Google releases updated version of Scorecards—an automated tool that scans open source software for security risks—with improved security checks and features.

Read details: https://thehackernews.com/2021/07/new-google-scorecards-tool-scans-open.html

During a supply-chain attack, hackers compromised the website of Mongolian Certificate Authority and replaced legitimate MonPass CA client software with a backdoored version to distribute malware.

Details: https://thehackernews.com/2021/07/mongolian-certificate-authority-hacked.html

A new Mirai-inspired botnet malware has been discovered in the wild that could hijack your KGUARD DVRs for use in cyberattacks.

Read: https://thehackernews.com/2021/07/new-mirai-inspired-botnet-could-be.html

⚡ Widespread supply-chain #ransomware attack hit hundreds of businesses overnight after REvil cybercriminals compromised Kaseya's IT management software and sent malicious updates to nearly 40 managed service providers (MSPs) worldwide.

Read: https://thehackernews.com/2021/07/kaseya-revil-ransomware-attack.html

🔥 Attention!!! 9 Android apps with a total of 5.8 million installs from the #Google Play store were caught stealing users' Facebook account passwords.

Here are details and a list of malicious apps: https://thehackernews.com/2021/07/android-apps-with-58-million-installs.html

<🔥> Learn to Code — Get 2021 Master Bundle of 13 Online Courses @ 99% OFF <🔥/>

Kickstart your lucrative programming career with 119 ours of video tutorials: https://thehackernews.com/2021/07/learn-to-code-get-2021-master-bundle-of.html

REvil gang exploited a zero-day vulnerability affecting VSA software in the recent massive supply-chain ransomware attack that triggered a chain of infection that compromised thousands of businesses.

Read: https://thehackernews.com/2021/07/revil-used-0-day-in-kaseya-ransomware.html

The hackers are now asking for $70 million to unlock all affected systems with a universal decryption programme.

Microsoft is urging Azure users to update the PowerShell command line tool as soon as possible to protect against a critical RCE vulnerability (CVE-2021-26701) that impacts . NET Core.

Read: https://thehackernews.com/2021/07/microsoft-urges-azure-users-to-update.html

Cybercriminals behind the notorious TrickBot malware have been linked to a new ransomware strain named "Diavol."

Read: https://thehackernews.com/2021/07/trickbot-botnet-found-deploying-new.html

[NEW] Kaseya rules out a supply-chain attack, claiming attackers exploited an undisclosed 0-day vulnerability in on-premises VSA software to infect its customers with ransomware.

Read details: https://thehackernews.com/2021/07/kaseya-rules-out-supply-chain-attack.html

⚡ Interpol arrested a hacker — using the alias Dr HeX — in Morocco, involved in nefarious cyber activities, including phishing, defacement, malware, fraud & carding, and also responsible for attacks on telecoms, banks & multinationals.

Read: https://thehackernews.com/2021/07/interpol-arrests-hacker-in-morocco-who.html

Microsoft has shipped an emergency security update to address a critical zero-day vulnerability — PrintNightmare — affecting Windows Print Spooler that could allow remote hackers to execute arbitrary code & take over vulnerable systems.

Read: https://thehackernews.com/2021/07/microsoft-issues-emergency-patch-for.html

Researchers have uncovered dozens of critically vulnerable software components hosted on NuGet that are being actively exploited by attackers to attack widely-used software built on the .NET platform.

Read details: https://thehackernews.com/2021/07/dozens-of-vulnerable-nuget-packages.html

WildPressure APT campaign targeting industrial entities in the Middle East since 2019 has resurfaced with an upgraded malware toolset to attack both Windows and #macOS computers.

Read: https://thehackernews.com/2021/07/wildpressure-apt-emerges-with-new.html

WARNING — Microsoft's emergency patch update for the PrintNightmare RCE exploit fails to fully address the Windows vulnerability & can be bypassed in certain scenarios, allowing attackers to execute arbitrary code on infected systems.

Details: https://thehackernews.com/2021/07/microsofts-emergency-patch-fails-to.html

SideCopy cyber-espionage APT group—potentially linked to Pakistan—has been observed increasingly targeting Indian government personnel with as many as 4 new custom remote-access #malware.

Details: https://thehackernews.com/2021/07/sidecopy-hackers-target-indian.html

Cybersecurity researchers uncovered a new ongoing cyberespionage campaign targeting corporate networks with malware in Spanish-speaking countries, specifically Venezuela, to spy on their victims.

Read: https://thehackernews.com/2021/07/experts-uncover-malware-attacks.html

How to Mitigate Microsoft Print Spooler Vulnerability – PrintNightmare (CVE-2021-34527)
https://thehackernews.com/2021/07/how-to-mitigate-microsoft-print-spooler.html

New security flaws have been discovered in the Sage X3 enterprise resource planning (ERP) product, two of which could be chained together to allow adversaries to execute malicious commands and take control of vulnerable systems.

Read: https://thehackernews.com/2021/07/critical-flaws-reported-in-sage-x3.html

Cybercriminals are using a new trick which involves sending non-malicious office documents that disable macro security warnings before downloading malware and infecting victims' machines.

Read: https://thehackernews.com/2021/07/hackers-use-new-trick-to-disable-macro.html

Multiple vulnerabilities have been disclosed in Philips Clinical Collaboration Platform Portal ( aka Vue PACS medical imaging systems), some of which could be exploited by an attacker to take control of an affected system.

https://thehackernews.com/2021/07/critical-flaws-reported-in-philips-vue.html