(New) An emerging Chinese APT hacking group found targeting Indian Government and Hong Kong residents amid (border and new security law, respectively) tensions using a new variant of MgBot malware.

Read details — https://thehackernews.com/2020/07/chinese-hackers-hong-kong-india.html

Garmin—smartwatch, and GPS wearable maker—is currently experiencing global outages after getting hit with a suspected #ransomware attack that forced the company to shut down its connected services and call centers for millions of users.

Read: https://thehackernews.com/2020/07/garmin-ransomware-attack.html

Researchers reveal a new security flaw affecting popular Chinese-made DJI drones that could be exploited to trick users into installing malicious smartphone applications.

Details — https://thehackernews.com/2020/07/dji-drone-hacking_24.html

Company said it would fix the issue in future versions of its app.

In case you haven't tried it yet...

Linux/FreeBSD users can use this open-source vulnerability scanner to identify vulnerable software installed on a system.

https://github.com/future-architect/vuls

It uses multiple vulnerability databases, including NVD, JVN, OVAL, RHSA/ALAS/ELSA/FreeBSD-SA.

Exploiting popular macOS apps (like Dropbox, OneDrive, Google Drive, Keybase, Slack, Skype, Signal, Telegram) with a single ".terminal" file.

https://medium.com/@metnew/exploiting-popular-macos-apps-with-a-single-terminal-file-f6c2efdfedaa

Watch Out! QSnatch data-stealing malware infected over 62,000 vulnerable QNAP NAS devices—Cybersecurity agencies in the US and the UK warned.

Read details: https://thehackernews.com/2020/07/qnap-nas-malware-attack.html

A new undetectable (0/61) Linux malware is hijacking misconfigured Docker servers with exposed APIs—mostly hosted with popular cloud services like AWS, Azure & Alibaba Cloud.

https://thehackernews.com/2020/07/docker-linux-malware.html

Attackers managed to run this campaign under the radar for at least 6 months.

Running your online store using Magento application? If yes, UPDATE IT NOW!

Adobe today released updated versions (2.4.0 and 2.3.5-p2) of open source and commerce Magento variants including security patches for 2 critical and 2 important severity flaws.

https://helpx.adobe.com/security/products/magento/apsb20-47.html

New 🔥 : Multiple high-risk vulnerabilities discovered in the popular dating service—OkCupid—that could have allowed remote attackers to:

✅ Hijack profiles,
✅ Spy on private messages,
✅ Perform actions on behalf of the victim.

Read details: https://thehackernews.com/2020/07/hacking-okcupid-account.html

Multiple Critical Flaws Reported in Enterprise-Grade Industrial VPNs Could Let Remote Attackers Target Critical Infrastructures.

Details: https://thehackernews.com/2020/07/industrial-vpn-security.html

Reported Flaws Are:
CVE-2020-14500
CVE-2020-14508
CVE-2020-14510
CVE-2020-14512
CVE-2020-14511
CVE-2020-14498

A new GRUB2 bootloader vulnerability (CVE-2020-10713) could let attackers bypass 'Secure Boot' & gain high-privileged persistent access to the targeted systems.

https://thehackernews.com/2020/07/grub2-bootloader-vulnerability.html

BILLIONS of devices running any Linux distributions, as well as Windows PCs are affected.

A new security flaw in popular Zoom video conference service could have let snoopers crack private meetings passwords in a few minutes, re-enabling zoom-bombing attacks.

Read details ➤ https://thehackernews.com/2020/07/zoom-meeting-password-hacking.html

Researchers reveal "Timeless Timing Attacks," a new technique that leverages HTTP/2 protocol for effective remote timing side-channel attacks to leak sensitive information—which otherwise in most cases practically infeasible because of the network congestion between the adversary and target server.

Learn more: https://thehackernews.com/2020/07/http2-timing-side-channel-attacks.html

In its first-ever sanctions against cyberattacks, the European Union imposes restrictive measures against hackers from Chinese, Russian and North Korean—who're also wanted by the FBI—and companies involved in various attacks.

Read: https://thehackernews.com/2020/07/sanctions-against-wanted-hackers.html

— BREAKING —

A 17-year-old 'Mastermind' and two other 19 & 22-year-old suspected hackers behind the biggest Twitter hack have been arrested.

Details: https://thehackernews.com/2020/07/twitter-hacker-arrested.html

On July 15, several high-profile accounts were hijacked as part of a massive bitcoin scam.

U.S. intelligence agencies are warning of a new variant of 12-year-old 'Taidoor' computer virus that Chinese state-sponsored hackers are using to target governments, corporations, and think tanks worldwide.

Read detail —
https://thehackernews.com/2020/08/chinese-hacking-malware.html

Researcher demonstrated a high-severity flaw in a new feature of Apple Touch ID that could have let network-attackers hijack your iCloud accounts.

Read details: https://thehackernews.com/2020/08/apple-touchid-sign-in.html

NEW — SafeBreach researcher identified 4 new variants of 'HTTP Request Smuggling' attack and demonstrated them against various commercial off-the-shelf web servers and HTTP proxy servers.

Read details: https://thehackernews.com/2020/08/http-request-smuggling.html

Researchers find several new attacks that exploit the true underlying root issue behind micro-architectural flaws that not just impacts the most recent Intel CPUs, but also modern processors from ARM, IBM, and AMD—previously believed to be unaffected.

https://thehackernews.com/2020/08/foreshadow-processor-vulnerability.html

Magecart hackers found executing credit card skimming attacks against several websites, leveraging homoglyph domains, and infected copycat Favicon icons for evasive phishing attacks.

Read details: https://thehackernews.com/2020/08/magecart-homograph-phishing.html

Capital One—5th largest U.S. credit card company—has been fined with $80 million for 2019 data breach that compromised the personal information of 106 million credit card holders due to its careless network security practices.

https://thehackernews.com/2020/08/capital-one-data-breach.html