This week was a total digital dumpster fire! Hackers were like, “Let’s cause some chaos!” and went after everything from our browsers to those fancy cameras that zoom and spin. (You know, the ones they use in spy movies? 🕵️♀️)
We’re talking password-stealing bots, sneaky extensions that spy on you, and even cloud-hacking ninjas! 🥷 It’s enough to make you want to chuck your phone in the ocean. (But don’t do that, you need it to read this newsletter!)
The good news? We’ve got the inside scoop on all the latest drama. Think of this newsletter as your cheat sheet for surviving the digital apocalypse. We’ll break down the biggest threats and give you the knowledge to outsmart those pesky hackers. Let’s go!
North Korean Hackers Deploy Play Ransomware: In what’s a sign of blurring boundaries between nation-state groups and cybercrime actors, it has emerged that the North Korean state-sponsored hacking crew called Andariel likely collaborated with the Play ransomware actors in a digital extortion attack that took place in September 2024. The initial compromise occurred in May 2024. The incident overlaps with an intrusion set that involved targeting three different organizations in the U.S. in August 2024 as part of a likely financially motivated attack.
Unlock top-tier cybersecurity training at SANS CDI 2024, December 13-18 in Washington, DC. With over 40 expert-led courses, you’ll gain practical skills and a $1,950 bonus, including extended lab access and a GIAC certification attempt when you train in-person! Offer ends November 11.
CVE-2024-50550, CVE-2024-7474, CVE-2024-7475, CVE-2024-5982, CVE-2024-10386, CVE-2023-6943, CVE-2023-2060, CVE-2024-45274, CVE-2024-45275, CVE-2024-51774
Learn LUCR-3’s Identity Exploitation Tactics and How to Stop Them — Join our exclusive webinar with Ian Ahl to uncover LUCR-3’s advanced identity-based attack tactics targeting cloud and SaaS environments.
Learn practical strategies to detect and prevent breaches, and protect your organization from these sophisticated threats. Don’t miss out—register now and strengthen your defenses.
Essential Mobile Security Practices You Need — To ensure robust mobile security, prioritize using open-source apps that have been vetted by cybersecurity experts to mitigate hidden threats. Utilize network monitoring tools such as NetGuard or AFWall+ to create custom firewall rules that restrict which apps can access the internet, ensuring only trusted ones are connected. Audit app permissions with advanced permission manager tools that reveal both background and foreground access levels. Set up a DNS resolver like NextDNS or Quad9 to block malicious sites and phishing attempts before they reach your device. For secure browsing, use privacy-centric browsers like Firefox Focus or Brave, which block trackers and ads by default. Monitor device activity logs with tools like Syslog Viewer to identify unauthorized processes or potential data exfiltration. Employ secure app sandboxes, such as Island or Shelter, to isolate apps that require risky permissions. Opt for apps that have undergone independent security audits and use VPNs configured with WireGuard for low-latency, encrypted network connections. Regularly update your firmware to patch vulnerabilities and consider using a mobile OS with security-hardening features, such as GrapheneOS or LineageOS, to limit your attack surface and guard against common exploits.
And that’s a wrap on this week’s cyber-adventures! Crazy, right? But here’s a mind-blowing fact: Did you know that every 39 seconds, there’s a new cyberattack somewhere in the world? Stay sharp out there! And if you want to become a true cyber-ninja, check out our website for the latest hacker news. See you next week! 👋