Researchers warn of 4 emerging ransomware cybercrime groups that could pose a threat to a number of businesses.

Read: https://thehackernews.com/2021/08/researchers-warn-of-4-new-ransomware.html

Default permissions settings in Microsoft Power Apps left 38 million records exposed from dozens of organizations.

Read details: https://thehackernews.com/2021/08/38-million-records-exposed-from.html

A modified version of the WhatsApp messaging app for Android has been trojanized to serve malicious payloads, display full-screen ads, and sign up device owners for unwanted premium subscriptions without their knowledge.

Read: https://thehackernews.com/2021/08/modified-version-of-whatsapp-for.html

A computer retailer in the United States was recently attacked with a new backdoor malware — called "SideWalk" — as part of an Advanced Persistent Threat campaign by a Chinese hacking group.

Read details: https://thehackernews.com/2021/08/new-sidewalk-backdoor-targets-us-based.html

Critical security vulnerabilities affecting B. Braun's Infusomat Space large volume pump and SpaceStation could allow remote attackers to tamper with medication doses without prior authentication.

Details: https://thehackernews.com/2021/08/bbraun-infusomat-pumps-could-let.html

Financially motivated FIN8 hackers have been observed installing a new backdoor on infected systems, dubbed Sardonic.

Read details: https://thehackernews.com/2021/08/researchers-uncover-fin8s-new-backdoor.html

A critical vulnerability has been discovered in Cisco Application Policy Infrastructure Controller (APIC) for network switches that could potentially be exploited to read or write arbitrary files on a vulnerable system.

Details: https://thehackernews.com/2021/08/critical-flaw-discovered-in-cisco-apic.html

F5 releases patches for several new vulnerabilities affecting BIG -IP, BIG -IQ devices that could allow attackers to perform a variety of malicious actions, including accessing arbitrary files, escalating privileges & executing JavaScript code.

https://thehackernews.com/2021/08/f5-releases-critical-security-patches.html

A critical vulnerability in Microsoft's Azure Cosmos DB affecting thousands of its cloud computing customers allowed attackers to read, modify or even delete databases admin privileges.

https://thehackernews.com/2021/08/critical-cosmos-database-flaw-affected.html

Microsoft notified over 30% of customers about potential breach.

US-based technology company Kaseya has released security patches to address two zero-day vulnerabilities affecting its Unitrends enterprise backup and continuity solution that could lead to privilege escalation and RCE attacks.

Read: https://thehackernews.com/2021/08/kaseya-issues-patches-for-two-new-0-day.html

Google and Microsoft said they are pledging to invest a total of $30 billion in cybersecurity advancements over the next 5 years.

https://thehackernews.com/2021/08/microsoft-google-to-invest-30-billion.html

Microsoft is warning users about a widespread credential phishing campaign that uses open redirect links in emails as a vector to trick them into visiting malicious websites by effectively bypassing security software.

Details: https://thehackernews.com/2021/08/microsoft-warns-of-widespread-phishing.html

New LockFile ransomware family that emerged last month uses a novel technique known as "intermittent encryption" to bypass behavioral and statistical-based ransomware protection.

Details: https://thehackernews.com/2021/08/lockfile-ransomware-bypasses-protection.html

Unauthenticated attackers could exploit a new vulnerability — dubbed ProxyToken, CVE-2021-33766 — in Microsoft Exchange servers to change mailbox settings and spy on email.

Read details: https://thehackernews.com/2021/08/new-microsoft-exchange-proxytoken-flaw.html

Securing accounts and personal information through single-factor authentication is now on the United States Cybersecurity and Infrastructure Security Agency' (CISA) list of bad practices.

Read: https://thehackernews.com/2021/08/cisa-adds-single-factor-authentication.html

Newly discovered vulnerabilities in Fortress S03 Wi-Fi home security alarm system could allow malicious parties to remotely gain unauthorized access and alter system behavior, including disarming devices without the victim's knowledge.

Details: https://thehackernews.com/2021/08/attackers-can-remotely-disable-fortress.html

Researchers have developed a machine learning technique that relies on authentic interactions between Bluetooth devices to build a reliable technique for securing device-to-device authentication.

Read: https://thehackernews.com/2021/08/researchers-propose-machine-learning.html

QNAP is currently investigating two newly discovered security vulnerabilities in OpenSSL to determine their impact on its network-attached storage (NAS) appliances and says it will release security updates as needed.

Details: https://thehackernews.com/2021/09/qnap-working-on-patches-for-openssl.html

Linphone's Session Initiation Protocol (SIP) stack has a vulnerability that can be remotely exploited without the victim's knowledge to crash the SIP client's device.

Read: https://thehackernews.com/2021/09/linphone-sip-stack-bug-could-let.html

As the popularity of internet-sharing or "proxyware" platforms such as Honeygain and Nanowire grows, cybercriminals are using these platforms as a channel to monetize their malware activities.

Read details: https://thehackernews.com/2021/09/cybercriminals-abusing-internet-sharing.html

FTC has banned stalkerware app SpyFone from the surveillance business over concerns that it stole and shared sensitive data on people's physical movements and online activities that stalkers used to monitor potential targets.

Read: https://thehackernews.com/2021/09/ftc-bans-stalkerware-app-spyfone-orders.html