Here's our brief coverage on the 'Biggest Twitter Hack of All Time,' explaining what happened earlier today wherein several high-profile verified Twitter accounts were hacked to widespread a cryptocurrency scam that successfully amasses nearly $120,000 in bitcoins.

Read: https://thehackernews.com/2020/07/verified-twitter-hacked.html

(New) A minor flaw in Zoom could have let fraudsters mimic organizations and trick their employees, users, or business partners into revealing personal or other confidential information.

Read details — https://thehackernews.com/2020/07/zoom-vanity-url-vulnerability.html

A new Android banking malware not only targets financial apps but also steals data and credentials from hundreds of social networking, dating, communication, and cryptocurrency apps.

Learn more about 'BlackRock' malware: https://thehackernews.com/2020/07/android-password-hacker.html

OPSEC Fail!

Iranian APT35 hackers accidentally exposed 40 GB worth of sensitive data online, containing hacking training videos that revealed they managed to hack a member of the U.S. Navy, and a Greek naval officer.

Read Details — https://thehackernews.com/2020/07/iranian-hacking-training-videos.html

Great News! Mozilla is finally adding built-in end-to-end email encryption functionality (OpenPGP) and digital signatures into the upcoming release of Thunderbird version 78.2, scheduled to be released in the coming months.

https://blog.thunderbird.net/2020/07/whats-new-in-thunderbird-78/

Until now, users relied on the Enigmail add-on to achieve the same.

21-Year-Old Cypriot Hacker Extradited to the U.S. Over Fraud and Extortion Charges

Read: https://thehackernews.com/2020/07/cypriot-hacker-extradited.html

(New) An emerging Chinese APT hacking group found targeting Indian Government and Hong Kong residents amid (border and new security law, respectively) tensions using a new variant of MgBot malware.

Read details — https://thehackernews.com/2020/07/chinese-hackers-hong-kong-india.html

Garmin—smartwatch, and GPS wearable maker—is currently experiencing global outages after getting hit with a suspected #ransomware attack that forced the company to shut down its connected services and call centers for millions of users.

Read: https://thehackernews.com/2020/07/garmin-ransomware-attack.html

Researchers reveal a new security flaw affecting popular Chinese-made DJI drones that could be exploited to trick users into installing malicious smartphone applications.

Details — https://thehackernews.com/2020/07/dji-drone-hacking_24.html

Company said it would fix the issue in future versions of its app.

In case you haven't tried it yet...

Linux/FreeBSD users can use this open-source vulnerability scanner to identify vulnerable software installed on a system.

https://github.com/future-architect/vuls

It uses multiple vulnerability databases, including NVD, JVN, OVAL, RHSA/ALAS/ELSA/FreeBSD-SA.

Exploiting popular macOS apps (like Dropbox, OneDrive, Google Drive, Keybase, Slack, Skype, Signal, Telegram) with a single ".terminal" file.

https://medium.com/@metnew/exploiting-popular-macos-apps-with-a-single-terminal-file-f6c2efdfedaa

Watch Out! QSnatch data-stealing malware infected over 62,000 vulnerable QNAP NAS devices—Cybersecurity agencies in the US and the UK warned.

Read details: https://thehackernews.com/2020/07/qnap-nas-malware-attack.html

A new undetectable (0/61) Linux malware is hijacking misconfigured Docker servers with exposed APIs—mostly hosted with popular cloud services like AWS, Azure & Alibaba Cloud.

https://thehackernews.com/2020/07/docker-linux-malware.html

Attackers managed to run this campaign under the radar for at least 6 months.

Running your online store using Magento application? If yes, UPDATE IT NOW!

Adobe today released updated versions (2.4.0 and 2.3.5-p2) of open source and commerce Magento variants including security patches for 2 critical and 2 important severity flaws.

https://helpx.adobe.com/security/products/magento/apsb20-47.html

New 🔥 : Multiple high-risk vulnerabilities discovered in the popular dating service—OkCupid—that could have allowed remote attackers to:

✅ Hijack profiles,
✅ Spy on private messages,
✅ Perform actions on behalf of the victim.

Read details: https://thehackernews.com/2020/07/hacking-okcupid-account.html

Multiple Critical Flaws Reported in Enterprise-Grade Industrial VPNs Could Let Remote Attackers Target Critical Infrastructures.

Details: https://thehackernews.com/2020/07/industrial-vpn-security.html

Reported Flaws Are:
CVE-2020-14500
CVE-2020-14508
CVE-2020-14510
CVE-2020-14512
CVE-2020-14511
CVE-2020-14498

A new GRUB2 bootloader vulnerability (CVE-2020-10713) could let attackers bypass 'Secure Boot' & gain high-privileged persistent access to the targeted systems.

https://thehackernews.com/2020/07/grub2-bootloader-vulnerability.html

BILLIONS of devices running any Linux distributions, as well as Windows PCs are affected.

A new security flaw in popular Zoom video conference service could have let snoopers crack private meetings passwords in a few minutes, re-enabling zoom-bombing attacks.

Read details ➤ https://thehackernews.com/2020/07/zoom-meeting-password-hacking.html

Researchers reveal "Timeless Timing Attacks," a new technique that leverages HTTP/2 protocol for effective remote timing side-channel attacks to leak sensitive information—which otherwise in most cases practically infeasible because of the network congestion between the adversary and target server.

Learn more: https://thehackernews.com/2020/07/http2-timing-side-channel-attacks.html

In its first-ever sanctions against cyberattacks, the European Union imposes restrictive measures against hackers from Chinese, Russian and North Korean—who're also wanted by the FBI—and companies involved in various attacks.

Read: https://thehackernews.com/2020/07/sanctions-against-wanted-hackers.html