Several active #malware families targeting Windows IIS web servers with malicious modules.

Read: https://thehackernews.com/2021/08/several-malware-families-targeting-iis.html

Such backdoors were also deployed via the recent Microsoft Exchange vulnerability, with government entities among the main targets.

Cisco rolls out security patches to address critical vulnerabilities impacting Small Business VPN routers that could allow remote attackers to execute arbitrary code and launch DoS attacks.

Details: https://thehackernews.com/2021/08/cisco-issues-critical-security-patches.html

Beseechers uncovers 5 unpatched flaws in Mitsubishi Safety PLCs that could leave several industries vulnerable to remote attacks.

Read: https://thehackernews.com/2021/08/unpatched-security-flaws-expose.html

CISA warns -- "there are risks of communication data eavesdropping/ tampering, unauthorized operation and DoS attacks"

Several cybercriminal groups are leveraging Prometheus TDS malware-as-a-service (MaaS) solution to distribute a wide range of backdoors, including Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish.

Read: https://thehackernews.com/2021/08/a-wide-range-of-cyber-attacks.html

VMware has released security updates for several products to address a critical vulnerability that could be exploited to gain access to confidential information.

— Workspace One Access
— Identity Manager
— Cloud Foundation
— vRealize Automation

Details: https://thehackernews.com/2021/08/vmware-issues-patches-to-fix-critical.html

Koo, India's Twitter-like service, was found vulnerable to a critical wormable vulnerability that could be used to automatically launch widespread malicious attacks against hundreds of thousands of users without requiring any interaction.

Read: https://thehackernews.com/2021/08/indias-koo-twitter-like-service-found.html

Researchers reported a new flaw in Amazon Kindle that could have allowed remote attackers to take over your eBook reading device.

Read details: https://thehackernews.com/2021/08/new-amazon-kindle-bug-couldve-let.html

Apple introduces a new feature in iOS, iPadOS, watchOS and macOS that automatically scans data on all device for child abuse content.

Read: https://thehackernews.com/2021/08/apple-to-scan-every-device-for-child.html

However, cybersecurity and privacy experts are raising concerns that the project could enable mass surveillance.

A new security patch update for Pulse Secure VPNs has been released to address an incomplete patch previously issued for a critical RCE vulnerability (CVE-2020-8260) that was under active exploitation.

Read: https://thehackernews.com/2021/08/pulse-secure-vpns-get-new-urgent-update.html

⚡Watch Out!

A new Android malware campaign—distributing apps via Google Play Store and other marketplaces—hacking Facebook accounts of tens of hundreds of users.

Read details: https://thehackernews.com/2021/08/beware-new-android-malware-hacks.html

A serious vulnerability in the hardware random number generators (RNGs) affects almost all Internet of Things (IoT) devices worldwide, undermining security related to #cryptography, access control, and authentication.

Details: https://thehackernews.com/2021/08/a-critical-random-number-generator-flaw.html

Researchers warn of an ongoing hacking campaign targeting network routers, where attackers are exploiting a newly disclosed critical authentication bypass vulnerability in Arcadyan firmware.

Details: https://thehackernews.com/2021/08/hackers-exploiting-new-auth-bypass-bug.html

Researchers have traced a string of cyberattacks against Israeli government institutions and IT providers to a Chinese cyberespionage group.

Read: https://thehackernews.com/2021/08/experts-believe-chinese-hackers-are.html

Microsoft rolls out August 2021 Windows security updates to fix 44 newly discovered vulnerabilities, including one actively exploited zero-day.

Details: https://thehackernews.com/2021/08/microsoft-releases-windows-updates-to.html

Adobe releases update for Magento to fix several critical pre-authentication vulnerabilities affecting hundreds of thousands of e-commerce sites.

Read: https://thehackernews.com/2021/08/magento-update-released-fix-critical.html

In one of the largest heists of cryptocurrencies, hackers steal over 600 million worth of Binance Chain, Ethereum, and Polygon assets from Poly Network, a cross-chain decentralized financial platform (DeFi).

Details: https://thehackernews.com/2021/08/hacker-steal-over-600-million-worth-of.html

Researchers have uncovered a new class of vulnerabilities affecting major managed DNS providers that could allow attackers to spy on massive amount of DNS traffic and exfiltrate sensitive information from corporate networks.

Read: https://thehackernews.com/2021/08/bugs-in-managed-dns-services-cloud-let.html

Microsoft warns of yet another UNPATCHED Windows Print Spooler vulnerability (CVE-2021-36958) allowing RCE attacks.

Read: https://thehackernews.com/2021/08/microsoft-security-bulletin-warns-of.html

Users are advised to stop and disable the Print Spooler service to prevent malicious actors from exploiting the vulnerability.

Global IT consultancy giant Accenture has become the latest company to be hit by the LockBit ransomware gang.

https://thehackernews.com/2021/08/it-giant-accenture-hit-by-lockbit.html

Cybercriminals are now threatening to publish the stolen data online.

New research sheds light on a new Russian malware-as-a-service being sold and distributed on underground forums.

Details: https://thehackernews.com/2021/08/experts-shed-light-on-new-russian.html

The malware is written in the Rust programming language and aims to steal passwords, crypto wallets and FTP client data.

Watch Out! Ransomware attackers are now actively exploiting vulnerabilities in Windows Print Spooler to compromise victims and spread laterally through the victim's network to distribute file-encrypting payloads to target systems.

Read: https://thehackernews.com/2021/08/ransomware-gangs-exploiting-windows.html