Researchers discover a Linux and Windows re-implementation of Cobalt Strike Beacon that is targeting telecommunications, government and financial organizations around the world.

Read details: https://thehackernews.com/2021/09/linux-implementation-of-cobalt-strike.html

Update your Google Chrome browser right away to protect against two new zero-day vulnerabilities currently being exploited in the wild by malicious actors.

Read: https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html

Apple has issued urgent software patches for all of its devices to address a newly discovered and actively exploited zero-day vulnerability tied to the NSO Group's Pegasus Spyware.

https://thehackernews.com/2021/09/apple-issues-urgent-updates-to-fix-new.html

Users should update their iPhone, iPad, Mac, and Apple Watch ASAP!

Millions of gaming computers are affected by a new high-severity #vulnerability in the HP OMEN driver (CVE-2021-3437) that could allow attackers to overwrite system components, corrupt the OS, or perform other malicious activities.

Read: https://thehackernews.com/2021/09/hp-omen-gaming-hub-flaw-affects.html

Users looking for TeamViewer remote desktop software on search engines like Google are being routed to dangerous links that download ZLoader malware to their PCs, leaving the virus undetected by security solutions.

Read details: https://thehackernews.com/2021/09/new-stealthier-zloader-variant.html

Microsoft releases latest Windows security updates as part of its monthly Patch Tuesday release cycle to address 66 newly discovered flaws, including an actively exploited zero-day in MSHTML Platform that was discovered last week.

Read: https://thehackernews.com/2021/09/microsoft-releases-patch-for-actively.html

The United States fines 3 former intelligence and military officials $1.68 million for acting as cyber mercenaries on behalf of a cybersecurity company based in the United Arab Emirates.

Read details: https://thehackernews.com/2021/09/3-former-us-intelligence-officers-admit.html

Critical vulnerabilities discovered in an Azure app that Microsoft secretly installed on Linux virtual machines.

Attackers can exploit these bugs to escalate to root privileges and remotely execute malicious code.

"With a single packet, an attacker can become root on a remote machine by simply removing the authentication header."

Unfortunately, Microsoft can't fix it for you. Users affected by these vulnerabilities must manually update the OMI agent to the patched versions.

Details: https://thehackernews.com/2021/09/critical-flaws-discovered-in-azure-app.html

Microsoft has introduced a new passwordless mechanism, allowing users to sign-in to their Microsoft accounts without a password.

Read more about it here: https://thehackernews.com/2021/09/you-can-now-sign-in-to-you-microsoft.html

A recently disclosed zero-day vulnerability affecting Microsoft Windows MSHTML has been exploited in targeted cyber attacks to deploy Cobalt Strike beacon on targeted systems.

Read: https://thehackernews.com/2021/09/windows-mshtml-0-day-exploited-to.html

Netgear Smart Switches are affected by a third critical bug – details and a proof-of-concept have been released.

Read: https://thehackernews.com/2021/09/third-critical-bug-affects-netgear.html

A serious security vulnerability has been discovered in Travis CI that exposed API keys, access tokens, and credentials, potentially putting organizations using public source code repositories to the risk of further attacks.

Read details: https://thehackernews.com/2021/09/travis-ci-flaw-exposes-secrets-of.html

Researchers have uncovered a malware attack on the aviation industry that has gone unnoticed for nearly two years.

Read details: https://thehackernews.com/2021/09/malware-attack-on-aviation-sector.html

Researchers have discovered a new malware strain that targets the Linux Subsystem built inside the Windows operating system before infecting the Windows system to launch stealthy attacks.

Read details: https://thehackernews.com/2021/09/new-malware-targets-windows-subsystem.html

A new banking trojan targeting Latin American users has been spotted storing its encrypted remote configuration on legitimate platforms such as YouTube and Pastebin.

Read: https://thehackernews.com/2021/09/numando-new-banking-trojan-targeting.html

An organized crime cell linked to the Italian Mafia that was involved in online fraud, money laundering, drug trafficking, and property crime has been disrupted by law enforcement agencies.

Read: https://thehackernews.com/2021/09/europol-busts-major-cybercrime-ring.html

A new #malware — codenamed "Capoae" — scans the web for vulnerable Linux machine and WordPress sites in order to install a backdoored plugin that runs a Golang-based crypto-mining software.

Read details: https://thehackernews.com/2021/09/new-capoae-malware-infiltrates.html

Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug

Read: https://thehackernews.com/2021/09/cring-ransomware-gang-exploits-11-year.html

A new UNPATCHED high-severity vulnerability has been disclosed in macOS Finder on Apple machines running Big Sur and earlier versions, which could allow remote attackers to trick users into executing arbitrary commands.

Details: https://thehackernews.com/2021/09/unpatched-high-severity-vulnerability.html

VMWare warns of 19 new flaws affecting vCenter Server and Cloud Foundation appliances, the most serious of which is an arbitrary file upload vulnerability (CVE-2021-22005) that allows remote attackers to take control of affected systems.

https://thehackernews.com/2021/09/vmware-warns-of-critical-file-upload.html

A new high-severity remote code execution vulnerability has been discovered in several Netgear router models that could be exploited by MiTM attackers to take control of affected systems.

Read details: https://thehackernews.com/2021/09/high-severity-rce-flaw-disclosed-in.html