Researchers discovered another large-scale adversary-in-the-middle (AiTM) campaign targeting Google Workspace enterprise users with advanced phishing kits that bypass multi-factor authentication.

Read details: https://thehackernews.com/2022/08/researchers-warn-of-aitm-attack.html

Researchers uncover a widespread campaign in which hackers use compromised WordPress sites to display fraudulent Cloudflare DDoS protection pages and spread malware such as NetSupport RAT and Raccoon Stealer.

Details: https://thehackernews.com/2022/08/hackers-using-fake-ddos-protection.html

Researchers have demonstrated a new AIR-GAP data exfiltration technique in which malware uses network interface card (NIC) LEDs to transmit covert Morse code signals that can be decoded from tens to hundreds of meters away.

Read details: https://thehackernews.com/2022/08/air-gapped-devices-can-send-covert.html

A growing number of cybercriminals have begun using the peer-to-peer instant messaging service Tox as a command-and-control method for cryptocurrency mining #malware.

Read: https://thehackernews.com/2022/08/crypto-miners-using-tox-p2p-messenger.html

PyPI repository has sounded the alarm about an ongoing phishing campaign aimed at stealing developers' credentials and injecting malicious updates into legitimate Python packages.

Read details: https://thehackernews.com/2022/08/pypi-repository-warns-python-project.html

Microsoft uncovered “MagicWeb,” a new "highly-targeted" post-exploitation malware used by the Nobelium APT hackers to maintain persistent access to compromised environments.

Read details: https://thehackernews.com/2022/08/microsoft-uncovers-new-post-compromise.html

Researchers uncover malware and infrastructure of North Korean Kimusky hackers targeting South Korean politicians and diplomats.

Read details: https://thehackernews.com/2022/08/researchers-uncover-kimusky-infra.html

Okta Hackers behind the cyberattacks on Twilio and Cloudflare earlier this month have been linked to a broader campaign that compromised 9,931 accounts at 136 organizations.

Read details: https://thehackernews.com/2022/08/okta-hackers-behind-twilio-and.html

Nation-state threat actors are increasingly adopting and integrating the "Sliver" command-and-control (C2) framework into their intrusion campaigns as a replacement for Cobalt Strike.

Read details: https://thehackernews.com/2022/08/cybercrime-groups-increasingly-adopting.html

Iranian state-sponsored hacker 'MERCURY' are leaving no stone unturned to exploit unpatched systems with Log4j to target Israeli entities, suggesting that the vulnerability's long tail for remediation.

Read details: https://thehackernews.com/2022/08/iranian-hackers-exploiting-unpatched.html

CISA has added 10 actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including flaws in dotCMS, CouchDB, WebRTC, iOS, macOS, and Delta Electronics' industrial automation #software.

Details: https://thehackernews.com/2022/08/cisa-adds-10-new-known-actively.html

Twilio says hackers also gained access to the two-factor authentication (2FA) Authy accounts of 93 users in a recent security breach.

Read details: https://thehackernews.com/2022/08/twilio-breach-also-compromised-authy.html

Researchers uncover an active cryptocurrency mining campaign that infected over 111,000 victims in 11 countries using fake software disguised as installers for popular applications.

Read details: https://thehackernews.com/2022/08/nitrokod-crypto-miner-infected-over.html

A new ransomware strain written in Golang dubbed "Agenda", which comes with the ability to customize binary payloads for individual victims, has been spotted in the wild targeting healthcare and education entities.

Details: https://thehackernews.com/2022/08/new-golang-based-agenda-ransomware-can.html

The U.S. Federal Trade Commission (FTC) has filed suit against Kochava, a location data broker, for collecting and selling precise geolocation data gathered from hundreds of millions of consumers' mobile devices.

Details: https://thehackernews.com/2022/08/ftc-sues-data-broker-over-selling.html

India's newest commercial airline, "Akasa Air," has had its customers' personal data exposed, which the company attributes to a technical configuration error.

Read details: https://thehackernews.com/2022/08/indias-newest-airline-akasa-air-suffers.html

Researchers uncover three related but distinct campaigns that spread malware such as ModernLoader, RedLine stealer, and cryptocurrency miners.

Read: https://thehackernews.com/2022/08/hackers-use-modernloader-to-infect.html

A Chinese hacker group conducted a months-long cyberespionage campaign against several entities using ScanBox Reconnaissance Framework to gather information about its victims.

Read details: https://thehackernews.com/2022/08/chinese-hackers-used-scanbox-framework.html

Google has introduced a new bug bounty program for its open source projects, with payouts ranging from $100 to $31,337 to protect the ecosystem from supply chain attacks.

Read details: https://thehackernews.com/2022/08/google-launches-new-open-source-bug.html

A persistent Golang-based malware campaign is leveraging the deep field image taken from NASA's James Webb Space Telescope (JWST) as bait to install malicious payloads on infected systems.

Read details: https://thehackernews.com/2022/08/hackers-hide-malware-in-stunning-images.html