Facebook announced that it had taken down about 200 accounts—operated by a group of hackers in Iran—that were involved in a cyberespionage campaign targeting US military personnel and defense contractors.

Read: https://thehackernews.com/2021/07/facebook-suspends-accounts-used-by.html

Israeli firm Candiru is embroiled in a scandal for selling 0-day exploits to governments & helping them spy on 100s of dissidents, journalists, activists & politicians globally.

Details: https://thehackernews.com/2021/07/israeli-firm-helped-governments-target.html

...including, 2 Windows flaws that #Microsoft patched this week.

A critical vulnerability reported in the CloudFlare CDNJS infrastructure may have facilitated widespread supply chain attacks.

https://thehackernews.com/2021/07/cloudflare-cdnjs-bug-could-have-led-to.html

🔥 If your Instagram account has been hacked, try "Security Checkup."

Instagram has introduced a new security feature to protect users' accounts and help them recover their compromised accounts.

Learn more about it: https://thehackernews.com/2021/07/instagram-launches-security-checkup-to.html

China has issued new regulations requiring cybersecurity researchers to mandatorily share details of critical zero-day security vulnerabilities first-hand with government authorities within two days of filing a report.

Read: https://thehackernews.com/2021/07/chinas-new-law-requires-researchers-to.html

A new leak reveals how governments abused #NSO Group's Pegasus spyware to silence journalists, attack activists, and suppress dissent in several countries, including in Bahrain, Hungary, India, Mexico, Saudi Arabia & U.A.E.

Read https://thehackernews.com/2021/07/new-leak-reveals-abuse-of-pegasus.html

Yet another unpatched #vulnerability has been uncovered in Windows Printer Spooler, making it the fourth printer-related vulnerability found in recent weeks.

Read: https://thehackernews.com/2021/07/researcher-uncover-yet-another.html

Remember that fun-looking Wi-Fi name bug on iOS?

🔥 Turns out the vulnerability can not only disable the iPhone's network functionality, but can also be exploited to remotely execute malicious code on targeted Apple devices.

Details: https://thehackernews.com/2021/07/turns-out-that-low-risk-ios-wi-fi.html

Researchers have gained insight into a group of Romanian cybercriminals which have been identified carrying out cryptojacking attacks on #Linux machines with weak passwords.

Read: https://thehackernews.com/2021/07/researchers-warn-of-linux-cryptojacking.html

The United States and its global allies have officially blamed hackers affiliated with the Chinese government for the massive cyberattack on Microsoft Exchange servers.

Read: https://thehackernews.com/2021/07/us-and-global-allies-accuse-china-of.html

Researchers warn of a new malware strain, dubbed "MosaicLoader," that hides among Windows Defender exclusions to evade detection by Microsoft's antivirus program.

Read details: https://thehackernews.com/2021/07/this-new-malware-hides-itself-among.html

Millions of HP, Samsung and Xerox printers worldwide are vulnerable to a new vulnerability (CVE-2021-3438) that has gone undetected for 16 years.

Read details: https://thehackernews.com/2021/07/16-year-old-security-bug-affects.html

New Windows and Linux Flaws Give Attackers Highest System Privileges (SYSTEM / root):

1 — Microsoft has tagged this new vulnerability CVE-2021-36934, marking it as the 3rd publicly disclosed unpatched Windows bug this month.

2 — Dubbed "Sequoia," the Linux flaw (CVE-2021-33909) affects all kernel versions from 2014, including default installations of Ubuntu, Debian, Fedora and RHEL.

https://thehackernews.com/2021/07/new-windows-and-linux-flaws-give.html

Cybersecurity researchers have discovered multiple vulnerabilities in CODESYS automation software and the WAGO PLC platform that can be remotely exploited to compromise an organization's cloud operating technology infrastructure (OT).

Read: https://thehackernews.com/2021/07/several-new-critical-flaws-affect.html

XLoader, a low-cost and popular Windows malware available on rent, has now been upgraded to allow cybercriminals to spy on Apple's macOS users.

Read: https://thehackernews.com/2021/07/xloader-windows-infostealer-malware-now.html

In an apparent supply-chain attack, a software package available from the official NPM repository has been caught stealing users’ saved passwords from their Chrome web browser.

Read details: https://thehackernews.com/2021/07/malicious-npm-package-caught-stealing.html

Another hacker, a British national, has been arrested in connection with the high-profile 2020 Twitter hack who played a role in the massive bitcoin scam.

Read details: https://thehackernews.com/2021/07/another-hacker-arrested-for-2020.html

Oracle warns of three newly discovered critical vulnerabilities in Weblogic server software that can be exploited remotely without authentication.

Read: https://thehackernews.com/2021/07/oracle-warns-of-critical-remotely.html

As part of the July 2021 Patch Updates, Oracle also released 342 fixes that span multiple products.

Kaseya has received a universal REvil decryptor to help customers recover data, nearly 3 weeks after a supply-chain ransomware attack impacted the company.



https://thehackernews.com/2021/07/kaseya-gets-universal-decryptor-to-help.html

Nasty macOS malware XCSSET has been updated once again to steal sensitive data from a variety of apps, including Chrome and Telegram.

Read: https://thehackernews.com/2021/07/nasty-macos-malware-xcsset-now-targets.html