Researchers warn of 4 emerging ransomware cybercrime groups that could pose a threat to a number of businesses.

Read: https://thehackernews.com/2021/08/researchers-warn-of-4-new-ransomware.html

Default permissions settings in Microsoft Power Apps left 38 million records exposed from dozens of organizations.

Read details: https://thehackernews.com/2021/08/38-million-records-exposed-from.html

A modified version of the WhatsApp messaging app for Android has been trojanized to serve malicious payloads, display full-screen ads, and sign up device owners for unwanted premium subscriptions without their knowledge.

Read: https://thehackernews.com/2021/08/modified-version-of-whatsapp-for.html

A computer retailer in the United States was recently attacked with a new backdoor malware — called "SideWalk" — as part of an Advanced Persistent Threat campaign by a Chinese hacking group.

Read details: https://thehackernews.com/2021/08/new-sidewalk-backdoor-targets-us-based.html

Critical security vulnerabilities affecting B. Braun's Infusomat Space large volume pump and SpaceStation could allow remote attackers to tamper with medication doses without prior authentication.

Details: https://thehackernews.com/2021/08/bbraun-infusomat-pumps-could-let.html

Financially motivated FIN8 hackers have been observed installing a new backdoor on infected systems, dubbed Sardonic.

Read details: https://thehackernews.com/2021/08/researchers-uncover-fin8s-new-backdoor.html

A critical vulnerability has been discovered in Cisco Application Policy Infrastructure Controller (APIC) for network switches that could potentially be exploited to read or write arbitrary files on a vulnerable system.

Details: https://thehackernews.com/2021/08/critical-flaw-discovered-in-cisco-apic.html

F5 releases patches for several new vulnerabilities affecting BIG -IP, BIG -IQ devices that could allow attackers to perform a variety of malicious actions, including accessing arbitrary files, escalating privileges & executing JavaScript code.

https://thehackernews.com/2021/08/f5-releases-critical-security-patches.html

A critical vulnerability in Microsoft's Azure Cosmos DB affecting thousands of its cloud computing customers allowed attackers to read, modify or even delete databases admin privileges.

https://thehackernews.com/2021/08/critical-cosmos-database-flaw-affected.html

Microsoft notified over 30% of customers about potential breach.

US-based technology company Kaseya has released security patches to address two zero-day vulnerabilities affecting its Unitrends enterprise backup and continuity solution that could lead to privilege escalation and RCE attacks.

Read: https://thehackernews.com/2021/08/kaseya-issues-patches-for-two-new-0-day.html

Google and Microsoft said they are pledging to invest a total of $30 billion in cybersecurity advancements over the next 5 years.

https://thehackernews.com/2021/08/microsoft-google-to-invest-30-billion.html

Microsoft is warning users about a widespread credential phishing campaign that uses open redirect links in emails as a vector to trick them into visiting malicious websites by effectively bypassing security software.

Details: https://thehackernews.com/2021/08/microsoft-warns-of-widespread-phishing.html

New LockFile ransomware family that emerged last month uses a novel technique known as "intermittent encryption" to bypass behavioral and statistical-based ransomware protection.

Details: https://thehackernews.com/2021/08/lockfile-ransomware-bypasses-protection.html

Unauthenticated attackers could exploit a new vulnerability — dubbed ProxyToken, CVE-2021-33766 — in Microsoft Exchange servers to change mailbox settings and spy on email.

Read details: https://thehackernews.com/2021/08/new-microsoft-exchange-proxytoken-flaw.html

Securing accounts and personal information through single-factor authentication is now on the United States Cybersecurity and Infrastructure Security Agency' (CISA) list of bad practices.

Read: https://thehackernews.com/2021/08/cisa-adds-single-factor-authentication.html

Newly discovered vulnerabilities in Fortress S03 Wi-Fi home security alarm system could allow malicious parties to remotely gain unauthorized access and alter system behavior, including disarming devices without the victim's knowledge.

Details: https://thehackernews.com/2021/08/attackers-can-remotely-disable-fortress.html

Researchers have developed a machine learning technique that relies on authentic interactions between Bluetooth devices to build a reliable technique for securing device-to-device authentication.

Read: https://thehackernews.com/2021/08/researchers-propose-machine-learning.html

QNAP is currently investigating two newly discovered security vulnerabilities in OpenSSL to determine their impact on its network-attached storage (NAS) appliances and says it will release security updates as needed.

Details: https://thehackernews.com/2021/09/qnap-working-on-patches-for-openssl.html

Linphone's Session Initiation Protocol (SIP) stack has a vulnerability that can be remotely exploited without the victim's knowledge to crash the SIP client's device.

Read: https://thehackernews.com/2021/09/linphone-sip-stack-bug-could-let.html

As the popularity of internet-sharing or "proxyware" platforms such as Honeygain and Nanowire grows, cybercriminals are using these platforms as a channel to monetize their malware activities.

Read details: https://thehackernews.com/2021/09/cybercriminals-abusing-internet-sharing.html