Google has now decided to reverse a recent change that removed the Android "App Permissions" list from the Google Play Store, and also to keep the "Data safety" section.

Read details: https://thehackernews.com/2022/07/google-bringing-android-app-permissions.html

SonicWall has released patches for a critical SQL injection bug (CVE-2022-22280) affecting its Analytics On-Prem and Global Management System (GMS) products.

Read details: https://thehackernews.com/2022/07/sonicwall-issues-patch-for-critical-bug.html

Microsoft has officially resumed blocking VBA macros by default in all Office applications, weeks after temporarily announcing plans to roll back the change.

Read details: https://thehackernews.com/2022/07/microsoft-resumes-blocking-office-vba.html

"Roaming Mantis" financial hackers have been linked to a fresh wave of mobile malware attacks targeting French mobile users after they expanded their attacks to European countries.

Read details: https://thehackernews.com/2022/07/roaming-mantis-financial-hackers.html

Magecart hackers took over 3 restaurant ordering platforms — MenuDrive, Harbortouch and InTouchPOS — and stole more than 50,000 payment card records from customers of at least 311 restaurants.

Read details: https://thehackernews.com/2022/07/magecart-hacks-online-food-ordering.html

⚡ Researchers have discovered a new UEFI firmware rootkit malware, dubbed "CosmicStrand," that Chinese hackers have been using for at least 2 years to attack targeted victims in China, Vietnam, Iran and Russia.

Details: https://thehackernews.com/2022/07/experts-uncover-new-cosmicstrand-uefi.html

Microsoft has added default protection against Remote Desktop Protocol (RDP) brute-force attacks in the latest builds for the Windows 11 operating system.

Read details: https://thehackernews.com/2022/07/microsoft-adds-default-protection.html

WARNING: Hackers exploit a new zero-day vulnerability in the PrestaShop platform to attack online shopping sites and steal their customers' payment card data.

Read: https://thehackernews.com/2022/07/hackers-exploit-prestashop-zero-day-to.html

Hackers spreading the SmokeLoader backdoor disguised as free software cracks and serial generation programs are now infecting compromised systems with the "Amadey" malware that steals information.

Read: https://thehackernews.com/2022/07/smokeloader-infecting-targeted-systems.html

Two new critical vulnerabilities, CVE-2022-34907 & CVE-2022-34906, identified in FileWave's mobile device management (MDM) system could allow remote attackers to take full control of devices managed by over 1,000 organizations.

Details: https://thehackernews.com/2022/07/critical-filewave-mdm-flaws-open.html

Cybercriminals are increasingly leveraging WebAssembly (Wasm)-coded cryptocurrency miners to make detection and analysis by conventional antivirus scanners more difficult.

Read details: https://thehackernews.com/2022/07/hackers-increasingly-using-webassembly.html

Cybersecurity researchers have reiterated similarities between the latest variant of LockBit ransomware and BlackMatter, a rebranded variant of the DarkSide ransomware strain that ceased operations in November 2021.

Read: https://thehackernews.com/2022/07/experts-find-similarities-between.html

Microsoft warns that malicious IIS extensions are becoming increasingly popular among cyber criminals as a persistent backdoor to targeted Microsoft Exchange servers.

Read details: https://thehackernews.com/2022/07/malicious-iis-extensions-gaining.html

Researchers have discovered a new infostealer malware, dubbed "DUCKTAIL," targeting individuals and organizations operating Facebook’s Business and Ads accounts.

Read details: https://thehackernews.com/2022/07/new-ducktail-infostealer-malware.html

Researchers have discovered dozens of malware-infected Android apps that have been downloaded more than 10 million times from the Google Play Store.

Read details: https://thehackernews.com/2022/07/these-28-android-apps-with-10-million.html

U.S. State Department has announced rewards of up to $10 MILLION for information that could help disrupt North Korea's cryptocurrency theft, cyber espionage, and other illicit state-sponsored activities.

Details: https://thehackernews.com/2022/07/us-offers-10-million-reward-for.html

LibreOffice has released security updates to address 3 new vulnerabilities in the productivity software for Windows, macOS and Linux systems, one of which could be exploited to execute arbitrary code on affected systems.

Read: https://thehackernews.com/2022/07/libreoffice-releases-software-security.html

Microsoft researchers caught an Austrian company exploiting multiple Windows and Adobe zero-days in highly-targeted attacks against European and Central American entities.

Read: https://thehackernews.com/2022/07/microsoft-uncover-austrian-company.html

Google has once again postponed its plans to turn off third-party cookies in the Chrome web browser from the end of 2023 to the second half of 2024.

Read details: https://thehackernews.com/2022/07/google-delays-blocking-3rd-party.html

Researchers warn that a recently discovered critical vulnerability in Atlassian Confluence (CVE-2022-26138) is currently being exploited in the wild.

Read: https://thehackernews.com/2022/07/latest-critical-atlassian-confluence.html