Exploiting popular macOS apps (like Dropbox, OneDrive, Google Drive, Keybase, Slack, Skype, Signal, Telegram) with a single ".terminal" file.

https://medium.com/@metnew/exploiting-popular-macos-apps-with-a-single-terminal-file-f6c2efdfedaa

Watch Out! QSnatch data-stealing malware infected over 62,000 vulnerable QNAP NAS devices—Cybersecurity agencies in the US and the UK warned.

Read details: https://thehackernews.com/2020/07/qnap-nas-malware-attack.html

A new undetectable (0/61) Linux malware is hijacking misconfigured Docker servers with exposed APIs—mostly hosted with popular cloud services like AWS, Azure & Alibaba Cloud.

https://thehackernews.com/2020/07/docker-linux-malware.html

Attackers managed to run this campaign under the radar for at least 6 months.

Running your online store using Magento application? If yes, UPDATE IT NOW!

Adobe today released updated versions (2.4.0 and 2.3.5-p2) of open source and commerce Magento variants including security patches for 2 critical and 2 important severity flaws.

https://helpx.adobe.com/security/products/magento/apsb20-47.html

New 🔥 : Multiple high-risk vulnerabilities discovered in the popular dating service—OkCupid—that could have allowed remote attackers to:

✅ Hijack profiles,
✅ Spy on private messages,
✅ Perform actions on behalf of the victim.

Read details: https://thehackernews.com/2020/07/hacking-okcupid-account.html

Multiple Critical Flaws Reported in Enterprise-Grade Industrial VPNs Could Let Remote Attackers Target Critical Infrastructures.

Details: https://thehackernews.com/2020/07/industrial-vpn-security.html

Reported Flaws Are:
CVE-2020-14500
CVE-2020-14508
CVE-2020-14510
CVE-2020-14512
CVE-2020-14511
CVE-2020-14498

A new GRUB2 bootloader vulnerability (CVE-2020-10713) could let attackers bypass 'Secure Boot' & gain high-privileged persistent access to the targeted systems.

https://thehackernews.com/2020/07/grub2-bootloader-vulnerability.html

BILLIONS of devices running any Linux distributions, as well as Windows PCs are affected.

A new security flaw in popular Zoom video conference service could have let snoopers crack private meetings passwords in a few minutes, re-enabling zoom-bombing attacks.

Read details ➤ https://thehackernews.com/2020/07/zoom-meeting-password-hacking.html

Researchers reveal "Timeless Timing Attacks," a new technique that leverages HTTP/2 protocol for effective remote timing side-channel attacks to leak sensitive information—which otherwise in most cases practically infeasible because of the network congestion between the adversary and target server.

Learn more: https://thehackernews.com/2020/07/http2-timing-side-channel-attacks.html

In its first-ever sanctions against cyberattacks, the European Union imposes restrictive measures against hackers from Chinese, Russian and North Korean—who're also wanted by the FBI—and companies involved in various attacks.

Read: https://thehackernews.com/2020/07/sanctions-against-wanted-hackers.html

— BREAKING —

A 17-year-old 'Mastermind' and two other 19 & 22-year-old suspected hackers behind the biggest Twitter hack have been arrested.

Details: https://thehackernews.com/2020/07/twitter-hacker-arrested.html

On July 15, several high-profile accounts were hijacked as part of a massive bitcoin scam.

U.S. intelligence agencies are warning of a new variant of 12-year-old 'Taidoor' computer virus that Chinese state-sponsored hackers are using to target governments, corporations, and think tanks worldwide.

Read detail —
https://thehackernews.com/2020/08/chinese-hacking-malware.html

Researcher demonstrated a high-severity flaw in a new feature of Apple Touch ID that could have let network-attackers hijack your iCloud accounts.

Read details: https://thehackernews.com/2020/08/apple-touchid-sign-in.html

NEW — SafeBreach researcher identified 4 new variants of 'HTTP Request Smuggling' attack and demonstrated them against various commercial off-the-shelf web servers and HTTP proxy servers.

Read details: https://thehackernews.com/2020/08/http-request-smuggling.html

Researchers find several new attacks that exploit the true underlying root issue behind micro-architectural flaws that not just impacts the most recent Intel CPUs, but also modern processors from ARM, IBM, and AMD—previously believed to be unaffected.

https://thehackernews.com/2020/08/foreshadow-processor-vulnerability.html

Magecart hackers found executing credit card skimming attacks against several websites, leveraging homoglyph domains, and infected copycat Favicon icons for evasive phishing attacks.

Read details: https://thehackernews.com/2020/08/magecart-homograph-phishing.html

Capital One—5th largest U.S. credit card company—has been fined with $80 million for 2019 data breach that compromised the personal information of 106 million credit card holders due to its careless network security practices.

https://thehackernews.com/2020/08/capital-one-data-breach.html

Starting with Metasploit 6, which is currently under active development, all meterpreters will use AES to end-to-end encrypt their communications.

https://blog.rapid7.com/2020/08/06/metasploit-6-now-under-active-development/

Metasploit version 6.x with initial features is available on GitHub under the development branch.

Heads Up! Adobe on Tuesday, August 11, will release important security patch updates for Adobe Acrobat and Reader affecting Windows and macOS users.

DEF CON 28: Cybersecurity researcher demonstrated several vulnerabilities affecting Zoom video conferencing app for Linux, its production and development infrastructure, and the implementation of end-to-end encryption.

Read details: https://thehackernews.com/2020/08/zoom-software-vulnerabilities.html