In case you missed it...

Microsoft releases urgent Windows software updates to patch two high-risk RCE vulnerabilities affecting hundreds of millions of Windows10 and Server users.

Details: https://thehackernews.com/2020/07/windows-security-update.html

WATCH OUT, Sysadmins!

Critical flaws (CVE-2020-9498, CVE-2020-9497) discovered in Apache Guacamole—popular remote desktop (RDP) application—could put remote Windows and Linux systems at risk of hacking.

Read more ➤ https://thehackernews.com/2020/07/apache-guacamole-hacking.html

European and British police have arrested 746 alleged drug dealers and other criminals after infiltrating into a global EncroChat ENCRYPTED CHAT NETWORK that was used to plot drug deals, money laundering, extortion, and even murders.

Read More: https://thehackernews.com/2020/07/encrochat-encrypted-phone.html

Critical Unauthorized RCE Vulnerability (CVE-2020-5902 with CVSS Score 10/10) Affects F5's BIG-IP Application Security Servers Used in large Enterprises, Data Centers, and Cloud Computing Environments.

Details — https://thehackernews.com/2020/07/f5-big-ip-application-security.html

Apply Newly Released Patch Updates ASAP!

< Project Freta 🔥 >

Microsoft launches a new free, cloud-based Linux forensics tool that analyzes virtual machine (VM) snapshots for evidence of sabotage — including rootkits, kernel-level compromises & other advanced malware.

Read Details: https://thehackernews.com/2020/07/microsoft-linux-forensics-rootkit.html

Citrix Releases Critical Software Patches for 11 New Security Vulnerabilities Affecting ADC, Gateway, and SD-WAN WANOP Appliances.

Read More: https://thehackernews.com/2020/07/citrix-software-security-update.html

WATCH OUT!

Eleven new innocent-looking Android apps loaded with 'billing fraud' Joker malware ONCE AGAIN bypass Google's security protections, aiming to infect millions via Play Store.

Read more: https://thehackernews.com/2020/07/joker-android-mobile-virus.html

Updated Tor browser versions 0.3.5.11, 0.4.2.8, and 0.4.3.6 have been released with patches for a medium-severity denial of service vulnerability and several minor security issues.

https://blog.torproject.org/node/1900

Considering the broken state of certificate revocation process & related safety checks, Firefox has updated #Mozilla’s Root Store Policy to reduce the maximum lifetime of TLS certificates from 825 days to 398 days to protect HTTPS connections.

https://blog.mozilla.org/security/2020/07/09/reducing-tls-certificate-lifespans-to-398-days/

An unpatched critical zero-day arbitrary code execution vulnerability has been discovered in Zoom video conferencing software exploitable on Microsoft Windows 7 or older operating system.

Details: https://thehackernews.com/2020/07/zoom-windows-security.html

WARNING — Dear Indian TikTokers, if you now have an account on 🔥 Chingari, THEN BEWARE! Anyone in seconds can HIJACK your Chingari account.

Details: https://thehackernews.com/2020/07/hack-chingari-app-account.html

Like the 'Mitron' app (another viral TikTok clone), Chingari also suffers from an auth bypass flaw.

A newly disclosed highly-critical vulnerability (CVE-2020-6287 with CVSS score 10 out of 10) residing in SAP's Java-based solutions could let attackers compromise affected corporate servers.

https://thehackernews.com/2020/07/sap-netweaver-vulnerability.html

Patches are now available.

Adobe is today rolling out its July 2020 set of critical security patches for 13 new software vulnerabilities affecting:

✅ Creative Cloud Desktop App
✅ Media Encoder
✅ Genuine Service
✅ ColdFusion
✅ Download Manager

Story — https://thehackernews.com/2020/07/adobe-security-patch-july.html

WARNING 🔥 CVE-2020-1350 (CVSS 10)

A critical 17-year-old 'wormable' RCE vulnerability affects Windows DNS Servers (2013 to 2019 editions) that could let unauthenticated hackers gain 'Domain Admin' privileges on the targeted servers.

Researchers confirm the new Windows vulnerability, dubbed 'SigRed,' is a wormable bug, allowing attackers to launch #malware attacks that can spread from one vulnerable computer to another without any human interaction.

Details — https://thehackernews.com/2020/07/windows-dns-server-hacking.html

Wait, we're not yet done with this month's Patch Tuesday!

Oracle releases critical updates for 443 new vulnerabilities affecting dozens of its software products, out of which at least 120 bugs have scored 8 or above out of 10 on the CVSS severity scale.

https://www.oracle.com/security-alerts/cpujul2020.html

Apache today released updated versions of Tomcat Server to patch two DoS vulnerabilities residing in the WebSocket (CVE-2020-13935) and HTTP/2 (CVE-2020-13934) implementations.

http://mail-archives.us.apache.org/mod_mbox/www-announce/202007.mbox/%3C39e4200c-6f4e-b85d-fe4b-a9c2bd5fdc3d%40apache.org%3E

http://mail-archives.us.apache.org/mod_mbox/www-announce/202007.mbox/%3Cad62f54e-8fd7-e326-25f1-3bdf1ffa3818%40apache.org%3E

⚡ Watch Out!

Local Brazilian hackers have upgraded at least 4 large banking malware families (Guildma, Javali, Melcoz, Grandoreiro) to rob users across the globe.

https://thehackernews.com/2020/07/brazilian-banking-trojan.html

New variants are modular, obfuscated, bypass detection, & use complex execution flow.

Cisco just released the latest security advisories describing 33 new vulnerabilities affecting multiple products, out of which:

✅ 5 are CRITICAL (with CVSS score 9.8),
✅ 12 are HIGH, and
✅ 16 are important.

https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities

Stay Calm, and Patch 'Em All!

✅ Microsoft
✅ Cisco
✅ Juniper
✅ Oracle
✅ Zoom
✅ Citrix
✅ SAP
✅ F5
✅ Intel
✅ Adobe
✅ Jenkins
✅ NVIDIA
✅ Apache
✅ Chrome
✅ Android
✅ VMware
✅ Siemens
✅ Rust Lang Crates
✅ Go programming

Happy Patch Week, Everyone.

WATCH OUT — Many top cryptocurrency-related verified Twitter accounts got compromised and a few minutes ago simultaneously tweeted an identical "Crypto For Health" SCAM message.

Hacked people & organizations include Gemini, Binance, Binance's CEO, KuCoin, Coinbase, CoinDesk.