Google has introduced a new bug bounty program for its open source projects, with payouts ranging from $100 to $31,337 to protect the ecosystem from supply chain attacks.

Read details: https://thehackernews.com/2022/08/google-launches-new-open-source-bug.html

A persistent Golang-based malware campaign is leveraging the deep field image taken from NASA's James Webb Space Telescope (JWST) as bait to install malicious payloads on infected systems.

Read details: https://thehackernews.com/2022/08/hackers-hide-malware-in-stunning-images.html

Researchers uncover malicious Chrome browser extensions with a total install base of over 1,400,000 that are masquerading as Netflix viewers and profiting from retail affiliate programs.

Read details: https://thehackernews.com/2022/08/experts-find-malicious-cookie-stuffing.html

Apple has backported a security patch to older iPhones, iPads and iPod touch models to address a critical vulnerability that has been actively exploited in the wild.

Read details — https://thehackernews.com/2022/09/apple-releases-ios-update-for-older.html

A newly reported "high severity vulnerability" in the TikTok app for Android could have allowed attackers to take over accounts.

Read details: https://thehackernews.com/2022/09/microsoft-discover-severe-one-click.html

Researchers have found that the attack infrastructure used to hack Cisco in May 2022 was also used to attack the holding company of an unnamed large workforce management solutions company.

Read details: https://thehackernews.com/2022/09/infra-used-in-cisco-hack-also-targeted.html

Researchers have identified over 1,800 apps for Android and iOS containing hard-coded Amazon Web Services (AWS) credentials, posing a major security risk.

Read details: https://thehackernews.com/2022/09/over-1800-android-and-ios-apps-found.html

Researchers detail the operations and techniques used by the operators of the emerging cross-platform BianLian ransomware.

Read details: https://thehackernews.com/2022/09/researchers-detail-emerging-cross.html

Google Chrome as well as Chromium-based alternative web browsers have a "major" security issue that could allow malicious websites to overwrite the contents of the system clipboard without the user's consent.

Details: https://thehackernews.com/2022/09/google-chrome-bug-lets-sites-silently.html

Researchers have found functional similarities between a malicious component used in the Raspberry Robin infection chain and a Dridex malware loader, further strengthening the operators' ties to the Russia-based Evil Corp group.

Read: https://thehackernews.com/2022/09/new-evidence-links-raspberry-robin.html

WATCH OUT!

PyPI, Python Package Index, automatically executes code on the system when developers merely download a package.

⅓ of PyPI packages use the feature.

Using it hackers can achieve higher infection rates in supply-chain attacks.

https://thehackernews.com/2022/09/warning-pypi-feature-executes-code.html

Researchers discover a backdoor in the "Prynt information stealing malware" that its creator added to secretly steal a copy of victims' data exfiltrated by other cybercriminals.

Read details: https://thehackernews.com/2022/09/prynt-stealer-contains-backdoor-to.html

Samsung suffered a data breach that exposed personal information of some of its U.S. customers.

Read: https://thehackernews.com/2022/09/samsung-admits-data-breach-that-exposed.html

Google has released an urgent update for the Chrome browser for Windows, Mac, and Linux systems to patch a newly discovered zero-day vulnerability that attackers are exploiting in the wild.

Read details: https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html

A new version of the notorious SharkBot Android banking trojan has once again made its way into the Google Play Store by disguising itself as an antivirus and cleaner app.

Read details: https://thehackernews.com/2022/09/fake-antivirus-and-cleaner-apps-caught.html

TikTok has denied reports of a data breach after a hacker group claimed to have gained access to information on two billion of its users.

Read details: https://thehackernews.com/2022/09/tiktok-denies-data-breach-reportedly.html

QNAP has issued an advisory urging NAS device users to update Photo Station software to the latest available version after discovering another DeadBolt ransomware attack exploiting a zero-day vulnerability.

Read details: https://thehackernews.com/2022/09/qnap-warns-of-new-deadbolt-ransomware.html

Researchers have discovered a new Android spyware that is capable of collecting extensive information and is distributed under the guise of a book that likely targets the Uyghur community in China.

Details: https://thehackernews.com/2022/09/researchers-find-new-android-spyware.html

Researchers have identified a new phishing-as-a-service (PhaaS) called "EvilProxy" that is being promoted in the dark web as a way for cybercriminals to bypass security measures employed by online services.

Read: https://thehackernews.com/2022/09/new-evilproxy-phishing-service-allowing.html

Researchers uncover "TeslaGun," a previously undocumented software control panel used by the financially motivated cybercrime group TA505 to manage its "ServHelper" backdoor malware attacks.

Read details: https://thehackernews.com/2022/09/ta505-hackers-using-teslagun-panel-to.html