Malicious actors increasingly leveraging GitHub actions and Azure virtual machines (VMs) for cloud-based cryptocurrency mining.

Read: https://thehackernews.com/2022/07/cloud-based-cryptocurrency-miners.html

Microsoft has announced the general availability of a feature called Autopatch that automatically keeps Windows and Office software up-to-date on enrolled endpoints.

Read: https://thehackernews.com/2022/07/microsoft-windows-autopatch-is-now.html

Following a warning from the Italian regulator over a possible GDPR breach, TikTok has agreed to halt a controversial privacy policy update in Europe that would have allowed the company to track users for targeted advertising without their consent.

https://thehackernews.com/2022/07/tiktok-postpones-privacy-policy-update.html

Microsoft has released its July 2022 Patch Tuesday updates to address 84 new vulnerabilities, including a zero-day vulnerability that is actively being exploited in the wild.

Read: https://thehackernews.com/2022/07/microsoft-releases-fix-for-zero-day.html

Researchers have uncovered new variants of the "ChromeLoader" information-stealing malware, highlighting its evolving feature set in a short span of time.

Read: https://thehackernews.com/2022/07/researchers-uncover-new-variants-of.html

Microsoft warns of a large-scale AiTM phishing attack campaign targeting over 10,000 organizations around the world that hijacks Office 365's authentication process even for accounts with multi-factor authentication (MFA).

Read: https://thehackernews.com/2022/07/microsoft-warns-of-large-scale-aitm.html

The U.S. Federal Trade Commission (FTC) warned that it would take action against the illegal use and sharing of highly sensitive data by technology companies and false claims of data anonymization.

Read: https://thehackernews.com/2022/07/us-ftc-vows-to-crack-down-on-illegal.html

ESET researchers have discovered three new buffer overflow vulnerabilities in the UEFI firmware of several Lenovo Notebook devices, including several ThinkBook models.

Details: https://thehackernews.com/2022/07/new-uefi-firmware-vulnerabilities.html

Researchers uncover a new vulnerability in numerous AMD and Intel microprocessors that could bypass current protections and lead to Specter-based attacks with speculative execution.

Details: https://thehackernews.com/2022/07/new-retbleed-speculative-execution.html

Microsoft has disclosed details of a now-patched vulnerability (CVE-2022-26706) in Apple operating systems — iOS, iPadOS, macOS, tvOS and watchOS — that could allow attackers to escalate privileges and deploy malware.

Read: https://thehackernews.com/2022/07/microsoft-details-app-sandbox-escape.html

Nation-state hacking groups aligned with China, Iran, North Korea, and Turkey have been targeting journalists in a series of campaigns to spy on them.

Read: https://thehackernews.com/2022/07/state-backed-hackers-targeting.html

Researchers warn of a new malware campaign by Pakistani "Transparent Tribe" hackers targeting students at educational institutions in India.

Read: https://thehackernews.com/2022/07/pakistani-hackers-targeting-indian.html

A former programmer at CIA has been found guilty of leaking a trove of classified hacking tools and exploits dubbed "Vault 7" to WikiLeaks.

Read: https://thehackernews.com/2022/07/former-cia-engineer-convicted-of.html

Mantis botnet was behind the largest HTTPS distributed denial-of-service (DDoS) attack in June 2022, targeting thousands of Cloudflare-powered websites.

Read: https://thehackernews.com/2022/07/mantis-botnet-behind-largest-https-ddos.html

North Korea-based hackers have been linked to cyberattacks targeting small and medium-sized businesses with the H0lyGh0st ransomware.

Read: https://thehackernews.com/2022/07/north-korean-hackers-targeting-small.html

A team of academic researchers has warned of a novel cache-based side-channel deanonymization attack that could be used to defeat anonymity protections and identify a unique website visitor.

Read: https://thehackernews.com/2022/07/new-cache-side-channel-attack-can-de.html

A new vulnerability in "Netwrix Auditor," used by thousands of organizations, could allow attackers to execute arbitrary code on affected devices and compromise Active Directory domains.

Read: https://thehackernews.com/2022/07/new-netwrix-auditor-bug-could-let.html

VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign aimed at exfiltrating data by downloading and executing additional payloads.

Read: https://thehackernews.com/2022/07/hackers-targeting-voip-servers-by.html

Juniper Networks has released security patches to address several vulnerabilities in Junos OS, Contrail Networking and other products, some of which can be exploited to take control of affected systems.

Read: https://thehackernews.com/2022/07/juniper-releases-patches-for-critical.html

Google has removed the Android app permissions list from the Play Store and instead created a new "Data Safety" section where developers can tell users themselves how their data will be used.

https://thehackernews.com/2022/07/google-removes-app-permissions-list.html