CODESYS has released security patches to address 11 newly identified vulnerabilities that could lead to information disclosure and a denial of service (DoS) condition, among others.

Read details: https://thehackernews.com/2022/06/critical-security-flaws-identified-in.html

Cybersecurity experts warn of "Black Basta" ransomware that attacked dozens of companies in the U.S., Canada, U.K., Australia, and New Zealand within 2 months of its emergence, making it a prominent threat in a short period of time.

Read: https://thehackernews.com/2022/06/cybersecurity-experts-warn-of-emerging.html

Researchers have discovered a new Android banking trojan — dubbed "Revive" — targeting customers of the Spanish financial services company BBVA.

Read details: https://thehackernews.com/2022/06/new-android-banking-trojan-revive.html

A remote memory-corruption vulnerability has been discovered in the latest version of OpenSSL library that can be exploited very easily by an attacker.

Read: https://thehackernews.com/2022/06/openssh-to-release-security-patch-for.html

"If RCE exploitation is possible, this makes it worse than Heartbleed..."

APT hackers are exploiting unpatched Microsoft Exchange servers as an initial access vector to deploy ShadowPad malware on building automation systems.

Read details: https://thehackernews.com/2022/06/apt-hackers-targeting-industrial.html

Researchers warn of a new malware, dubbed ZuoRAT, targeting small office/home office routers (SOHO) as part of a sophisticated campaign to spy on North American and European networks.

Read details: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html

U.S. cybersecurity agency CISA has added the "PwnKit" Linux vulnerability to its catalog of known exploited vulnerabilities, citing evidence of active exploitation.

Details: https://thehackernews.com/2022/06/cisa-warns-of-active-exploitation-of.html

Researchers reveal details about a new vulnerability in Microsoft's Azure Service Fabric that could be exploited to gain elevated privileges on Linux workloads and take control of all nodes in a cluster.

Details: https://thehackernews.com/2022/06/new-fabricscape-bug-in-microsoft-azure.html

A new vulnerability (CVE-2022-30333) has been discovered in RARlab's UnRAR utility that also affects several other applications using it, including Zimbra Mail.

https://thehackernews.com/2022/06/new-unrar-vulnerability-could-let.html

The flaw allows remote attackers to execute arbitrary code on vulnerable Zimbra instances.

Researchers are warning about a new malware, dubbed YTStealer, believed to be sold as a service on the dark web, that allows cybercriminals to hijack YouTube content creator accounts by stealing their authentication cookies.

Details: https://thehackernews.com/2022/06/new-ytstealer-malware-aims-to-hijack.html

North Korean-backed hacker collective Lazarus Group is suspected of being behind the recent $100 million altcoin theft from Harmony Horizon Bridge.

Read: https://thehackernews.com/2022/06/north-korean-hackers-suspected-to-be.html

A former Canadian government employee has pleaded guilty in the U.S. to hacking charges related to his involvement in the NetWalker ransomware syndicate.

Details: https://thehackernews.com/2022/06/ex-canadian-government-employee-pleads.html

FCC Commissioner Brendan Carr has asked Apple and Google to remove the popular video-sharing platform TikTok from their app stores, citing a threat to national security because it has "a pattern of surreptitious data practices"

Read: https://thehackernews.com/2022/06/us-fcc-commissioner-asks-apple-and.html

Microsoft warns of a Chinese hacking group that recently updated its malware tools to compromise Linux servers with the goal of installing cryptocurrency mining software as part of a long-running campaign.

Details: https://thehackernews.com/2022/06/microsoft-warns-of-cryptomining-malware.html

Amazon has quietly patched a serious security vulnerability affecting its Photos app for Android that could have been exploited to steal a users' access tokens.

Details: https://thehackernews.com/2022/07/amazon-quietly-patches-high-severity.html

A new backdoor, dubbed SessionManager, has been discovered in the wild targeting Microsoft IIS servers belonging to a large number of companies around the world.

Read: https://thehackernews.com/2022/07/new-sessionmanager-backdoor-targeting.html

Google has made a number of improvements to its password manager service to make it more secure and consistent across platforms.

Read: https://thehackernews.com/2022/07/google-improves-its-password-manager-to.html

Microsoft has detailed the evolving capabilities of toll fraud malware apps on Android, pointing out its "complex multi-step attack flow" and an improved mechanism to evade security analysis.

Read details: https://thehackernews.com/2022/07/microsoft-warns-about-evolving.html

In response to the FCC commissioner's request to remove TikTok from the Google Play and Apple app stores, the company sent a letter to U.S. lawmakers explaining how it plans to safeguard American user data from Chinese staff.

Read: https://thehackernews.com/2022/07/tiktok-assures-us-lawmakers-its-working.html

An employee of the HackerOne bug bounty platform was caught improperly accessing zero-day vulnerability reports submitted by researchers for personal gain.

Read: https://thehackernews.com/2022/07/hackerone-employee-caught-stealing.html

Ukrainian police have arrested 9 members of a cybercriminal gang that embezzled 100 million UAH via hundreds of phishing sites purporting to offer financial aid to Ukrainian citizens in order to capitalize on the ongoing conflict.

Read: https://thehackernews.com/2022/07/ukrainian-authorities-arrested-phishing.html