Cisco just released the latest security advisories describing 33 new vulnerabilities affecting multiple products, out of which:

✅ 5 are CRITICAL (with CVSS score 9.8),
✅ 12 are HIGH, and
✅ 16 are important.

https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities

Stay Calm, and Patch 'Em All!

✅ Microsoft
✅ Cisco
✅ Juniper
✅ Oracle
✅ Zoom
✅ Citrix
✅ SAP
✅ F5
✅ Intel
✅ Adobe
✅ Jenkins
✅ NVIDIA
✅ Apache
✅ Chrome
✅ Android
✅ VMware
✅ Siemens
✅ Rust Lang Crates
✅ Go programming

Happy Patch Week, Everyone.

WATCH OUT — Many top cryptocurrency-related verified Twitter accounts got compromised and a few minutes ago simultaneously tweeted an identical "Crypto For Health" SCAM message.

Hacked people & organizations include Gemini, Binance, Binance's CEO, KuCoin, Coinbase, CoinDesk.

THE BIGGEST HACK IN TWITTER'S HISTORY

List of hacked accounts:

- Jeff Bezos
- Elon Musk
- Warren Buffett
- Barack Obama
- Michael Bloomberg
- Kanye West
- Wiz Khalifa
- Apple
- Uber
- JoeBiden
- Bitcoin
- Coinbase
- Binance
- Gemini
- Kucoin
- Coindesk
- Ripple
- Justin Sun
- Charlee Lee
- SatoshiLite

And more...

Apple releases:

✅ iOS 13.6
✅ iPadOS 13.6
✅ macOS 10.15.6
✅ tvOS 13.4.8
✅ watchOS 6.2.8

Of course, with dozens of new security patches.

Details: https://support.apple.com/en-in/HT201222

Here's our brief coverage on the 'Biggest Twitter Hack of All Time,' explaining what happened earlier today wherein several high-profile verified Twitter accounts were hacked to widespread a cryptocurrency scam that successfully amasses nearly $120,000 in bitcoins.

Read: https://thehackernews.com/2020/07/verified-twitter-hacked.html

(New) A minor flaw in Zoom could have let fraudsters mimic organizations and trick their employees, users, or business partners into revealing personal or other confidential information.

Read details — https://thehackernews.com/2020/07/zoom-vanity-url-vulnerability.html

A new Android banking malware not only targets financial apps but also steals data and credentials from hundreds of social networking, dating, communication, and cryptocurrency apps.

Learn more about 'BlackRock' malware: https://thehackernews.com/2020/07/android-password-hacker.html

OPSEC Fail!

Iranian APT35 hackers accidentally exposed 40 GB worth of sensitive data online, containing hacking training videos that revealed they managed to hack a member of the U.S. Navy, and a Greek naval officer.

Read Details — https://thehackernews.com/2020/07/iranian-hacking-training-videos.html

Great News! Mozilla is finally adding built-in end-to-end email encryption functionality (OpenPGP) and digital signatures into the upcoming release of Thunderbird version 78.2, scheduled to be released in the coming months.

https://blog.thunderbird.net/2020/07/whats-new-in-thunderbird-78/

Until now, users relied on the Enigmail add-on to achieve the same.

21-Year-Old Cypriot Hacker Extradited to the U.S. Over Fraud and Extortion Charges

Read: https://thehackernews.com/2020/07/cypriot-hacker-extradited.html

(New) An emerging Chinese APT hacking group found targeting Indian Government and Hong Kong residents amid (border and new security law, respectively) tensions using a new variant of MgBot malware.

Read details — https://thehackernews.com/2020/07/chinese-hackers-hong-kong-india.html

Garmin—smartwatch, and GPS wearable maker—is currently experiencing global outages after getting hit with a suspected #ransomware attack that forced the company to shut down its connected services and call centers for millions of users.

Read: https://thehackernews.com/2020/07/garmin-ransomware-attack.html

Researchers reveal a new security flaw affecting popular Chinese-made DJI drones that could be exploited to trick users into installing malicious smartphone applications.

Details — https://thehackernews.com/2020/07/dji-drone-hacking_24.html

Company said it would fix the issue in future versions of its app.

In case you haven't tried it yet...

Linux/FreeBSD users can use this open-source vulnerability scanner to identify vulnerable software installed on a system.

https://github.com/future-architect/vuls

It uses multiple vulnerability databases, including NVD, JVN, OVAL, RHSA/ALAS/ELSA/FreeBSD-SA.

Exploiting popular macOS apps (like Dropbox, OneDrive, Google Drive, Keybase, Slack, Skype, Signal, Telegram) with a single ".terminal" file.

https://medium.com/@metnew/exploiting-popular-macos-apps-with-a-single-terminal-file-f6c2efdfedaa

Watch Out! QSnatch data-stealing malware infected over 62,000 vulnerable QNAP NAS devices—Cybersecurity agencies in the US and the UK warned.

Read details: https://thehackernews.com/2020/07/qnap-nas-malware-attack.html

A new undetectable (0/61) Linux malware is hijacking misconfigured Docker servers with exposed APIs—mostly hosted with popular cloud services like AWS, Azure & Alibaba Cloud.

https://thehackernews.com/2020/07/docker-linux-malware.html

Attackers managed to run this campaign under the radar for at least 6 months.

Running your online store using Magento application? If yes, UPDATE IT NOW!

Adobe today released updated versions (2.4.0 and 2.3.5-p2) of open source and commerce Magento variants including security patches for 2 critical and 2 important severity flaws.

https://helpx.adobe.com/security/products/magento/apsb20-47.html