REMINDER: Start Today, i.e., 1st September 2020, all major web browsers will stop trusting websites with the validity of SSL/TLS certificates longer than 398 days.

Read details and learn how short-lived Certs increase security: https://thehackernews.com/2020/09/ssl-tls-certificate-validity-398.html

Credit Card hackers now using a new web-skimmer that leverages Telegram messenger APIs to exfiltrate data from compromised payment pages and sites.

Read more: https://thehackernews.com/2020/09/credit-card-telegram-hackers.html

Google Chrome for Android (starting from Chrome 85) now support DNS-over-HTTPS (DoH) feature that, when enabled, can automatically switch to DNS-over-HTTPS if your current DNS provider supports it, or users can also provide a custom server address to prevent miscreants from interfering with domain name lookups, eventually stopping network observers, including your ISPs and attackers, from figuring out what sites you visit.

A new critical bug in Cisco Jabber—chatting and calling software—could let hackers remotely target Windows systems by sending innocent-looking messages to the targeted users.

Read more: https://thehackernews.com/2020/09/cisco-jabber-hacking.html

Evilnum hackers are now targeting Financial Technology firms with a new Python-based RAT that can steal passwords, documents, browser cookies, email credentials, and other sensitive information.

Read details: https://thehackernews.com/2020/09/evilnum-hackers.html

A new flaw could let cybercriminals bypasses PIN verification for Visa Contactless Payments.

Read details: https://thehackernews.com/2020/09/emv-payment-card-pin-hacking.html

Cybersecurity agencies across Asia and Europe have issued security alerts regarding the sudden spike in Emotet malware attacks targeting businesses in France, Japan, and New Zealand.

Read details: https://thehackernews.com/2020/09/emotet-malware-attack.html

✅ Microsoft Patch Tuesday
✅ September 2020 Edition
✅ 129 New Vulnerabilities
✅ 23 Critical + 105 Important
✅ 0 Publicly Known
✅ 0 Under Active Attacks

Find details here: https://thehackernews.com/2020/09/patch-tuesday-september.html

In recent attacks, cybercriminals have been caught using legitimate cloud monitoring tools as a backdoor, allowing them to not only map the infrastructure but also executed system commands without having to deploy malicious code on the target server explicitly.

Read more: https://thehackernews.com/2020/09/cloud-monitoring.html

🔥 Raccoon Attack — A new timing vulnerability could allow attackers to break SSL/TLS encryption and read sensitive communication.

Read details: https://thehackernews.com/2020/09/raccoon-ssl-tls-encryption.html

A Successful Self-Service Password Reset (SSPR) Project Requires User Adoption.

Learn how you can empower your end-users without the need for help-desk assistance: https://thehackernews.com/2020/09/self-service-password-reset.html

Hackers stole nearly $5.4 million worth of cryptocurrencies from Eterbase Exchange after successfully compromising its hot wallets for Bitcoin, Ethereum, XRP, Tezos, Algorand, and TRON digital currencies.

Details: https://thehackernews.com/2020/09/hackers-stole-cryptocurrencies.html

🔥 BLURtooth (CVE-2020-15802)

A new unpatched Bluetooth pairing vulnerability could let attackers bypass authentication and easily target vulnerable nearby devices.

Read details — https://thehackernews.com/2020/09/new-bluetooth-vulnerability.html

Tafferugli: An open-source Twitter analysis framework in the form of a web application that can filter, collect, and analyze tweets, allowing you to quickly hunt down propaganda operations, such as coordinated behavior and automated posting.

https://github.com/sowdust/tafferugli

A new Linux malware, dubbed 'CDRThief,' targets voice over IP (VoIP) softswitches in an attempt to steal phone call metadata.

Details: https://thehackernews.com/2020/09/linux-voip-softswitch-malware.html

The United States CISA is warning organizations to be aware of Chinese hackers exploiting several unpatched flaws—F5, Citrix, Pulse Secure VPN, MS Exchange—to target federal agencies and private entities.

Read more: https://thehackernews.com/2020/09/chinese-hackers-agencies.html

According to the latest report, nearly 97% of the leading cybersecurity companies have had their data exposed on the Dark Web in 2020

https://thehackernews.com/2020/09/dark-web-cybersecurity-report.html

The United States on Tuesday indicted two hackers for allegedly defacing American websites in response to the killing of Iranian military commander Qasem Soleimani in a drone strike.

https://thehackernews.com/2020/09/soleimani-website-hacking.html

FBI charges 5 Chinese state-sponsored hackers—members of the APT41 group responsible for attacking 100's of organizations—and adds them to its most-wanted list.

Details: https://thehackernews.com/2020/09/apt41-hackers-wanted-by-fbi.html

2 Malaysian co-conspirators were also arrested earlier this week.