Beef supplier JBS USA has paid a $11 MILLION ransom to hackers in response to a cyberattack that disrupted its operations in North America and Australia.

Details: https://thehackernews.com/2021/06/beef-supplier-jbs-paid-hackers-11.html

Prometheus, an emerging ransomware strain in the threat landscape, claims to have breached 30 organizations in just four months.

Read: https://thehackernews.com/2021/06/emerging-ransomware-targets-dozens-of.html

Authorities in the United States have taken down Slilpp—a marketplace for 80 million stolen login credentials—and charged or arrested over a dozen people in connection with it.

Read: https://thehackernews.com/2021/06/us-authorities-shut-down-slilpplargest.html

A new cyberespionage hacking group has been detected targeting foreign ministries with Turian backdoor.

Details: https://thehackernews.com/2021/06/new-cyber-espionage-group-targeting.html

A newly discovered 7-year-old Polkit vulnerability (CVE-2021-3560) could allow unprivileged Linux users to gain root access on target systems.

Read: https://thehackernews.com/2021/06/7-year-old-polkit-flaw-lets.html

Samsung's pre-installed Android apps contain several critical vulnerabilities that could allow hackers to compromise targeted devices and gain access to users' personal data.

Details: https://thehackernews.com/2021/06/hackers-can-exploit-samsung-pre.html

Mozilla analyzed Google's new privacy preserving advertising technology—FLoC—and concluded that it does not protect user privacy with its current design.

Read: https://thehackernews.com/2021/06/mozilla-says-googles-new-ad.html

APT41 hackers from #China are believed to be responsible for the data breach at SITA, which affected 4.5 million customers of Air India and millions of customers of other airlines.

Details: https://thehackernews.com/2021/06/chinese-hackers-believed-to-be-behind.html

A supply-chain attack on the Android emulator NoxPlayer is suspected to be the work of cyberespionage hackers from the group Gelsemium.

Details: https://thehackernews.com/2021/06/noxplayer-supply-chain-attack-is-likely.html

Google introduces client-side encryption at Workspace, giving enterprise customers control over encryption keys.

Details: https://thehackernews.com/2021/06/google-workspace-now-offers-client-side.html
Initially, it will be available for Google Drive, Docs, Sheets and Slides, with support for a wide range of files.

ALERT — Apple has confirmed that 2 zero-day vulnerabilities in iOS 12.5.3 have been actively exploited in the wild, and has shipped urgent out-of-band security patches to fix them.

Details: https://thehackernews.com/2021/06/apple-issues-urgent-patches-for-2-zero.html

Instagram has paid $30,000 bounty to a hacker who reported a security flaw that allowed anyone to see private account posts, archived posts, Stories, Reels and IGTV—without following them.

Read: https://thehackernews.com/2021/06/instagram-bug-allowed-anyone-to-view.html

Researchers uncover "distinctive" tactics, techniques and procedures (TTPs) used by Hades ransomware operators that set them apart from the rest of the pack, attributing it to a financially motivated threat group called GOLD WINTER.

https://thehackernews.com/2021/06/experts-shed-light-on-distinctive.html

CISA has issued an advisory warning #IoT manufacturers of a critical vulnerability — CVE-2021-32934 / CVSS score: 9.1 —in ThroughTek's P2P SDK that could be exploited by attackers to eavesdrop on connected cameras.

Read: https://thehackernews.com/2021/06/critical-throughtek-flaw-opens-millions.html

New research finds that ransomware attackers are increasingly shifting from using emails as an intrusion route to purchasing access from other cybercriminal enterprises that have already infiltrated major targets.

Read: https://thehackernews.com/2021/06/ransomware-attackers-partnering-with.html

Researchers at Kaspersky have found that the malware attack against South Korean entities was the work of the nation-state hacking group called Andariel.

Details: https://thehackernews.com/2021/06/malware-attack-on-south-korean-entities.html

Ukraine has arrested the cybercriminal gang behind Clop ransomware attacks, responsible for $500 million in damages.

Details: https://thehackernews.com/2021/06/ukraine-police-arrest-cyber-criminals.html

Researchers have disclosed a new executable image tampering attack — dubbed "Process Ghosting" — that could be exploited by attackers to circumvent security measures and execute malware code on a Windows system.

Details: https://thehackernews.com/2021/06/researchers-uncover-process-ghosting.html

Telegram and Psiphon VPN users in #Iran are being targeted by new spyware from Ferocious Kitten—a covert surveillance APT group that's been in play for six years.

Details: https://thehackernews.com/2021/06/a-new-spyware-is-targeting-telegram-and.html

APT hacker group "TA402/Molerats" has resurfaced after a two-month hiatus to target government institutions in the Middle East and global government agencies linked to geopolitics in the region.

Details: https://thehackernews.com/2021/06/molerats-hackers-return-with-new.html

URGENT — A new #browser 0-day #vulnerability has been found being exploited in the wild.

Details: https://thehackernews.com/2021/06/update-your-chrome-browser-to-patch-yet.html

Users of Windows, Mac, and Linux should update their software right away.