Wait, we're not yet done with this month's Patch Tuesday!

Oracle releases critical updates for 443 new vulnerabilities affecting dozens of its software products, out of which at least 120 bugs have scored 8 or above out of 10 on the CVSS severity scale.

https://www.oracle.com/security-alerts/cpujul2020.html

Apache today released updated versions of Tomcat Server to patch two DoS vulnerabilities residing in the WebSocket (CVE-2020-13935) and HTTP/2 (CVE-2020-13934) implementations.

http://mail-archives.us.apache.org/mod_mbox/www-announce/202007.mbox/%3C39e4200c-6f4e-b85d-fe4b-a9c2bd5fdc3d%40apache.org%3E

http://mail-archives.us.apache.org/mod_mbox/www-announce/202007.mbox/%3Cad62f54e-8fd7-e326-25f1-3bdf1ffa3818%40apache.org%3E

⚡ Watch Out!

Local Brazilian hackers have upgraded at least 4 large banking malware families (Guildma, Javali, Melcoz, Grandoreiro) to rob users across the globe.

https://thehackernews.com/2020/07/brazilian-banking-trojan.html

New variants are modular, obfuscated, bypass detection, & use complex execution flow.

Cisco just released the latest security advisories describing 33 new vulnerabilities affecting multiple products, out of which:

✅ 5 are CRITICAL (with CVSS score 9.8),
✅ 12 are HIGH, and
✅ 16 are important.

https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities

Stay Calm, and Patch 'Em All!

✅ Microsoft
✅ Cisco
✅ Juniper
✅ Oracle
✅ Zoom
✅ Citrix
✅ SAP
✅ F5
✅ Intel
✅ Adobe
✅ Jenkins
✅ NVIDIA
✅ Apache
✅ Chrome
✅ Android
✅ VMware
✅ Siemens
✅ Rust Lang Crates
✅ Go programming

Happy Patch Week, Everyone.

WATCH OUT — Many top cryptocurrency-related verified Twitter accounts got compromised and a few minutes ago simultaneously tweeted an identical "Crypto For Health" SCAM message.

Hacked people & organizations include Gemini, Binance, Binance's CEO, KuCoin, Coinbase, CoinDesk.

THE BIGGEST HACK IN TWITTER'S HISTORY

List of hacked accounts:

- Jeff Bezos
- Elon Musk
- Warren Buffett
- Barack Obama
- Michael Bloomberg
- Kanye West
- Wiz Khalifa
- Apple
- Uber
- JoeBiden
- Bitcoin
- Coinbase
- Binance
- Gemini
- Kucoin
- Coindesk
- Ripple
- Justin Sun
- Charlee Lee
- SatoshiLite

And more...

Apple releases:

✅ iOS 13.6
✅ iPadOS 13.6
✅ macOS 10.15.6
✅ tvOS 13.4.8
✅ watchOS 6.2.8

Of course, with dozens of new security patches.

Details: https://support.apple.com/en-in/HT201222

Here's our brief coverage on the 'Biggest Twitter Hack of All Time,' explaining what happened earlier today wherein several high-profile verified Twitter accounts were hacked to widespread a cryptocurrency scam that successfully amasses nearly $120,000 in bitcoins.

Read: https://thehackernews.com/2020/07/verified-twitter-hacked.html

(New) A minor flaw in Zoom could have let fraudsters mimic organizations and trick their employees, users, or business partners into revealing personal or other confidential information.

Read details — https://thehackernews.com/2020/07/zoom-vanity-url-vulnerability.html

A new Android banking malware not only targets financial apps but also steals data and credentials from hundreds of social networking, dating, communication, and cryptocurrency apps.

Learn more about 'BlackRock' malware: https://thehackernews.com/2020/07/android-password-hacker.html

OPSEC Fail!

Iranian APT35 hackers accidentally exposed 40 GB worth of sensitive data online, containing hacking training videos that revealed they managed to hack a member of the U.S. Navy, and a Greek naval officer.

Read Details — https://thehackernews.com/2020/07/iranian-hacking-training-videos.html

Great News! Mozilla is finally adding built-in end-to-end email encryption functionality (OpenPGP) and digital signatures into the upcoming release of Thunderbird version 78.2, scheduled to be released in the coming months.

https://blog.thunderbird.net/2020/07/whats-new-in-thunderbird-78/

Until now, users relied on the Enigmail add-on to achieve the same.

21-Year-Old Cypriot Hacker Extradited to the U.S. Over Fraud and Extortion Charges

Read: https://thehackernews.com/2020/07/cypriot-hacker-extradited.html

(New) An emerging Chinese APT hacking group found targeting Indian Government and Hong Kong residents amid (border and new security law, respectively) tensions using a new variant of MgBot malware.

Read details — https://thehackernews.com/2020/07/chinese-hackers-hong-kong-india.html

Garmin—smartwatch, and GPS wearable maker—is currently experiencing global outages after getting hit with a suspected #ransomware attack that forced the company to shut down its connected services and call centers for millions of users.

Read: https://thehackernews.com/2020/07/garmin-ransomware-attack.html

Researchers reveal a new security flaw affecting popular Chinese-made DJI drones that could be exploited to trick users into installing malicious smartphone applications.

Details — https://thehackernews.com/2020/07/dji-drone-hacking_24.html

Company said it would fix the issue in future versions of its app.

In case you haven't tried it yet...

Linux/FreeBSD users can use this open-source vulnerability scanner to identify vulnerable software installed on a system.

https://github.com/future-architect/vuls

It uses multiple vulnerability databases, including NVD, JVN, OVAL, RHSA/ALAS/ELSA/FreeBSD-SA.

Exploiting popular macOS apps (like Dropbox, OneDrive, Google Drive, Keybase, Slack, Skype, Signal, Telegram) with a single ".terminal" file.

https://medium.com/@metnew/exploiting-popular-macos-apps-with-a-single-terminal-file-f6c2efdfedaa

Watch Out! QSnatch data-stealing malware infected over 62,000 vulnerable QNAP NAS devices—Cybersecurity agencies in the US and the UK warned.

Read details: https://thehackernews.com/2020/07/qnap-nas-malware-attack.html