Google releases an important update for the Chrome browser for Mac, Linux, and Windows systems to patch several new vulnerabilities, including a zero-day that is being exploited for attacks.

Read details: https://thehackernews.com/2022/08/new-google-chrome-zero-day.html

Researchers have spotted a new Android dropper trojan that's currently in development, designed to bypass Google's new security mechanisms introduced with the latest Android 13.

Details: https://thehackernews.com/2022/08/cybercriminals-developing-bugdrop.html

Apple releases security updates for iOS, iPadOS, and macOS platforms to fix two new zero-day vulnerabilities that are exploited by threat actors to compromise users.

Read: https://thehackernews.com/2022/08/apple-releases-security-updates-to.html

Hackers associated with BazarLoader, TrickBot, and IcedID are increasingly using the Bumblebee malware loader in their campaigns to breach target networks for post-exploitation activities.

Read: https://thehackernews.com/2022/08/hackers-using-bumblebee-loader-to.html

Researchers confirm that Chinese APT41 hackers attacked at least 13 organizations in the U.S., Taiwan, India, Vietnam, and China during four separate campaigns in 2021.

Read details: https://thehackernews.com/2022/08/china-backed-apt41-hackers-targeted-13.html

Researchers detail DarkTortilla, an evasive crypter used by hackers to spread a broad array of commodity malware and targeted payloads such as Cobalt Strike and Metasploit, likely since 2015.

Read details: https://thehackernews.com/2022/08/researchers-detail-evasive-darktortilla.html

Researchers have discovered a new high-severity vulnerability in the Amazon Ring app for Android, allowing rogue apps to access sensitive information.

Read details: https://thehackernews.com/2022/08/new-amazon-ring-vulnerability-could.html

Google says it has fended off the largest ever HTTPS-based distributed denial of service (DDoS) attack to date, which peaked at 46 million requests per second.

Read details: https://thehackernews.com/2022/08/google-cloud-blocks-record-ddos-attack.html

An ongoing wave of malware attacks targeting hospitality, hotel, and travel organizations has been tied to a financially motivated cybercrime group.

Read details: https://thehackernews.com/2022/08/cybercrime-group-ta558-targeting.html

CISA has updated its Known Exploited Vulnerabilities Catalog with 7 new vulnerabilities based on evidence of active exploitation.

Read details: https://thehackernews.com/2022/08/cisa-adds-7-new-actively-exploited.html

CVE-2017-15944, CVE-2022-21971, CVE-2022-26923, CVE-2022-2856, CVE-2022-32893, CVE-2022-32894, CVE-2022-22536

A new Grandoreiro banking trojan campaign has been spotted targeting manufacturers in Spanish-speaking countries such as Spain and Mexico.

Read details: https://thehackernews.com/2022/08/new-grandoreiro-banking-malware.html

Researchers have uncovered multiple vulnerabilities in ultra-wideband (UWB) real-time location systems (RTLS) that allow threat actors to launch adversary-in-the-middle (AitM) attacks and manipulate location data.

Read details: https://thehackernews.com/2022/08/rtls-systems-found-vulnerable-to-mitm.html

Researchers have discovered counterfeit Android phones of popular smartphone brands are pre-infected with multiple trojans designed to target WhatsApp and WhatsApp Business.

Read details: https://thehackernews.com/2022/08/researchers-find-counterfeit-phones.html

U.S. cybersecurity agency CISA warns of active exploitation of a high-severity reflected/amplified DoS attack vulnerability (CVE-2022-0028) in Palo Alto Networks' PAN-OS.

Read details: https://thehackernews.com/2022/08/cisa-warns-of-active-exploitation-of.html

Researchers have developed a new Air-Gap attack in which attackers can exfiltrate sensitive information from air-gapped computers to smartphones located a few meters away via Speakers-to-Gyroscope covert channel.

Details: https://thehackernews.com/2022/08/new-air-gap-attack-uses-mems-gyroscope.html

Iranian hackers (UNC3890) have been linked to a series of attacks aimed at Israeli shipping, government, energy, and healthcare organizations as part of an espionage-focused campaign.

Read details: https://thehackernews.com/2022/08/suspected-iranian-hackers-targeted.html

Hackers have updated the nasty XCSSET malware to add support for macOS Monterey by updating the source code components to Python 3.

Read details: https://thehackernews.com/2022/08/xcsset-malware-updates-with-python-3-to.html

Google reveals a new malicious tool used by Iranian government-backed hackers to retrieve user data from compromised Gmail, Yahoo! and Microsoft Outlook accounts.

Read details: https://thehackernews.com/2022/08/google-uncovers-tool-used-by-iranian.html

DevOps platform GitLab releases patches to fix a critical vulnerability in its software that could lead to the execution of arbitrary code on affected systems.

Read details: https://thehackernews.com/2022/08/gitlab-issues-patch-for-critical-flaw.html

Researchers discovered another large-scale adversary-in-the-middle (AiTM) campaign targeting Google Workspace enterprise users with advanced phishing kits that bypass multi-factor authentication.

Read details: https://thehackernews.com/2022/08/researchers-warn-of-aitm-attack.html