In an attempt to hide their activities, the Magecart group of hackers are now encoding stolen credit card information into images—hosted on the backdoored e-commerce server—before exfiltrating the data.

Read details: https://thehackernews.com/2021/07/magecart-hackers-hide-stolen-credit.html

Kaseya has released security updates to address critical vulnerabilities in its Virtual System Administrator (VSA) software that hackers exploited in a widespread ransomware attack targeting 1,500 businesses worldwide.

Details — https://thehackernews.com/2021/07/kaseya-releases-patches-for-flaws.html

Cybercriminals compromised Chinese online gambling sites to spread the BIOPASS RAT malware, which uses OBS Studio's live-streaming app to capture victims' screens.

Read details: https://thehackernews.com/2021/07/hackers-spread-biopass-malware-via.html

🔥 Microsoft has found a new critical zero-day RCE vulnerability (CVE-2021-35211) affecting SolarWinds Serv-U that is being actively exploited by hackers.

Details — https://thehackernews.com/2021/07/a-new-critical-solarwinds-zero-day.html

Trickbot strikes back!

The "so far" invincible malware has gained a new VNC spying module that cyber criminals are using against selected high-value targets for surveillance and intelligence gathering.

https://thehackernews.com/2021/07/trickbot-malware-returns-with-new-vnc.html

Operation SpoofedScholars!!! Iranian hackers posing as scholars are targeting think tanks, journalists and professors in Middle-East through sophisticated social engineering attacks.

Read: https://thehackernews.com/2021/07/iranian-hackers-posing-as-scholars.html

Etherpad—a popular self-hosted open-source alternative to Google Docs—has been found to have critical security vulnerabilities that could allow attackers to hijack admin accounts, execute system commands and even steal sensitive data.

Read: https://thehackernews.com/2021/07/critical-flaws-reported-in-etherpad.html

Microsoft says Chinese hackers exploited the recently disclosed zero-day vulnerability in #SolarWinds Serv-U FTP software to attack U.S. defence and software companies.

Details: https://thehackernews.com/2021/07/chinese-hackers-exploit-latest.html

July 2021 Patch Tuesday updates released by:

1 — Microsoft
2 — Adobe
3 — Google Android
4 — SAP
5 — VMware
6 — Citrix
7 — Linux
8 — Siemens
9 — Schneider Electric

Read: https://thehackernews.com/2021/07/update-your-windows-pcs-to-patch-117.html

Amid rising tensions between the US & Russia over cybercrime, REvil—infamous ransomware cartel behind some of the biggest attacks on JBS and Kaseya—has mysteriously disappeared from the dark web.

Read: https://thehackernews.com/2021/07/revil-ransomware-gang-mysteriously.html

Spanish authorities have arrested 16 individuals belonging to a cybercrime network that operates two BANKING TROJANS—Mekotio and Grandoreiro—targeting financial institutions in Europe.

Read: https://thehackernews.com/2021/07/16-cybercriminals-behind-mekotio-and.html

Google sheds new light on 4 zero-day vulnerabilities recently exploited in-the-wild.

Read: https://thehackernews.com/2021/07/google-details-ios-chrome-ie-zero-day.html

SonicWall has warned customers of "imminent" ransomware attacks targeting its Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched end-of-life 8.x firmware.

Details: https://thehackernews.com/2021/07/ransomware-attacks-targeting-unpatched.html

Chinese hackers linked to LuminousMoth APT have expanded their attacks to a number of Philippine targets and other Southeast Asian government agencies.

Read: https://thehackernews.com/2021/07/chinas-cyberspies-targeting-southeast.html

Microsoft warns of a new unpatched vulnerability (CVE-2021-34481) affecting the Windows Print Spooler service.

Read: https://thehackernews.com/2021/07/microsoft-warns-of-new-unpatched.html

An attacker who successfully exploited it could execute arbitrary code with SYSTEM privileges.

Google has pushed out a new security update for the Chrome browser for Windows, Mac and Linux that fixes several vulnerabilities, including a zero-day vulnerability (CVE-2021-30563) that Google says is being exploited in the wild.

Read: https://thehackernews.com/2021/07/update-your-chrome-browser-to-patch-new.html

Facebook announced that it had taken down about 200 accounts—operated by a group of hackers in Iran—that were involved in a cyberespionage campaign targeting US military personnel and defense contractors.

Read: https://thehackernews.com/2021/07/facebook-suspends-accounts-used-by.html

Israeli firm Candiru is embroiled in a scandal for selling 0-day exploits to governments & helping them spy on 100s of dissidents, journalists, activists & politicians globally.

Details: https://thehackernews.com/2021/07/israeli-firm-helped-governments-target.html

...including, 2 Windows flaws that #Microsoft patched this week.

A critical vulnerability reported in the CloudFlare CDNJS infrastructure may have facilitated widespread supply chain attacks.

https://thehackernews.com/2021/07/cloudflare-cdnjs-bug-could-have-led-to.html

🔥 If your Instagram account has been hacked, try "Security Checkup."

Instagram has introduced a new security feature to protect users' accounts and help them recover their compromised accounts.

Learn more about it: https://thehackernews.com/2021/07/instagram-launches-security-checkup-to.html