Researchers reveal IT and communications companies in Israel were at the center of a supply-chain attack campaign led by an Iranian threat actor known as Siamesekitten APT.

Read: https://thehackernews.com/2021/08/iranian-hackers-target-several-israeli.html

Blackberry's QNX Real-Time Operating System (RTOS) — embedded in millions of vehicles, industrial equipment and healthcare devices — is vulnerable to BadAlloc vulnerability, which could let attackers gain control of a wide range of products.

https://thehackernews.com/2021/08/badalloc-flaw-affects-blackberry-qnx.html

FireEye has disclosed a new critical vulnerability (CVE-2021-28372) in the ThroughTek Kalay P2P SDK that could allow remote attackers to take control of affected devices, spy on camera audio and video feeds, and compromise device credentials.

https://thehackernews.com/2021/08/critical-throughtek-sdk-bug-could-let.html

Researchers have discovered new evidence that links Diavol ransomware to TrickBot malware syndicate.

Read details: https://thehackernews.com/2021/08/researchers-find-new-evidence-linking.html

Cisco has informed its customers that it will not provide a patch for a newly discovered critical vulnerability (CVE-2021-34730) affecting its small business routers as the devices reach the end of their lifecycle.

Read: https://thehackernews.com/2021/08/critical-flaw-found-in-older-cisco.html

Mozi, a peer-to-peer #botnet known for targeting IoT devices, has gained new capabilities that give it the ability to persist on network gateways manufactured by Netgear, Huawei and ZTE.

Read: https://thehackernews.com/2021/08/mozi-iot-botnet-now-also-targets.html

A Nigerian cybercrime group has been spotted recruiting employees of several companies by offering them $1 million in Bitcoin in exchange for deploying ransomware on their companies' networks as part of an insider threat scheme.

Read: https://thehackernews.com/2021/08/cybercrime-group-asking-insiders-for.html

Cloudflare says it mitigated the largest ever volumetric DDoS attack recorded to date, involving a record high of 17.2 million requests-per-second.

Read details: https://thehackernews.com/2021/08/cloudflare-mitigated-one-of-largest.html

ShadowPad, a privately sold modular malware platform, is becoming a favorite of Chinese cyberespionage groups.

Details: https://thehackernews.com/2021/08/shadowpad-malware-is-becoming-favorite.html

It was the main backdoor used in multiple espionage campaigns, including the CCleaner, NetSarang, and ASUS Supply-Chain attacks.

WARNING — Multiple threat actors are extensively exploiting the ProxyShell vulnerabilities in-the-wild and have already compromised over 1900 Microsoft Exchange servers.

Read details: https://thehackernews.com/2021/08/microsoft-exchange-under-attack-with.html

In a new report, researchers warn of the top 15 security vulnerabilities that attackers have exploited millions of times in-the-wild to hack hundreds of thousands of Linux systems.

Read: https://thehackernews.com/2021/08/top-15-vulnerabilities-attackers.html

Activists in Bahrain were targeted by Pegasus spyware using a new zero-day iPhone exploit devised by the NSO Group.

Read details: https://thehackernews.com/2021/08/bahraini-activists-targeted-using-new.html

Researchers warn of 4 emerging ransomware cybercrime groups that could pose a threat to a number of businesses.

Read: https://thehackernews.com/2021/08/researchers-warn-of-4-new-ransomware.html

Default permissions settings in Microsoft Power Apps left 38 million records exposed from dozens of organizations.

Read details: https://thehackernews.com/2021/08/38-million-records-exposed-from.html

A modified version of the WhatsApp messaging app for Android has been trojanized to serve malicious payloads, display full-screen ads, and sign up device owners for unwanted premium subscriptions without their knowledge.

Read: https://thehackernews.com/2021/08/modified-version-of-whatsapp-for.html

A computer retailer in the United States was recently attacked with a new backdoor malware — called "SideWalk" — as part of an Advanced Persistent Threat campaign by a Chinese hacking group.

Read details: https://thehackernews.com/2021/08/new-sidewalk-backdoor-targets-us-based.html

Critical security vulnerabilities affecting B. Braun's Infusomat Space large volume pump and SpaceStation could allow remote attackers to tamper with medication doses without prior authentication.

Details: https://thehackernews.com/2021/08/bbraun-infusomat-pumps-could-let.html

Financially motivated FIN8 hackers have been observed installing a new backdoor on infected systems, dubbed Sardonic.

Read details: https://thehackernews.com/2021/08/researchers-uncover-fin8s-new-backdoor.html

A critical vulnerability has been discovered in Cisco Application Policy Infrastructure Controller (APIC) for network switches that could potentially be exploited to read or write arbitrary files on a vulnerable system.

Details: https://thehackernews.com/2021/08/critical-flaw-discovered-in-cisco-apic.html

F5 releases patches for several new vulnerabilities affecting BIG -IP, BIG -IQ devices that could allow attackers to perform a variety of malicious actions, including accessing arbitrary files, escalating privileges & executing JavaScript code.

https://thehackernews.com/2021/08/f5-releases-critical-security-patches.html