The light is WATCHING you !!! (👁️💡👁️)

Experts demonstrate a new attack that could let nearby remote spies listen to full conversations happening in a room just by observing a LIGHT BULB hanging in there, visible from a window.

Read Details — https://thehackernews.com/2020/06/lamphone-light-bulb-spy.html

New high-impact vulnerabilities in GTP Mobile Internet Protocol — used in 2G / 3G / 4G / 5G networks — could let remote attackers:

✅ intercept user data
✅ carry out impersonation
✅ perform fraud
✅ launch DoS attacks

Read details — https://thehackernews.com/2020/06/mobile-internet-hacking.html

If your business operations rely on Oracle's E-Business Suite, make sure you're running the latest available version of it.

Researchers warn of "BigDebIT" vulnerabilities (9.9 CVSS score) that they suspect many organizations haven't yet patched.

https://thehackernews.com/2020/06/oracle-e-business-suite.html

⚡ Ripple 20 — New vulnerabilities affect billions of Internet-connected devices, many of which used across critical infrastructures.

Details: https://thehackernews.com/2020/06/new-critical-flaws-put-billions-of.html

The flaws could let remote attackers hijack affected devices &, subsequently, target other connected devices.

Hackers found targeting key employees at Aerospace and Military organizations by posing as HRs offering jobs via LinkedIn.

Read more about "Operation In(ter)ception" — https://thehackernews.com/2020/06/military-aerospace-hacking.html

Though the primary purpose of the attack was cyber espionage, in some cases, they even tried siphoning money through BEC scams.

Just-in: PATCH NOW !!!

Drupal releases updated versions (7.72, 8.8.8, 8.9.1 and 9.0.1) of its CMS software to patch 3 critical vulnerabilities:

✅ RCE (CVE-2020-13664),
✅ CSRF (CVE-2020-13663),
✅ Access bypass (CVE-2020-13665)

Details: https://www.drupal.org/security

Using VLC?

Researcher Tommy Muir found multiple critical vulnerabilities in the highly popular media player that could let attackers compromise systems by convincing users into playing malicious files or streams.

https://www.videolan.org/security/sb-vlc3011.html

Update it immediately to version 3.0.11.

Cybersecurity researchers today uncovered modus operandi of an elusive "InvisiMole hacking group" that recently been found targeting high-profile military and diplomatic entities for espionage.

https://thehackernews.com/2020/06/invisimole-hackers.html

Over 100 browser extensions distributed through Google Chrome Web Store have been caught stealing sensitive user data as part of a massive global surveillance campaign.

Read details: https://thehackernews.com/2020/06/chrome-browser-extensions-spying.html

BlueLeaks 💧

A group of hacktivists leaked massive 269 GB of data allegedly stolen from more than 200 #police departments, fusion centers, and other law enforcement agencies across the United States.

Details : https://thehackernews.com/2020/06/law-enforcement-data-breach.html

Watch Out 🔥

Hackers are abusing Google Analytics service to bypass CSP web-security feature and steal Credit Card or other information entered by users on the hacked sites.

Learn how it works — https://thehackernews.com/2020/06/google-analytics-hacking.html

👇 New Privacy Features Apple Added to the Upcoming iOS 14 and macOS Big Sur Releases:

✅ Approximate location
✅ Password Monitoring
✅ Privacy Report
✅ Camera/Mic Recording Indicator
✅ Control On Cross-App Tracking
✅ and more...

Details — https://thehackernews.com/2020/06/ios14-macos-big-sur-privacy.html

Critical Vulnerabilities Found in GeoVision's Fingerprint and Card Scanners:

✅ Remote Code Execution (Unpatched)
✅ Hardcoded Shared Cryptographic Private Keys
✅ Root Backdoor Account
✅ Unauthorized Code Execution

Read details — https://thehackernews.com/2020/06/geovision-scanner-vulnerabilities.html

Over 2,500 affected devices accessible over the Internet as well.

(New) Attackers distributed several Docker images containing cryptocurrency-mining malware via Docker Hub to earn thousands of dollars.

Find details here: https://thehackernews.com/2020/06/cryptocurrency-docker-image.html

U.S government has filed a superseding indictment against WikiLeaks founder Julian Assange, accusing him of collaborating with LulzSec and Anonymous hacking groups.

Read: https://thehackernews.com/2020/06/wikileaks-lulzsec-anonymous-hackers.html

22-Year-Old Washington-based hacker has been sentenced to 13 months in prison for his role in creating 'Satori' IoT botnet malware — one of the successors of Mirai botnet — and compromising thousands of systems to launch DDoS attacks against various online services.

Read more: https://thehackernews.com/2020/06/ddos-botnet-hacker-jailed.html

e-Commerce site hackers are now hiding malicious web-skimming code inside image metadata to covertly steal credit card information entered by visitors.

Read details — https://thehackernews.com/2020/06/image-credit-card-skimmers.html

Russian Hacker Gets 9-Year Jail for Running Online Bazaar of Stolen Credit Cards

Read More: https://thehackernews.com/2020/06/russian-credit-card-hacker.html

Advanced 'StrongPity' hackers return with retooled spyware and new watering hole attacks targeting the Kurdish community in Syria and Turkey for surveillance and intelligence exfiltration.

Read more: https://thehackernews.com/2020/06/strongpity-syria-turkey-hackers.html

EvilQuest — New ransomware is targeting macOS users via pirated apps.

Details: https://thehackernews.com/2020/07/macos-ransomware-attack.html

Besides encrypting files, the malware also comes with capabilities to execute in-memory payloads, create reverse shell, and steal keystrokes & cryptocurrency wallet files.

In case you missed it...

Microsoft releases urgent Windows software updates to patch two high-risk RCE vulnerabilities affecting hundreds of millions of Windows10 and Server users.

Details: https://thehackernews.com/2020/07/windows-security-update.html