BlueLeaks 💧

A group of hacktivists leaked massive 269 GB of data allegedly stolen from more than 200 #police departments, fusion centers, and other law enforcement agencies across the United States.

Details : https://thehackernews.com/2020/06/law-enforcement-data-breach.html

Watch Out 🔥

Hackers are abusing Google Analytics service to bypass CSP web-security feature and steal Credit Card or other information entered by users on the hacked sites.

Learn how it works — https://thehackernews.com/2020/06/google-analytics-hacking.html

👇 New Privacy Features Apple Added to the Upcoming iOS 14 and macOS Big Sur Releases:

✅ Approximate location
✅ Password Monitoring
✅ Privacy Report
✅ Camera/Mic Recording Indicator
✅ Control On Cross-App Tracking
✅ and more...

Details — https://thehackernews.com/2020/06/ios14-macos-big-sur-privacy.html

Critical Vulnerabilities Found in GeoVision's Fingerprint and Card Scanners:

✅ Remote Code Execution (Unpatched)
✅ Hardcoded Shared Cryptographic Private Keys
✅ Root Backdoor Account
✅ Unauthorized Code Execution

Read details — https://thehackernews.com/2020/06/geovision-scanner-vulnerabilities.html

Over 2,500 affected devices accessible over the Internet as well.

(New) Attackers distributed several Docker images containing cryptocurrency-mining malware via Docker Hub to earn thousands of dollars.

Find details here: https://thehackernews.com/2020/06/cryptocurrency-docker-image.html

U.S government has filed a superseding indictment against WikiLeaks founder Julian Assange, accusing him of collaborating with LulzSec and Anonymous hacking groups.

Read: https://thehackernews.com/2020/06/wikileaks-lulzsec-anonymous-hackers.html

22-Year-Old Washington-based hacker has been sentenced to 13 months in prison for his role in creating 'Satori' IoT botnet malware — one of the successors of Mirai botnet — and compromising thousands of systems to launch DDoS attacks against various online services.

Read more: https://thehackernews.com/2020/06/ddos-botnet-hacker-jailed.html

e-Commerce site hackers are now hiding malicious web-skimming code inside image metadata to covertly steal credit card information entered by visitors.

Read details — https://thehackernews.com/2020/06/image-credit-card-skimmers.html

Russian Hacker Gets 9-Year Jail for Running Online Bazaar of Stolen Credit Cards

Read More: https://thehackernews.com/2020/06/russian-credit-card-hacker.html

Advanced 'StrongPity' hackers return with retooled spyware and new watering hole attacks targeting the Kurdish community in Syria and Turkey for surveillance and intelligence exfiltration.

Read more: https://thehackernews.com/2020/06/strongpity-syria-turkey-hackers.html

EvilQuest — New ransomware is targeting macOS users via pirated apps.

Details: https://thehackernews.com/2020/07/macos-ransomware-attack.html

Besides encrypting files, the malware also comes with capabilities to execute in-memory payloads, create reverse shell, and steal keystrokes & cryptocurrency wallet files.

In case you missed it...

Microsoft releases urgent Windows software updates to patch two high-risk RCE vulnerabilities affecting hundreds of millions of Windows10 and Server users.

Details: https://thehackernews.com/2020/07/windows-security-update.html

WATCH OUT, Sysadmins!

Critical flaws (CVE-2020-9498, CVE-2020-9497) discovered in Apache Guacamole—popular remote desktop (RDP) application—could put remote Windows and Linux systems at risk of hacking.

Read more ➤ https://thehackernews.com/2020/07/apache-guacamole-hacking.html

European and British police have arrested 746 alleged drug dealers and other criminals after infiltrating into a global EncroChat ENCRYPTED CHAT NETWORK that was used to plot drug deals, money laundering, extortion, and even murders.

Read More: https://thehackernews.com/2020/07/encrochat-encrypted-phone.html

Critical Unauthorized RCE Vulnerability (CVE-2020-5902 with CVSS Score 10/10) Affects F5's BIG-IP Application Security Servers Used in large Enterprises, Data Centers, and Cloud Computing Environments.

Details — https://thehackernews.com/2020/07/f5-big-ip-application-security.html

Apply Newly Released Patch Updates ASAP!

< Project Freta 🔥 >

Microsoft launches a new free, cloud-based Linux forensics tool that analyzes virtual machine (VM) snapshots for evidence of sabotage — including rootkits, kernel-level compromises & other advanced malware.

Read Details: https://thehackernews.com/2020/07/microsoft-linux-forensics-rootkit.html

Citrix Releases Critical Software Patches for 11 New Security Vulnerabilities Affecting ADC, Gateway, and SD-WAN WANOP Appliances.

Read More: https://thehackernews.com/2020/07/citrix-software-security-update.html

WATCH OUT!

Eleven new innocent-looking Android apps loaded with 'billing fraud' Joker malware ONCE AGAIN bypass Google's security protections, aiming to infect millions via Play Store.

Read more: https://thehackernews.com/2020/07/joker-android-mobile-virus.html

Updated Tor browser versions 0.3.5.11, 0.4.2.8, and 0.4.3.6 have been released with patches for a medium-severity denial of service vulnerability and several minor security issues.

https://blog.torproject.org/node/1900

Considering the broken state of certificate revocation process & related safety checks, Firefox has updated #Mozilla’s Root Store Policy to reduce the maximum lifetime of TLS certificates from 825 days to 398 days to protect HTTPS connections.

https://blog.mozilla.org/security/2020/07/09/reducing-tls-certificate-lifespans-to-398-days/