Considering the broken state of certificate revocation process & related safety checks, Firefox has updated #Mozilla’s Root Store Policy to reduce the maximum lifetime of TLS certificates from 825 days to 398 days to protect HTTPS connections.

https://blog.mozilla.org/security/2020/07/09/reducing-tls-certificate-lifespans-to-398-days/

An unpatched critical zero-day arbitrary code execution vulnerability has been discovered in Zoom video conferencing software exploitable on Microsoft Windows 7 or older operating system.

Details: https://thehackernews.com/2020/07/zoom-windows-security.html

WARNING — Dear Indian TikTokers, if you now have an account on 🔥 Chingari, THEN BEWARE! Anyone in seconds can HIJACK your Chingari account.

Details: https://thehackernews.com/2020/07/hack-chingari-app-account.html

Like the 'Mitron' app (another viral TikTok clone), Chingari also suffers from an auth bypass flaw.

A newly disclosed highly-critical vulnerability (CVE-2020-6287 with CVSS score 10 out of 10) residing in SAP's Java-based solutions could let attackers compromise affected corporate servers.

https://thehackernews.com/2020/07/sap-netweaver-vulnerability.html

Patches are now available.

Adobe is today rolling out its July 2020 set of critical security patches for 13 new software vulnerabilities affecting:

✅ Creative Cloud Desktop App
✅ Media Encoder
✅ Genuine Service
✅ ColdFusion
✅ Download Manager

Story — https://thehackernews.com/2020/07/adobe-security-patch-july.html

WARNING 🔥 CVE-2020-1350 (CVSS 10)

A critical 17-year-old 'wormable' RCE vulnerability affects Windows DNS Servers (2013 to 2019 editions) that could let unauthenticated hackers gain 'Domain Admin' privileges on the targeted servers.

Researchers confirm the new Windows vulnerability, dubbed 'SigRed,' is a wormable bug, allowing attackers to launch #malware attacks that can spread from one vulnerable computer to another without any human interaction.

Details — https://thehackernews.com/2020/07/windows-dns-server-hacking.html

Wait, we're not yet done with this month's Patch Tuesday!

Oracle releases critical updates for 443 new vulnerabilities affecting dozens of its software products, out of which at least 120 bugs have scored 8 or above out of 10 on the CVSS severity scale.

https://www.oracle.com/security-alerts/cpujul2020.html

Apache today released updated versions of Tomcat Server to patch two DoS vulnerabilities residing in the WebSocket (CVE-2020-13935) and HTTP/2 (CVE-2020-13934) implementations.

http://mail-archives.us.apache.org/mod_mbox/www-announce/202007.mbox/%3C39e4200c-6f4e-b85d-fe4b-a9c2bd5fdc3d%40apache.org%3E

http://mail-archives.us.apache.org/mod_mbox/www-announce/202007.mbox/%3Cad62f54e-8fd7-e326-25f1-3bdf1ffa3818%40apache.org%3E

⚡ Watch Out!

Local Brazilian hackers have upgraded at least 4 large banking malware families (Guildma, Javali, Melcoz, Grandoreiro) to rob users across the globe.

https://thehackernews.com/2020/07/brazilian-banking-trojan.html

New variants are modular, obfuscated, bypass detection, & use complex execution flow.

Cisco just released the latest security advisories describing 33 new vulnerabilities affecting multiple products, out of which:

✅ 5 are CRITICAL (with CVSS score 9.8),
✅ 12 are HIGH, and
✅ 16 are important.

https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities

Stay Calm, and Patch 'Em All!

✅ Microsoft
✅ Cisco
✅ Juniper
✅ Oracle
✅ Zoom
✅ Citrix
✅ SAP
✅ F5
✅ Intel
✅ Adobe
✅ Jenkins
✅ NVIDIA
✅ Apache
✅ Chrome
✅ Android
✅ VMware
✅ Siemens
✅ Rust Lang Crates
✅ Go programming

Happy Patch Week, Everyone.

WATCH OUT — Many top cryptocurrency-related verified Twitter accounts got compromised and a few minutes ago simultaneously tweeted an identical "Crypto For Health" SCAM message.

Hacked people & organizations include Gemini, Binance, Binance's CEO, KuCoin, Coinbase, CoinDesk.

THE BIGGEST HACK IN TWITTER'S HISTORY

List of hacked accounts:

- Jeff Bezos
- Elon Musk
- Warren Buffett
- Barack Obama
- Michael Bloomberg
- Kanye West
- Wiz Khalifa
- Apple
- Uber
- JoeBiden
- Bitcoin
- Coinbase
- Binance
- Gemini
- Kucoin
- Coindesk
- Ripple
- Justin Sun
- Charlee Lee
- SatoshiLite

And more...

Apple releases:

✅ iOS 13.6
✅ iPadOS 13.6
✅ macOS 10.15.6
✅ tvOS 13.4.8
✅ watchOS 6.2.8

Of course, with dozens of new security patches.

Details: https://support.apple.com/en-in/HT201222

Here's our brief coverage on the 'Biggest Twitter Hack of All Time,' explaining what happened earlier today wherein several high-profile verified Twitter accounts were hacked to widespread a cryptocurrency scam that successfully amasses nearly $120,000 in bitcoins.

Read: https://thehackernews.com/2020/07/verified-twitter-hacked.html

(New) A minor flaw in Zoom could have let fraudsters mimic organizations and trick their employees, users, or business partners into revealing personal or other confidential information.

Read details — https://thehackernews.com/2020/07/zoom-vanity-url-vulnerability.html

A new Android banking malware not only targets financial apps but also steals data and credentials from hundreds of social networking, dating, communication, and cryptocurrency apps.

Learn more about 'BlackRock' malware: https://thehackernews.com/2020/07/android-password-hacker.html

OPSEC Fail!

Iranian APT35 hackers accidentally exposed 40 GB worth of sensitive data online, containing hacking training videos that revealed they managed to hack a member of the U.S. Navy, and a Greek naval officer.

Read Details — https://thehackernews.com/2020/07/iranian-hacking-training-videos.html

Great News! Mozilla is finally adding built-in end-to-end email encryption functionality (OpenPGP) and digital signatures into the upcoming release of Thunderbird version 78.2, scheduled to be released in the coming months.

https://blog.thunderbird.net/2020/07/whats-new-in-thunderbird-78/

Until now, users relied on the Enigmail add-on to achieve the same.

21-Year-Old Cypriot Hacker Extradited to the U.S. Over Fraud and Extortion Charges

Read: https://thehackernews.com/2020/07/cypriot-hacker-extradited.html