Here are the top 10 privacy and security features Apple announced for iOS and macOS at WWDC2021

Read: https://thehackernews.com/2021/06/top-10-privacy-and-security-features.html

Researchers are warning of four vulnerabilities in #Microsoft's Office suite—one of which will be patched today—that hackers can exploit in Word and Excel documents to inject malicious code.

Details: https://thehackernews.com/2021/06/new-uaf-vulnerability-affecting.html

For nearly 3 years, the FBI and AFP secretly operated a fake encrypted chat service to intercept 27 million messages b/w criminals & arrest over 800 of them—and seized 55 luxury vehicles, 8 tons of cocaine, 250 firearms and over $48 million cash.

https://thehackernews.com/2021/06/feds-secretly-ran-fake-encrypted-chat.html

Microsoft has released new security updates for Windows operating systems and other supported software, addressing 50 vulnerabilities, including 6 ZERO-DAY flaws reported to be under active cyberattack.


https://thehackernews.com/2021/06/update-your-windows-computers-to-patch.html

Microsoft warns of a large-scale cryptocurrency mining malware campaign attacking Kubernetes clusters via Kubeflow machine learning instances.

Read: https://thehackernews.com/2021/06/crypto-mining-attacks-targeting.html

⚡ALPACA Attack — A new type of attack that exploits TLS misconfigurations to launch cross-protocol content confusion attacks against secure websites and services.

Details: https://thehackernews.com/2021/06/new-tls-attack-lets-attackers-launch.html

Dear readers, if you use #Google Chrome, you should get the latest version immediately.

Google has released patches for 14 newly discovered flaws, including a 0-day vulnerability that is being actively exploited in the wild.
Read: https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html

Beef supplier JBS USA has paid a $11 MILLION ransom to hackers in response to a cyberattack that disrupted its operations in North America and Australia.

Details: https://thehackernews.com/2021/06/beef-supplier-jbs-paid-hackers-11.html

Prometheus, an emerging ransomware strain in the threat landscape, claims to have breached 30 organizations in just four months.

Read: https://thehackernews.com/2021/06/emerging-ransomware-targets-dozens-of.html

Authorities in the United States have taken down Slilpp—a marketplace for 80 million stolen login credentials—and charged or arrested over a dozen people in connection with it.

Read: https://thehackernews.com/2021/06/us-authorities-shut-down-slilpplargest.html

A new cyberespionage hacking group has been detected targeting foreign ministries with Turian backdoor.

Details: https://thehackernews.com/2021/06/new-cyber-espionage-group-targeting.html

A newly discovered 7-year-old Polkit vulnerability (CVE-2021-3560) could allow unprivileged Linux users to gain root access on target systems.

Read: https://thehackernews.com/2021/06/7-year-old-polkit-flaw-lets.html

Samsung's pre-installed Android apps contain several critical vulnerabilities that could allow hackers to compromise targeted devices and gain access to users' personal data.

Details: https://thehackernews.com/2021/06/hackers-can-exploit-samsung-pre.html

Mozilla analyzed Google's new privacy preserving advertising technology—FLoC—and concluded that it does not protect user privacy with its current design.

Read: https://thehackernews.com/2021/06/mozilla-says-googles-new-ad.html

APT41 hackers from #China are believed to be responsible for the data breach at SITA, which affected 4.5 million customers of Air India and millions of customers of other airlines.

Details: https://thehackernews.com/2021/06/chinese-hackers-believed-to-be-behind.html

A supply-chain attack on the Android emulator NoxPlayer is suspected to be the work of cyberespionage hackers from the group Gelsemium.

Details: https://thehackernews.com/2021/06/noxplayer-supply-chain-attack-is-likely.html

Google introduces client-side encryption at Workspace, giving enterprise customers control over encryption keys.

Details: https://thehackernews.com/2021/06/google-workspace-now-offers-client-side.html
Initially, it will be available for Google Drive, Docs, Sheets and Slides, with support for a wide range of files.

ALERT — Apple has confirmed that 2 zero-day vulnerabilities in iOS 12.5.3 have been actively exploited in the wild, and has shipped urgent out-of-band security patches to fix them.

Details: https://thehackernews.com/2021/06/apple-issues-urgent-patches-for-2-zero.html

Instagram has paid $30,000 bounty to a hacker who reported a security flaw that allowed anyone to see private account posts, archived posts, Stories, Reels and IGTV—without following them.

Read: https://thehackernews.com/2021/06/instagram-bug-allowed-anyone-to-view.html

Researchers uncover "distinctive" tactics, techniques and procedures (TTPs) used by Hades ransomware operators that set them apart from the rest of the pack, attributing it to a financially motivated threat group called GOLD WINTER.

https://thehackernews.com/2021/06/experts-shed-light-on-distinctive.html

CISA has issued an advisory warning #IoT manufacturers of a critical vulnerability — CVE-2021-32934 / CVSS score: 9.1 —in ThroughTek's P2P SDK that could be exploited by attackers to eavesdrop on connected cameras.

Read: https://thehackernews.com/2021/06/critical-throughtek-flaw-opens-millions.html