Mozi, a peer-to-peer #botnet known for targeting IoT devices, has gained new capabilities that give it the ability to persist on network gateways manufactured by Netgear, Huawei and ZTE.

Read: https://thehackernews.com/2021/08/mozi-iot-botnet-now-also-targets.html

A Nigerian cybercrime group has been spotted recruiting employees of several companies by offering them $1 million in Bitcoin in exchange for deploying ransomware on their companies' networks as part of an insider threat scheme.

Read: https://thehackernews.com/2021/08/cybercrime-group-asking-insiders-for.html

Cloudflare says it mitigated the largest ever volumetric DDoS attack recorded to date, involving a record high of 17.2 million requests-per-second.

Read details: https://thehackernews.com/2021/08/cloudflare-mitigated-one-of-largest.html

ShadowPad, a privately sold modular malware platform, is becoming a favorite of Chinese cyberespionage groups.

Details: https://thehackernews.com/2021/08/shadowpad-malware-is-becoming-favorite.html

It was the main backdoor used in multiple espionage campaigns, including the CCleaner, NetSarang, and ASUS Supply-Chain attacks.

WARNING — Multiple threat actors are extensively exploiting the ProxyShell vulnerabilities in-the-wild and have already compromised over 1900 Microsoft Exchange servers.

Read details: https://thehackernews.com/2021/08/microsoft-exchange-under-attack-with.html

In a new report, researchers warn of the top 15 security vulnerabilities that attackers have exploited millions of times in-the-wild to hack hundreds of thousands of Linux systems.

Read: https://thehackernews.com/2021/08/top-15-vulnerabilities-attackers.html

Activists in Bahrain were targeted by Pegasus spyware using a new zero-day iPhone exploit devised by the NSO Group.

Read details: https://thehackernews.com/2021/08/bahraini-activists-targeted-using-new.html

Researchers warn of 4 emerging ransomware cybercrime groups that could pose a threat to a number of businesses.

Read: https://thehackernews.com/2021/08/researchers-warn-of-4-new-ransomware.html

Default permissions settings in Microsoft Power Apps left 38 million records exposed from dozens of organizations.

Read details: https://thehackernews.com/2021/08/38-million-records-exposed-from.html

A modified version of the WhatsApp messaging app for Android has been trojanized to serve malicious payloads, display full-screen ads, and sign up device owners for unwanted premium subscriptions without their knowledge.

Read: https://thehackernews.com/2021/08/modified-version-of-whatsapp-for.html

A computer retailer in the United States was recently attacked with a new backdoor malware — called "SideWalk" — as part of an Advanced Persistent Threat campaign by a Chinese hacking group.

Read details: https://thehackernews.com/2021/08/new-sidewalk-backdoor-targets-us-based.html

Critical security vulnerabilities affecting B. Braun's Infusomat Space large volume pump and SpaceStation could allow remote attackers to tamper with medication doses without prior authentication.

Details: https://thehackernews.com/2021/08/bbraun-infusomat-pumps-could-let.html

Financially motivated FIN8 hackers have been observed installing a new backdoor on infected systems, dubbed Sardonic.

Read details: https://thehackernews.com/2021/08/researchers-uncover-fin8s-new-backdoor.html

A critical vulnerability has been discovered in Cisco Application Policy Infrastructure Controller (APIC) for network switches that could potentially be exploited to read or write arbitrary files on a vulnerable system.

Details: https://thehackernews.com/2021/08/critical-flaw-discovered-in-cisco-apic.html

F5 releases patches for several new vulnerabilities affecting BIG -IP, BIG -IQ devices that could allow attackers to perform a variety of malicious actions, including accessing arbitrary files, escalating privileges & executing JavaScript code.

https://thehackernews.com/2021/08/f5-releases-critical-security-patches.html

A critical vulnerability in Microsoft's Azure Cosmos DB affecting thousands of its cloud computing customers allowed attackers to read, modify or even delete databases admin privileges.

https://thehackernews.com/2021/08/critical-cosmos-database-flaw-affected.html

Microsoft notified over 30% of customers about potential breach.

US-based technology company Kaseya has released security patches to address two zero-day vulnerabilities affecting its Unitrends enterprise backup and continuity solution that could lead to privilege escalation and RCE attacks.

Read: https://thehackernews.com/2021/08/kaseya-issues-patches-for-two-new-0-day.html

Google and Microsoft said they are pledging to invest a total of $30 billion in cybersecurity advancements over the next 5 years.

https://thehackernews.com/2021/08/microsoft-google-to-invest-30-billion.html

Microsoft is warning users about a widespread credential phishing campaign that uses open redirect links in emails as a vector to trick them into visiting malicious websites by effectively bypassing security software.

Details: https://thehackernews.com/2021/08/microsoft-warns-of-widespread-phishing.html

New LockFile ransomware family that emerged last month uses a novel technique known as "intermittent encryption" to bypass behavioral and statistical-based ransomware protection.

Details: https://thehackernews.com/2021/08/lockfile-ransomware-bypasses-protection.html