(NEW) Magecart hackers implant (still there, unpatched and stealing) digital creditcard skimming code on three emergency services-related content and forum websites via misconfigured Amazon S3 buckets.

Read more: https://thehackernews.com/2020/06/magecart-skimmer-amazon.html

SMBleed — A new security vulnerability (CVE-2020-1206) affects Windows SMBv3 protocol.

Details + PoC: https://thehackernews.com/2020/06/SMBleed-smb-vulnerability.html

An unauthenticated attacker (client/server) can also combine it with the "wormable" SMBGhost flaw to achieve RCE attacks.

~ June 2020 Patch Tuesday ~

Microsoft today released security patches for a total of 129 newly discovered vulnerabilities affecting various versions of Windows operating system and related software.

Find details here: https://thehackernews.com/2020/06/windows-update-june.html

The Citizen Lab today outed an Indian IT firm 'BellTroX InfoTech' that was hired by private investigators and commercial clients to hack (and spy on) politicians, investors, journalists, and human rights defenders worldwide.

https://thehackernews.com/2020/06/hacker-for-hire-belltrox-india.html

Modern Intel processors found vulnerable to 2 new, distinct SGX side-channel attacks — "CrossTalk" (CVE-2020-0543) and "SGAxe" — that could let attackers tamper/steal sensitive data guarded within blocks of secured memory (TEE and SGX).

Read more: https://thehackernews.com/2020/06/intel-sgaxe-crosstalk-attacks.html

A Bug in Facebook Messenger App for Windows Could've Helped Malware Gain Persistence
https://thehackernews.com/2020/06/facebook-malware-persistence.html

Make Sure You're Running the Latest Updated Version of the Messenger.

The light is WATCHING you !!! (👁️💡👁️)

Experts demonstrate a new attack that could let nearby remote spies listen to full conversations happening in a room just by observing a LIGHT BULB hanging in there, visible from a window.

Read Details — https://thehackernews.com/2020/06/lamphone-light-bulb-spy.html

New high-impact vulnerabilities in GTP Mobile Internet Protocol — used in 2G / 3G / 4G / 5G networks — could let remote attackers:

✅ intercept user data
✅ carry out impersonation
✅ perform fraud
✅ launch DoS attacks

Read details — https://thehackernews.com/2020/06/mobile-internet-hacking.html

If your business operations rely on Oracle's E-Business Suite, make sure you're running the latest available version of it.

Researchers warn of "BigDebIT" vulnerabilities (9.9 CVSS score) that they suspect many organizations haven't yet patched.

https://thehackernews.com/2020/06/oracle-e-business-suite.html

⚡ Ripple 20 — New vulnerabilities affect billions of Internet-connected devices, many of which used across critical infrastructures.

Details: https://thehackernews.com/2020/06/new-critical-flaws-put-billions-of.html

The flaws could let remote attackers hijack affected devices &, subsequently, target other connected devices.

Hackers found targeting key employees at Aerospace and Military organizations by posing as HRs offering jobs via LinkedIn.

Read more about "Operation In(ter)ception" — https://thehackernews.com/2020/06/military-aerospace-hacking.html

Though the primary purpose of the attack was cyber espionage, in some cases, they even tried siphoning money through BEC scams.

Just-in: PATCH NOW !!!

Drupal releases updated versions (7.72, 8.8.8, 8.9.1 and 9.0.1) of its CMS software to patch 3 critical vulnerabilities:

✅ RCE (CVE-2020-13664),
✅ CSRF (CVE-2020-13663),
✅ Access bypass (CVE-2020-13665)

Details: https://www.drupal.org/security

Using VLC?

Researcher Tommy Muir found multiple critical vulnerabilities in the highly popular media player that could let attackers compromise systems by convincing users into playing malicious files or streams.

https://www.videolan.org/security/sb-vlc3011.html

Update it immediately to version 3.0.11.

Cybersecurity researchers today uncovered modus operandi of an elusive "InvisiMole hacking group" that recently been found targeting high-profile military and diplomatic entities for espionage.

https://thehackernews.com/2020/06/invisimole-hackers.html

Over 100 browser extensions distributed through Google Chrome Web Store have been caught stealing sensitive user data as part of a massive global surveillance campaign.

Read details: https://thehackernews.com/2020/06/chrome-browser-extensions-spying.html

BlueLeaks 💧

A group of hacktivists leaked massive 269 GB of data allegedly stolen from more than 200 #police departments, fusion centers, and other law enforcement agencies across the United States.

Details : https://thehackernews.com/2020/06/law-enforcement-data-breach.html

Watch Out 🔥

Hackers are abusing Google Analytics service to bypass CSP web-security feature and steal Credit Card or other information entered by users on the hacked sites.

Learn how it works — https://thehackernews.com/2020/06/google-analytics-hacking.html

👇 New Privacy Features Apple Added to the Upcoming iOS 14 and macOS Big Sur Releases:

✅ Approximate location
✅ Password Monitoring
✅ Privacy Report
✅ Camera/Mic Recording Indicator
✅ Control On Cross-App Tracking
✅ and more...

Details — https://thehackernews.com/2020/06/ios14-macos-big-sur-privacy.html

Critical Vulnerabilities Found in GeoVision's Fingerprint and Card Scanners:

✅ Remote Code Execution (Unpatched)
✅ Hardcoded Shared Cryptographic Private Keys
✅ Root Backdoor Account
✅ Unauthorized Code Execution

Read details — https://thehackernews.com/2020/06/geovision-scanner-vulnerabilities.html

Over 2,500 affected devices accessible over the Internet as well.

(New) Attackers distributed several Docker images containing cryptocurrency-mining malware via Docker Hub to earn thousands of dollars.

Find details here: https://thehackernews.com/2020/06/cryptocurrency-docker-image.html