different Methods and Stages of Penetration Testing]( The stakes could not be higher for cyber defenders. With the vast amounts of sensitive information, intellectual property, and financial data at risk, the consequences of a data breach can be devastating. According to a report released by Ponemon institute, the cost of data breaches has reached an all-time high, averaging $4.35 million in 2022. Vulnerabilities in web applications are often ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Defense in Depth: A Layered Approach to Mobile App Security]( Developers are being called on to reevaluate their mobile application security architecture, educate themselves on security best practices, and implement them throughout their dev lifecycle. Access the new report to discover the layered approach to mobile app ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Tick APT Targeted High-Value Customers of East Asian Data-Loss Prevention Company]( A cyberespionage actor known as Tick has been attributed with high confidence to a compromise of an East Asian data-loss prevention (DLP) company that caters to government and military entities. "The attackers compromised the DLP company's internal update servers to deliver malware inside the software developer's network, and trojanized installers of legitimate tools used by the company, ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Microsoft Rolls Out Patches for 80 New Security Flaws — Two Under Active Attack]( Microsoft's Patch Tuesday update for March 2023 is rolling out with remediations for a set of 80 security flaws, two of which have come under active exploitation in the wild. Eight of the 80 bugs are rated Critical, 71 are rated Important, and one is rated Moderate in severity. The updates are in addition to 29 flaws the tech giant fixed in its Chromium-based Edge browser in recent weeks. ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks]( A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet. "GoBruteforcer chose a Classless Inter-Domain Routing (CIDR) block for scanning the network during the attack, and it targeted all IP addresses within that CIDR range," Palo Alto Networks Unit 42 researchers said. "The threat ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [The Prolificacy of LockBit Ransomware]( Today, the LockBit ransomware is the most active and successful cybercrime organization in the world. Attributed to a Russian Threat Actor, LockBit has stepped out from the shadows of the Conti ransomware group, who were disbanded in early 2022. LockBit ransomware was first discovered in September 2019 and was previously known as ABCD ransomware because of the ".abcd virus" extension ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Microsoft Warns of Large-Scale Use of Phishing Kits to Send Millions of Emails Daily]( An open source adversary-in-the-middle (AiTM) phishing kit has found a number of takers in the cybercrime world for its ability to orchestrate attacks at scale. The Microsoft Threat Intelligence team is tracking the threat actor behind the development of the kit under its emerging moniker DEV-1101. An AiTM phishing attack typically involves a threat actor attempting to steal and intercept ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [cover]( [PERSISTENCE: The Key to Cybercriminal Stealth, Strategy and Success]( In today’s game of cybersecurity, both the rules and the players have drastically changed. Learn how hackers use persistence to hide - and how you can seek them out. [Download Now]( Sponsored This email was sent to {EMAIL}. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please [click here](. Contact The Hacker News: info@thehackernews.com [Unsubscribe]( The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India