Researchers have revealed yet another Chinese cyberespionage campaign, this time targeting a Southeast Asian government via a new backdoor that enables hackers to remotely take screenshots, edit files, and run commands.

Read: https://thehackernews.com/2021/06/experts-uncover-yet-another-chinese.html

A new set of critical vulnerabilities has been disclosed in the Realtek RTL8170C Wi-Fi module that could be abused by an attacker to gain elevated privileges on a device and hijack wireless communications.

Read: https://thehackernews.com/2021/06/researchers-warn-of-critical-bugs.html

Necro Python malware has been enhanced with new exploits for more than 10 different web apps and the SMB protocol, as well as Tezos cryptocurrency mining capabilities.

Read: https://thehackernews.com/2021/06/necro-python-malware-upgrades-with-new.html

Google is going to update the Chrome browser with an improved version of the "Enhanced Safe-Browsing" feature to detect untrusted extensions and suspicious downloads.

Read: https://thehackernews.com/2021/06/google-chrome-to-help-users-identify.html

With the new privacy enhancements, Google will allow Android users to opt-out of Advertising ID-based personalized advertising so that ads can not track them across apps.

https://thehackernews.com/2021/06/google-to-let-android-users-opt-out-to.html

ALERT — Cybercriminals are actively scanning the Internet for VMware vCenter servers that have not yet been patched against a recently disclosed critical RCE vulnerability.

(CVE-2021-21985 / CVSS score 9.8)
https://thehackernews.com/2021/06/alert-critical-rce-bug-in-vmware.html

Taking you from the basics to high-level hacking, bug hunting & penetration testing techniques used by professionals, this training bundle offers 1,686 tutorials that are ideal for beginners.

Access 18 online training courses for just $43 https://thehackernews.com/2021/06/break-into-ethical-hacking-with-18.html

[New] 🔥 GitHub has updated its platform policy to remove exploit code when used as "malware CDN" in active cyberattacks.

Read details: https://thehackernews.com/2021/06/github-updates-policy-to-remove-exploit.html

US authorities have charged a Latvian woman for her alleged role as a programmer in a cybercrime ring that developed and deployed the TrickBot banking malware.

Details: https://thehackernews.com/2021/06/latvian-woman-charged-for-her-role-in.html

Security researchers have discovered the first known malware, dubbed Siloscope," targeting Windows Server containers to infect Kubernetes clusters in cloud environments.

Details: https://thehackernews.com/2021/06/researchers-discover-first-known.html

U.S. authorities have recovered 63.7 out of 75 Bitcoins — worth about $4.4 million — paid to the DarkSide ransomware extortionists by Colonial Pipeline.

Details: https://thehackernews.com/2021/06/us-recovers-23-million-ransom-paid-to.html

Here are the top 10 privacy and security features Apple announced for iOS and macOS at WWDC2021

Read: https://thehackernews.com/2021/06/top-10-privacy-and-security-features.html

Researchers are warning of four vulnerabilities in #Microsoft's Office suite—one of which will be patched today—that hackers can exploit in Word and Excel documents to inject malicious code.

Details: https://thehackernews.com/2021/06/new-uaf-vulnerability-affecting.html

For nearly 3 years, the FBI and AFP secretly operated a fake encrypted chat service to intercept 27 million messages b/w criminals & arrest over 800 of them—and seized 55 luxury vehicles, 8 tons of cocaine, 250 firearms and over $48 million cash.

https://thehackernews.com/2021/06/feds-secretly-ran-fake-encrypted-chat.html

Microsoft has released new security updates for Windows operating systems and other supported software, addressing 50 vulnerabilities, including 6 ZERO-DAY flaws reported to be under active cyberattack.


https://thehackernews.com/2021/06/update-your-windows-computers-to-patch.html

Microsoft warns of a large-scale cryptocurrency mining malware campaign attacking Kubernetes clusters via Kubeflow machine learning instances.

Read: https://thehackernews.com/2021/06/crypto-mining-attacks-targeting.html

⚡ALPACA Attack — A new type of attack that exploits TLS misconfigurations to launch cross-protocol content confusion attacks against secure websites and services.

Details: https://thehackernews.com/2021/06/new-tls-attack-lets-attackers-launch.html

Dear readers, if you use #Google Chrome, you should get the latest version immediately.

Google has released patches for 14 newly discovered flaws, including a 0-day vulnerability that is being actively exploited in the wild.
Read: https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html

Beef supplier JBS USA has paid a $11 MILLION ransom to hackers in response to a cyberattack that disrupted its operations in North America and Australia.

Details: https://thehackernews.com/2021/06/beef-supplier-jbs-paid-hackers-11.html

Prometheus, an emerging ransomware strain in the threat landscape, claims to have breached 30 organizations in just four months.

Read: https://thehackernews.com/2021/06/emerging-ransomware-targets-dozens-of.html

Authorities in the United States have taken down Slilpp—a marketplace for 80 million stolen login credentials—and charged or arrested over a dozen people in connection with it.

Read: https://thehackernews.com/2021/06/us-authorities-shut-down-slilpplargest.html