Okta Hackers behind the cyberattacks on Twilio and Cloudflare earlier this month have been linked to a broader campaign that compromised 9,931 accounts at 136 organizations.

Read details: https://thehackernews.com/2022/08/okta-hackers-behind-twilio-and.html

Nation-state threat actors are increasingly adopting and integrating the "Sliver" command-and-control (C2) framework into their intrusion campaigns as a replacement for Cobalt Strike.

Read details: https://thehackernews.com/2022/08/cybercrime-groups-increasingly-adopting.html

Iranian state-sponsored hacker 'MERCURY' are leaving no stone unturned to exploit unpatched systems with Log4j to target Israeli entities, suggesting that the vulnerability's long tail for remediation.

Read details: https://thehackernews.com/2022/08/iranian-hackers-exploiting-unpatched.html

CISA has added 10 actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including flaws in dotCMS, CouchDB, WebRTC, iOS, macOS, and Delta Electronics' industrial automation #software.

Details: https://thehackernews.com/2022/08/cisa-adds-10-new-known-actively.html

Twilio says hackers also gained access to the two-factor authentication (2FA) Authy accounts of 93 users in a recent security breach.

Read details: https://thehackernews.com/2022/08/twilio-breach-also-compromised-authy.html

Researchers uncover an active cryptocurrency mining campaign that infected over 111,000 victims in 11 countries using fake software disguised as installers for popular applications.

Read details: https://thehackernews.com/2022/08/nitrokod-crypto-miner-infected-over.html

A new ransomware strain written in Golang dubbed "Agenda", which comes with the ability to customize binary payloads for individual victims, has been spotted in the wild targeting healthcare and education entities.

Details: https://thehackernews.com/2022/08/new-golang-based-agenda-ransomware-can.html

The U.S. Federal Trade Commission (FTC) has filed suit against Kochava, a location data broker, for collecting and selling precise geolocation data gathered from hundreds of millions of consumers' mobile devices.

Details: https://thehackernews.com/2022/08/ftc-sues-data-broker-over-selling.html

India's newest commercial airline, "Akasa Air," has had its customers' personal data exposed, which the company attributes to a technical configuration error.

Read details: https://thehackernews.com/2022/08/indias-newest-airline-akasa-air-suffers.html

Researchers uncover three related but distinct campaigns that spread malware such as ModernLoader, RedLine stealer, and cryptocurrency miners.

Read: https://thehackernews.com/2022/08/hackers-use-modernloader-to-infect.html

A Chinese hacker group conducted a months-long cyberespionage campaign against several entities using ScanBox Reconnaissance Framework to gather information about its victims.

Read details: https://thehackernews.com/2022/08/chinese-hackers-used-scanbox-framework.html

Google has introduced a new bug bounty program for its open source projects, with payouts ranging from $100 to $31,337 to protect the ecosystem from supply chain attacks.

Read details: https://thehackernews.com/2022/08/google-launches-new-open-source-bug.html

A persistent Golang-based malware campaign is leveraging the deep field image taken from NASA's James Webb Space Telescope (JWST) as bait to install malicious payloads on infected systems.

Read details: https://thehackernews.com/2022/08/hackers-hide-malware-in-stunning-images.html

Researchers uncover malicious Chrome browser extensions with a total install base of over 1,400,000 that are masquerading as Netflix viewers and profiting from retail affiliate programs.

Read details: https://thehackernews.com/2022/08/experts-find-malicious-cookie-stuffing.html

Apple has backported a security patch to older iPhones, iPads and iPod touch models to address a critical vulnerability that has been actively exploited in the wild.

Read details — https://thehackernews.com/2022/09/apple-releases-ios-update-for-older.html

A newly reported "high severity vulnerability" in the TikTok app for Android could have allowed attackers to take over accounts.

Read details: https://thehackernews.com/2022/09/microsoft-discover-severe-one-click.html

Researchers have found that the attack infrastructure used to hack Cisco in May 2022 was also used to attack the holding company of an unnamed large workforce management solutions company.

Read details: https://thehackernews.com/2022/09/infra-used-in-cisco-hack-also-targeted.html

Researchers have identified over 1,800 apps for Android and iOS containing hard-coded Amazon Web Services (AWS) credentials, posing a major security risk.

Read details: https://thehackernews.com/2022/09/over-1800-android-and-ios-apps-found.html

Researchers detail the operations and techniques used by the operators of the emerging cross-platform BianLian ransomware.

Read details: https://thehackernews.com/2022/09/researchers-detail-emerging-cross.html

Google Chrome as well as Chromium-based alternative web browsers have a "major" security issue that could allow malicious websites to overwrite the contents of the system clipboard without the user's consent.

Details: https://thehackernews.com/2022/09/google-chrome-bug-lets-sites-silently.html