e-Commerce site hackers are now hiding malicious web-skimming code inside image metadata to covertly steal credit card information entered by visitors.

Read details — https://thehackernews.com/2020/06/image-credit-card-skimmers.html

Russian Hacker Gets 9-Year Jail for Running Online Bazaar of Stolen Credit Cards

Read More: https://thehackernews.com/2020/06/russian-credit-card-hacker.html

Advanced 'StrongPity' hackers return with retooled spyware and new watering hole attacks targeting the Kurdish community in Syria and Turkey for surveillance and intelligence exfiltration.

Read more: https://thehackernews.com/2020/06/strongpity-syria-turkey-hackers.html

EvilQuest — New ransomware is targeting macOS users via pirated apps.

Details: https://thehackernews.com/2020/07/macos-ransomware-attack.html

Besides encrypting files, the malware also comes with capabilities to execute in-memory payloads, create reverse shell, and steal keystrokes & cryptocurrency wallet files.

In case you missed it...

Microsoft releases urgent Windows software updates to patch two high-risk RCE vulnerabilities affecting hundreds of millions of Windows10 and Server users.

Details: https://thehackernews.com/2020/07/windows-security-update.html

WATCH OUT, Sysadmins!

Critical flaws (CVE-2020-9498, CVE-2020-9497) discovered in Apache Guacamole—popular remote desktop (RDP) application—could put remote Windows and Linux systems at risk of hacking.

Read more ➤ https://thehackernews.com/2020/07/apache-guacamole-hacking.html

European and British police have arrested 746 alleged drug dealers and other criminals after infiltrating into a global EncroChat ENCRYPTED CHAT NETWORK that was used to plot drug deals, money laundering, extortion, and even murders.

Read More: https://thehackernews.com/2020/07/encrochat-encrypted-phone.html

Critical Unauthorized RCE Vulnerability (CVE-2020-5902 with CVSS Score 10/10) Affects F5's BIG-IP Application Security Servers Used in large Enterprises, Data Centers, and Cloud Computing Environments.

Details — https://thehackernews.com/2020/07/f5-big-ip-application-security.html

Apply Newly Released Patch Updates ASAP!

< Project Freta 🔥 >

Microsoft launches a new free, cloud-based Linux forensics tool that analyzes virtual machine (VM) snapshots for evidence of sabotage — including rootkits, kernel-level compromises & other advanced malware.

Read Details: https://thehackernews.com/2020/07/microsoft-linux-forensics-rootkit.html

Citrix Releases Critical Software Patches for 11 New Security Vulnerabilities Affecting ADC, Gateway, and SD-WAN WANOP Appliances.

Read More: https://thehackernews.com/2020/07/citrix-software-security-update.html

WATCH OUT!

Eleven new innocent-looking Android apps loaded with 'billing fraud' Joker malware ONCE AGAIN bypass Google's security protections, aiming to infect millions via Play Store.

Read more: https://thehackernews.com/2020/07/joker-android-mobile-virus.html

Updated Tor browser versions 0.3.5.11, 0.4.2.8, and 0.4.3.6 have been released with patches for a medium-severity denial of service vulnerability and several minor security issues.

https://blog.torproject.org/node/1900

Considering the broken state of certificate revocation process & related safety checks, Firefox has updated #Mozilla’s Root Store Policy to reduce the maximum lifetime of TLS certificates from 825 days to 398 days to protect HTTPS connections.

https://blog.mozilla.org/security/2020/07/09/reducing-tls-certificate-lifespans-to-398-days/

An unpatched critical zero-day arbitrary code execution vulnerability has been discovered in Zoom video conferencing software exploitable on Microsoft Windows 7 or older operating system.

Details: https://thehackernews.com/2020/07/zoom-windows-security.html

WARNING — Dear Indian TikTokers, if you now have an account on 🔥 Chingari, THEN BEWARE! Anyone in seconds can HIJACK your Chingari account.

Details: https://thehackernews.com/2020/07/hack-chingari-app-account.html

Like the 'Mitron' app (another viral TikTok clone), Chingari also suffers from an auth bypass flaw.

A newly disclosed highly-critical vulnerability (CVE-2020-6287 with CVSS score 10 out of 10) residing in SAP's Java-based solutions could let attackers compromise affected corporate servers.

https://thehackernews.com/2020/07/sap-netweaver-vulnerability.html

Patches are now available.

Adobe is today rolling out its July 2020 set of critical security patches for 13 new software vulnerabilities affecting:

✅ Creative Cloud Desktop App
✅ Media Encoder
✅ Genuine Service
✅ ColdFusion
✅ Download Manager

Story — https://thehackernews.com/2020/07/adobe-security-patch-july.html

WARNING 🔥 CVE-2020-1350 (CVSS 10)

A critical 17-year-old 'wormable' RCE vulnerability affects Windows DNS Servers (2013 to 2019 editions) that could let unauthenticated hackers gain 'Domain Admin' privileges on the targeted servers.

Researchers confirm the new Windows vulnerability, dubbed 'SigRed,' is a wormable bug, allowing attackers to launch #malware attacks that can spread from one vulnerable computer to another without any human interaction.

Details — https://thehackernews.com/2020/07/windows-dns-server-hacking.html

Wait, we're not yet done with this month's Patch Tuesday!

Oracle releases critical updates for 443 new vulnerabilities affecting dozens of its software products, out of which at least 120 bugs have scored 8 or above out of 10 on the CVSS severity scale.

https://www.oracle.com/security-alerts/cpujul2020.html

Apache today released updated versions of Tomcat Server to patch two DoS vulnerabilities residing in the WebSocket (CVE-2020-13935) and HTTP/2 (CVE-2020-13934) implementations.

http://mail-archives.us.apache.org/mod_mbox/www-announce/202007.mbox/%3C39e4200c-6f4e-b85d-fe4b-a9c2bd5fdc3d%40apache.org%3E

http://mail-archives.us.apache.org/mod_mbox/www-announce/202007.mbox/%3Cad62f54e-8fd7-e326-25f1-3bdf1ffa3818%40apache.org%3E