Watch Out! A critical vulnerability affecting Jenkins web-server [jetty] could let unauthenticated, remote attackers access sensitive information through HTTP responses—including session identifiers, authentication credentials/cookies, and other sensitive information.

Read details: https://thehackernews.com/2020/08/jenkins-server-vulnerability.html

Security patches included in the latest Jenkins 2.243 and Jenkins LTS 2.235.5 release.

A new memory-related vulnerability (CVE-2020-4414) affects IBM's Db2 family of data management products that could allow a local attacker to access sensitive data or cause DoS attacks.

https://thehackernews.com/2020/08/ibm-data-management.html

Microsoft issues emergency out-of-band security updates for Windows 8.1, RT 8.1, and Server 2012 R2 systems to patch two recently disclosed privilege escalation bugs (CVE-2020-1530 & CVE-2020-1537) affecting Remote Access Service (RAS).

Read: https://thehackernews.com/2020/08/windows-update-download.html

Experian's South Africa unit suffered a data breach incident exposing the personal information of 24 million customers and 793,749 business entities.

Read details — https://thehackernews.com/2020/08/experian-data-breach-attack.html

The credit rating agency says the attacker behind this breach has been identified.

Oh, JOBS! Hackers posing as recruiters in #malware attacks.

FBI and CISA are warning companies about a new malware, dubbed 'BLINDINGCAN,' which North Korean hackers are using to spy on high-value employees at targeted government contractors.

https://thehackernews.com/2020/08/job-offer-hackers.html

Uber's Former Chief Security Officer, Joe Sullivan, has been charged over covering-up 2016's massive data breach by paying hackers $100,000 ransom as a bug bounty reward.

Details: https://thehackernews.com/2020/08/uber-data-breach-cover-ups.html

This incident, which exposed 57 million users' data, was disclosed to the public almost a year later when Sullivan left the company.

⚠️ BEWARE !!!

A Google Drive 'Feature' — Unpatched Yet — Could Let Attackers Trick You Into Installing Malware Using Convincing Spear Phishing Attacks.

Learn more about it and watch demos: https://thehackernews.com/2020/08/google-drive-file-versions.html

Update your Apache-powered servers!

Google researcher reported 3 flaws in Apache that could lead to code execution and, in some scenarios, even allow attackers to cause a crash and denial of service remotely.

https://thehackernews.com/2020/08/apache-webserver-security.html

CVE-2020-9490
CVE-2020-11984
CVE-2020-11993

A Popular iOS SDK Has Been Caught Spying on Billions of Apple Users and Committing Ad Fraud.

Read Details: https://thehackernews.com/2020/08/ios-sdk-ad-fraud.html

⚡APT hackers-for-hire ...

APT hackers hired by competing private companies exploit #Autodesk 3D Max software to steal sensitive information from industrial targets.

Read details & get IoCs:
https://thehackernews.com/2020/08/autodesk-malware-attack.html

FBI arrested a Russian extortion gang member in the United States after he TRAVELED there to met an employee of a targeted company and offered him $1 MILLION in bitcoins as a bribe for planting a data-stealing MALWARE into the company's systems.

Yeah, it works in the real world as well.

Read details: http://thehackernews.com/2020/08/russian-extortion-malware.html

Watch Out! A new malware campaign spreading QakBot banking trojan returned with new tricks up its sleeve to target government, military, and manufacturing sectors.

Read more: https://thehackernews.com/2020/08/qakbot-banking-trojan.html

In a new campaign...

Iranian hackers pose as journalists (over WhatsApp and LinkedIn) to trick high-value targets into handing over login credentials or installing spyware and steal sensitive information.

Read more: https://thehackernews.com/2020/08/hackers-journalist-malware.html

Cisco Issues Warning Over IOS XR Zero-Day [CVE-2020-3566] Flaw Being Targeted in the Wild

https://thehackernews.com/2020/09/cisco-issue-warning-over-ios-xr-zero.html

REMINDER: Start Today, i.e., 1st September 2020, all major web browsers will stop trusting websites with the validity of SSL/TLS certificates longer than 398 days.

Read details and learn how short-lived Certs increase security: https://thehackernews.com/2020/09/ssl-tls-certificate-validity-398.html

Credit Card hackers now using a new web-skimmer that leverages Telegram messenger APIs to exfiltrate data from compromised payment pages and sites.

Read more: https://thehackernews.com/2020/09/credit-card-telegram-hackers.html

Google Chrome for Android (starting from Chrome 85) now support DNS-over-HTTPS (DoH) feature that, when enabled, can automatically switch to DNS-over-HTTPS if your current DNS provider supports it, or users can also provide a custom server address to prevent miscreants from interfering with domain name lookups, eventually stopping network observers, including your ISPs and attackers, from figuring out what sites you visit.

A new critical bug in Cisco Jabber—chatting and calling software—could let hackers remotely target Windows systems by sending innocent-looking messages to the targeted users.

Read more: https://thehackernews.com/2020/09/cisco-jabber-hacking.html

Evilnum hackers are now targeting Financial Technology firms with a new Python-based RAT that can steal passwords, documents, browser cookies, email credentials, and other sensitive information.

Read details: https://thehackernews.com/2020/09/evilnum-hackers.html