U.S. Department of Justice (DoJ) and FBI have seized about $500,000 in ransomware payments and cryptocurrencies from North Korean hackers.

Read details: https://thehackernews.com/2022/07/fbi-seizes-500000-ransomware-payments.html

Atlassian has rolled out security patches to address a new critical hard-coded credentials vulnerability (CVE-2022-26138) affecting the Confluence app for Confluence Server and Confluence Data Center.

Details: https://thehackernews.com/2022/07/atlassian-releases-patch-for-critical.html

A hacker group that recently updated its TTPs is now using EvilNum malware to attack European financial and investment firms, particularly those that support foreign exchanges, cryptocurrency, and decentralized financial operations.

Details: https://thehackernews.com/2022/07/hackers-use-evilnum-malware-to-target.html

A large Ukrainian software development company whose application is used by multiple state entities was attacked with a variant of the GoMet backdoor, possibly in an attempt to launch supply chain attacks.

Read details: https://thehackernews.com/2022/07/hackers-target-ukrainian-software.html

Researchers discover "⚡ Lightning Framework," a new Swiss Army knife-style Linux malware that has modular plugins and can install rootkits.

Read details: https://thehackernews.com/2022/07/new-linux-malware-framework-let.html

Spyware sold by Israeli company Candiru has been caught exploiting a recently discovered zero-day vulnerability in Google Chrome (CVE-2022-2294) to attack journalists.

Read details: https://thehackernews.com/2022/07/candiru-spyware-caught-exploiting.html

Ukrainian radio stations were hacked to broadcast fake news that President Volodymyr Zelenskyy is seriously ill under intensive care.

Read details: https://thehackernews.com/2022/07/ukrainian-radio-stations-hacked-to.html

Google has now decided to reverse a recent change that removed the Android "App Permissions" list from the Google Play Store, and also to keep the "Data safety" section.

Read details: https://thehackernews.com/2022/07/google-bringing-android-app-permissions.html

SonicWall has released patches for a critical SQL injection bug (CVE-2022-22280) affecting its Analytics On-Prem and Global Management System (GMS) products.

Read details: https://thehackernews.com/2022/07/sonicwall-issues-patch-for-critical-bug.html

Microsoft has officially resumed blocking VBA macros by default in all Office applications, weeks after temporarily announcing plans to roll back the change.

Read details: https://thehackernews.com/2022/07/microsoft-resumes-blocking-office-vba.html

"Roaming Mantis" financial hackers have been linked to a fresh wave of mobile malware attacks targeting French mobile users after they expanded their attacks to European countries.

Read details: https://thehackernews.com/2022/07/roaming-mantis-financial-hackers.html

Magecart hackers took over 3 restaurant ordering platforms — MenuDrive, Harbortouch and InTouchPOS — and stole more than 50,000 payment card records from customers of at least 311 restaurants.

Read details: https://thehackernews.com/2022/07/magecart-hacks-online-food-ordering.html

⚡ Researchers have discovered a new UEFI firmware rootkit malware, dubbed "CosmicStrand," that Chinese hackers have been using for at least 2 years to attack targeted victims in China, Vietnam, Iran and Russia.

Details: https://thehackernews.com/2022/07/experts-uncover-new-cosmicstrand-uefi.html

Microsoft has added default protection against Remote Desktop Protocol (RDP) brute-force attacks in the latest builds for the Windows 11 operating system.

Read details: https://thehackernews.com/2022/07/microsoft-adds-default-protection.html

WARNING: Hackers exploit a new zero-day vulnerability in the PrestaShop platform to attack online shopping sites and steal their customers' payment card data.

Read: https://thehackernews.com/2022/07/hackers-exploit-prestashop-zero-day-to.html

Hackers spreading the SmokeLoader backdoor disguised as free software cracks and serial generation programs are now infecting compromised systems with the "Amadey" malware that steals information.

Read: https://thehackernews.com/2022/07/smokeloader-infecting-targeted-systems.html

Two new critical vulnerabilities, CVE-2022-34907 & CVE-2022-34906, identified in FileWave's mobile device management (MDM) system could allow remote attackers to take full control of devices managed by over 1,000 organizations.

Details: https://thehackernews.com/2022/07/critical-filewave-mdm-flaws-open.html

Cybercriminals are increasingly leveraging WebAssembly (Wasm)-coded cryptocurrency miners to make detection and analysis by conventional antivirus scanners more difficult.

Read details: https://thehackernews.com/2022/07/hackers-increasingly-using-webassembly.html

Cybersecurity researchers have reiterated similarities between the latest variant of LockBit ransomware and BlackMatter, a rebranded variant of the DarkSide ransomware strain that ceased operations in November 2021.

Read: https://thehackernews.com/2022/07/experts-find-similarities-between.html

Microsoft warns that malicious IIS extensions are becoming increasingly popular among cyber criminals as a persistent backdoor to targeted Microsoft Exchange servers.

Read details: https://thehackernews.com/2022/07/malicious-iis-extensions-gaining.html