Good morning, digital detectives! Are you ready to dive into today's cyber-saga? First up, Google's cookie monster has gone rogue, posing a serious threat to account security. Ivanti's playing patch-up with critical vulnerabilities, and for those looking to don the white hat, HackerNoon's got you covered with a storybook approach to ethical hacking. So, grab your digital magnifying glass, it's time to decode the day's tech mysteries!

Cookie Monster Goes Digital

In a chilling turn of events, cybercriminals have discovered a new way to snack on your digital cookies — and they're not after your search history. Security buffs at CloudSEK have spotted a sophisticated malware that hijacks Google accounts without a password. Here's the scoop:

• Sweet Tooth for Data: The malware exploits third-party cookies, bypassing even two-factor authentication to gain continuous access to Google services.

• Silent Attack: First spotted in a Telegram channel back in October 2023, this exploit is a stealthy one. Even resetting your password won't kick these hackers out.

• Google’s Countermove: In response, Google's fortifying its defenses and recommending users to enable Enhanced Safe Browsing in Chrome.

• The Bigger Picture: As per Pavan Karthick M from CloudSEK, this incident highlights the ever-evolving complexity of cyber threats, emphasizing the need for vigilant monitoring.

Pro Tip: Keep an eye on those cookie settings and maybe rethink that “Remember Me” option next time.

Patch It Up, Ivanti!

Ivanti is hitting the cybersecurity headlines again, but this time it's a proactive strike against hackers. The company has rolled out critical security updates for its Endpoint Manager (EPM), patching a flaw that could have turned into a hacker's playground.

• Critical Flaw: The vulnerability, dubbed CVE-2023-39336, scores a high-stakes 9.6/10 on the CVSS. It affects EPM 2021 and 2022 versions prior to SU5.

• The Danger: Unchecked, this flaw could allow SQL injection attacks, leading to remote code execution (RCE) on the servers.

• Past Breaches: Not Ivanti's first rodeo, as they recently fixed 21 vulnerabilities in their Avalanche MDM solution. Thirteen of those were rated critical, involving unauthenticated buffer overflows.

• State-Backed Threats: Ivanti's EPMM was previously exploited by state-backed actors, affecting Norwegian government networks. Plus, a zero-day vulnerability in Ivanti Sentry also came under attack.

Bottom Line: Ivanti’s patch parade shows the relentless cat-and-mouse game in cybersecurity. It's a reminder to stay updated or risk being outplayed.

Hacking 101: Storytime Edition

In the ever-twisting world of cybersecurity, ethical hacking has taken a narrative turn. In a GitHub Repo by HackerNoon https://github.com/hackernoon/learn?ref=hackernoon.com there are "61 Stories to Learn About Ethical Hacking" It is more than just a collection of tales — it's a roadmap to becoming a cyber Sherlock Holmes.

• A Story for Every Hack: From phone hacking to SQL injections, these stories cover it all. Think of it as a 'Choose Your Own Adventure' in the hacking world.

• Learning by Doing: Each story is a lesson, unveiling the ins and outs of ethical hacking practices. Ever wanted to crack a password using Hashcat? There's a story for that.

• Accessibility is Key: It's all free and ordered by reading time on the HackerNoon /Learn Repo.

• Diverse Topics: The collection ranges from bounty hunting to hacking WiFi, and even creating your own dark website.

Takeaway: Whether you're a budding hacker or just cyber-curious, these 61 stories are your gateway into the world of ethical hacking.