An ongoing wave of malware attacks targeting hospitality, hotel, and travel organizations has been tied to a financially motivated cybercrime group.

Read details: https://thehackernews.com/2022/08/cybercrime-group-ta558-targeting.html

CISA has updated its Known Exploited Vulnerabilities Catalog with 7 new vulnerabilities based on evidence of active exploitation.

Read details: https://thehackernews.com/2022/08/cisa-adds-7-new-actively-exploited.html

CVE-2017-15944, CVE-2022-21971, CVE-2022-26923, CVE-2022-2856, CVE-2022-32893, CVE-2022-32894, CVE-2022-22536

A new Grandoreiro banking trojan campaign has been spotted targeting manufacturers in Spanish-speaking countries such as Spain and Mexico.

Read details: https://thehackernews.com/2022/08/new-grandoreiro-banking-malware.html

Researchers have uncovered multiple vulnerabilities in ultra-wideband (UWB) real-time location systems (RTLS) that allow threat actors to launch adversary-in-the-middle (AitM) attacks and manipulate location data.

Read details: https://thehackernews.com/2022/08/rtls-systems-found-vulnerable-to-mitm.html

Researchers have discovered counterfeit Android phones of popular smartphone brands are pre-infected with multiple trojans designed to target WhatsApp and WhatsApp Business.

Read details: https://thehackernews.com/2022/08/researchers-find-counterfeit-phones.html

U.S. cybersecurity agency CISA warns of active exploitation of a high-severity reflected/amplified DoS attack vulnerability (CVE-2022-0028) in Palo Alto Networks' PAN-OS.

Read details: https://thehackernews.com/2022/08/cisa-warns-of-active-exploitation-of.html

Researchers have developed a new Air-Gap attack in which attackers can exfiltrate sensitive information from air-gapped computers to smartphones located a few meters away via Speakers-to-Gyroscope covert channel.

Details: https://thehackernews.com/2022/08/new-air-gap-attack-uses-mems-gyroscope.html

Iranian hackers (UNC3890) have been linked to a series of attacks aimed at Israeli shipping, government, energy, and healthcare organizations as part of an espionage-focused campaign.

Read details: https://thehackernews.com/2022/08/suspected-iranian-hackers-targeted.html

Hackers have updated the nasty XCSSET malware to add support for macOS Monterey by updating the source code components to Python 3.

Read details: https://thehackernews.com/2022/08/xcsset-malware-updates-with-python-3-to.html

Google reveals a new malicious tool used by Iranian government-backed hackers to retrieve user data from compromised Gmail, Yahoo! and Microsoft Outlook accounts.

Read details: https://thehackernews.com/2022/08/google-uncovers-tool-used-by-iranian.html

DevOps platform GitLab releases patches to fix a critical vulnerability in its software that could lead to the execution of arbitrary code on affected systems.

Read details: https://thehackernews.com/2022/08/gitlab-issues-patch-for-critical-flaw.html

Researchers discovered another large-scale adversary-in-the-middle (AiTM) campaign targeting Google Workspace enterprise users with advanced phishing kits that bypass multi-factor authentication.

Read details: https://thehackernews.com/2022/08/researchers-warn-of-aitm-attack.html

Researchers uncover a widespread campaign in which hackers use compromised WordPress sites to display fraudulent Cloudflare DDoS protection pages and spread malware such as NetSupport RAT and Raccoon Stealer.

Details: https://thehackernews.com/2022/08/hackers-using-fake-ddos-protection.html

Researchers have demonstrated a new AIR-GAP data exfiltration technique in which malware uses network interface card (NIC) LEDs to transmit covert Morse code signals that can be decoded from tens to hundreds of meters away.

Read details: https://thehackernews.com/2022/08/air-gapped-devices-can-send-covert.html

A growing number of cybercriminals have begun using the peer-to-peer instant messaging service Tox as a command-and-control method for cryptocurrency mining #malware.

Read: https://thehackernews.com/2022/08/crypto-miners-using-tox-p2p-messenger.html

PyPI repository has sounded the alarm about an ongoing phishing campaign aimed at stealing developers' credentials and injecting malicious updates into legitimate Python packages.

Read details: https://thehackernews.com/2022/08/pypi-repository-warns-python-project.html

Microsoft uncovered “MagicWeb,” a new "highly-targeted" post-exploitation malware used by the Nobelium APT hackers to maintain persistent access to compromised environments.

Read details: https://thehackernews.com/2022/08/microsoft-uncovers-new-post-compromise.html

Researchers uncover malware and infrastructure of North Korean Kimusky hackers targeting South Korean politicians and diplomats.

Read details: https://thehackernews.com/2022/08/researchers-uncover-kimusky-infra.html

Okta Hackers behind the cyberattacks on Twilio and Cloudflare earlier this month have been linked to a broader campaign that compromised 9,931 accounts at 136 organizations.

Read details: https://thehackernews.com/2022/08/okta-hackers-behind-twilio-and.html

Nation-state threat actors are increasingly adopting and integrating the "Sliver" command-and-control (C2) framework into their intrusion campaigns as a replacement for Cobalt Strike.

Read details: https://thehackernews.com/2022/08/cybercrime-groups-increasingly-adopting.html

Iranian state-sponsored hacker 'MERCURY' are leaving no stone unturned to exploit unpatched systems with Log4j to target Israeli entities, suggesting that the vulnerability's long tail for remediation.

Read details: https://thehackernews.com/2022/08/iranian-hackers-exploiting-unpatched.html