✅ Microsoft Patch Tuesday
✅ September 2020 Edition
✅ 129 New Vulnerabilities
✅ 23 Critical + 105 Important
✅ 0 Publicly Known
✅ 0 Under Active Attacks

Find details here: https://thehackernews.com/2020/09/patch-tuesday-september.html

In recent attacks, cybercriminals have been caught using legitimate cloud monitoring tools as a backdoor, allowing them to not only map the infrastructure but also executed system commands without having to deploy malicious code on the target server explicitly.

Read more: https://thehackernews.com/2020/09/cloud-monitoring.html

🔥 Raccoon Attack — A new timing vulnerability could allow attackers to break SSL/TLS encryption and read sensitive communication.

Read details: https://thehackernews.com/2020/09/raccoon-ssl-tls-encryption.html

A Successful Self-Service Password Reset (SSPR) Project Requires User Adoption.

Learn how you can empower your end-users without the need for help-desk assistance: https://thehackernews.com/2020/09/self-service-password-reset.html

Hackers stole nearly $5.4 million worth of cryptocurrencies from Eterbase Exchange after successfully compromising its hot wallets for Bitcoin, Ethereum, XRP, Tezos, Algorand, and TRON digital currencies.

Details: https://thehackernews.com/2020/09/hackers-stole-cryptocurrencies.html

🔥 BLURtooth (CVE-2020-15802)

A new unpatched Bluetooth pairing vulnerability could let attackers bypass authentication and easily target vulnerable nearby devices.

Read details — https://thehackernews.com/2020/09/new-bluetooth-vulnerability.html

Tafferugli: An open-source Twitter analysis framework in the form of a web application that can filter, collect, and analyze tweets, allowing you to quickly hunt down propaganda operations, such as coordinated behavior and automated posting.

https://github.com/sowdust/tafferugli

A new Linux malware, dubbed 'CDRThief,' targets voice over IP (VoIP) softswitches in an attempt to steal phone call metadata.

Details: https://thehackernews.com/2020/09/linux-voip-softswitch-malware.html

The United States CISA is warning organizations to be aware of Chinese hackers exploiting several unpatched flaws—F5, Citrix, Pulse Secure VPN, MS Exchange—to target federal agencies and private entities.

Read more: https://thehackernews.com/2020/09/chinese-hackers-agencies.html

According to the latest report, nearly 97% of the leading cybersecurity companies have had their data exposed on the Dark Web in 2020

https://thehackernews.com/2020/09/dark-web-cybersecurity-report.html

The United States on Tuesday indicted two hackers for allegedly defacing American websites in response to the killing of Iranian military commander Qasem Soleimani in a drone strike.

https://thehackernews.com/2020/09/soleimani-website-hacking.html

FBI charges 5 Chinese state-sponsored hackers—members of the APT41 group responsible for attacking 100's of organizations—and adds them to its most-wanted list.

Details: https://thehackernews.com/2020/09/apt41-hackers-wanted-by-fbi.html

2 Malaysian co-conspirators were also arrested earlier this week.

Besides warning when a downloaded file may be malicious, #Chrome is now giving Advanced Protection users the ability to send risky files to be scanned by cloud-based #Google Safe Browsing #malware detection technology before opening the file.

https://security.googleblog.com/2020/09/improved-malware-protection-for-users.html

WARNING: Drupal releases patches for 4 newly discovered vulnerabilities, one of which is critical, and others are moderately critical in severity.

https://www.drupal.org/security

CVE-2020-13668
CVE-2020-13670
CVE-2020-13667
CVE-2020-13669

Upgrade to Drupal 8.8.10, 8.9.6, or 9.0.6.

After revealing criminal charges against 5 Chinese and 2 Malaysian hackers, the U.S. government yesterday also made two separate announcements charging 2 Iranian and 2 Russian hackers for their involvement in a series of hacking operations, and added them to the FBI's most-wanted list.

https://thehackernews.com/2020/09/us-announces-charges-against-2-russian.html

The US government imposes sanctions on a front company operated by APT39 hackers and backed by Iranian Intelligence agency.

Details: https://thehackernews.com/2020/09/iranian-hackers-sanctioned.html

Google recently started rolling out Android 11, the latest version of its mobile operating system.

Here are 5 new "security and privacy features of Android 11" that you need to know ➤

https://thehackernews.com/2020/09/android-11-security-privacy.html

Researchers uncover "Rampant Kitten," a 6-year long, and still ongoing, cyberespionage campaign targeting Iranian dissidents with Windows and Android malware—designed to steal documents, passwords, Telegram messages, and 2FA codes.

Details: https://thehackernews.com/2020/09/iran-hacking-dissidents.html

🔥 A new vulnerability in the Firefox browser app for Android could let attackers execute intent-based commands on smartphones connected to the same network as the attacker.

Details, Demo and Exploit — https://thehackernews.com/2020/09/firefox-android-wifi-hacking.html

Make sure your Firefox is updated to v80 or later.

In case you missed it...

A patient dies after ransomware attack paralyzes a German hospital systems—reportedly first casualty linked to a cyberattack on a hospital.

Details — https://thehackernews.com/2020/09/a-patient-dies-after-ransomware-attack.html

Launched originally at a University, malware mistakenly hit the hospital.