Etherpad—a popular self-hosted open-source alternative to Google Docs—has been found to have critical security vulnerabilities that could allow attackers to hijack admin accounts, execute system commands and even steal sensitive data.

Read: https://thehackernews.com/2021/07/critical-flaws-reported-in-etherpad.html

Microsoft says Chinese hackers exploited the recently disclosed zero-day vulnerability in #SolarWinds Serv-U FTP software to attack U.S. defence and software companies.

Details: https://thehackernews.com/2021/07/chinese-hackers-exploit-latest.html

July 2021 Patch Tuesday updates released by:

1 — Microsoft
2 — Adobe
3 — Google Android
4 — SAP
5 — VMware
6 — Citrix
7 — Linux
8 — Siemens
9 — Schneider Electric

Read: https://thehackernews.com/2021/07/update-your-windows-pcs-to-patch-117.html

Amid rising tensions between the US & Russia over cybercrime, REvil—infamous ransomware cartel behind some of the biggest attacks on JBS and Kaseya—has mysteriously disappeared from the dark web.

Read: https://thehackernews.com/2021/07/revil-ransomware-gang-mysteriously.html

Spanish authorities have arrested 16 individuals belonging to a cybercrime network that operates two BANKING TROJANS—Mekotio and Grandoreiro—targeting financial institutions in Europe.

Read: https://thehackernews.com/2021/07/16-cybercriminals-behind-mekotio-and.html

Google sheds new light on 4 zero-day vulnerabilities recently exploited in-the-wild.

Read: https://thehackernews.com/2021/07/google-details-ios-chrome-ie-zero-day.html

SonicWall has warned customers of "imminent" ransomware attacks targeting its Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched end-of-life 8.x firmware.

Details: https://thehackernews.com/2021/07/ransomware-attacks-targeting-unpatched.html

Chinese hackers linked to LuminousMoth APT have expanded their attacks to a number of Philippine targets and other Southeast Asian government agencies.

Read: https://thehackernews.com/2021/07/chinas-cyberspies-targeting-southeast.html

Microsoft warns of a new unpatched vulnerability (CVE-2021-34481) affecting the Windows Print Spooler service.

Read: https://thehackernews.com/2021/07/microsoft-warns-of-new-unpatched.html

An attacker who successfully exploited it could execute arbitrary code with SYSTEM privileges.

Google has pushed out a new security update for the Chrome browser for Windows, Mac and Linux that fixes several vulnerabilities, including a zero-day vulnerability (CVE-2021-30563) that Google says is being exploited in the wild.

Read: https://thehackernews.com/2021/07/update-your-chrome-browser-to-patch-new.html

Facebook announced that it had taken down about 200 accounts—operated by a group of hackers in Iran—that were involved in a cyberespionage campaign targeting US military personnel and defense contractors.

Read: https://thehackernews.com/2021/07/facebook-suspends-accounts-used-by.html

Israeli firm Candiru is embroiled in a scandal for selling 0-day exploits to governments & helping them spy on 100s of dissidents, journalists, activists & politicians globally.

Details: https://thehackernews.com/2021/07/israeli-firm-helped-governments-target.html

...including, 2 Windows flaws that #Microsoft patched this week.

A critical vulnerability reported in the CloudFlare CDNJS infrastructure may have facilitated widespread supply chain attacks.

https://thehackernews.com/2021/07/cloudflare-cdnjs-bug-could-have-led-to.html

🔥 If your Instagram account has been hacked, try "Security Checkup."

Instagram has introduced a new security feature to protect users' accounts and help them recover their compromised accounts.

Learn more about it: https://thehackernews.com/2021/07/instagram-launches-security-checkup-to.html

China has issued new regulations requiring cybersecurity researchers to mandatorily share details of critical zero-day security vulnerabilities first-hand with government authorities within two days of filing a report.

Read: https://thehackernews.com/2021/07/chinas-new-law-requires-researchers-to.html

A new leak reveals how governments abused #NSO Group's Pegasus spyware to silence journalists, attack activists, and suppress dissent in several countries, including in Bahrain, Hungary, India, Mexico, Saudi Arabia & U.A.E.

Read https://thehackernews.com/2021/07/new-leak-reveals-abuse-of-pegasus.html

Yet another unpatched #vulnerability has been uncovered in Windows Printer Spooler, making it the fourth printer-related vulnerability found in recent weeks.

Read: https://thehackernews.com/2021/07/researcher-uncover-yet-another.html

Remember that fun-looking Wi-Fi name bug on iOS?

🔥 Turns out the vulnerability can not only disable the iPhone's network functionality, but can also be exploited to remotely execute malicious code on targeted Apple devices.

Details: https://thehackernews.com/2021/07/turns-out-that-low-risk-ios-wi-fi.html

Researchers have gained insight into a group of Romanian cybercriminals which have been identified carrying out cryptojacking attacks on #Linux machines with weak passwords.

Read: https://thehackernews.com/2021/07/researchers-warn-of-linux-cryptojacking.html

The United States and its global allies have officially blamed hackers affiliated with the Chinese government for the massive cyberattack on Microsoft Exchange servers.

Read: https://thehackernews.com/2021/07/us-and-global-allies-accuse-china-of.html

Researchers warn of a new malware strain, dubbed "MosaicLoader," that hides among Windows Defender exclusions to evade detection by Microsoft's antivirus program.

Read details: https://thehackernews.com/2021/07/this-new-malware-hides-itself-among.html