A new Linux malware, dubbed 'CDRThief,' targets voice over IP (VoIP) softswitches in an attempt to steal phone call metadata.

Details: https://thehackernews.com/2020/09/linux-voip-softswitch-malware.html

The United States CISA is warning organizations to be aware of Chinese hackers exploiting several unpatched flaws—F5, Citrix, Pulse Secure VPN, MS Exchange—to target federal agencies and private entities.

Read more: https://thehackernews.com/2020/09/chinese-hackers-agencies.html

According to the latest report, nearly 97% of the leading cybersecurity companies have had their data exposed on the Dark Web in 2020

https://thehackernews.com/2020/09/dark-web-cybersecurity-report.html

The United States on Tuesday indicted two hackers for allegedly defacing American websites in response to the killing of Iranian military commander Qasem Soleimani in a drone strike.

https://thehackernews.com/2020/09/soleimani-website-hacking.html

FBI charges 5 Chinese state-sponsored hackers—members of the APT41 group responsible for attacking 100's of organizations—and adds them to its most-wanted list.

Details: https://thehackernews.com/2020/09/apt41-hackers-wanted-by-fbi.html

2 Malaysian co-conspirators were also arrested earlier this week.

Besides warning when a downloaded file may be malicious, #Chrome is now giving Advanced Protection users the ability to send risky files to be scanned by cloud-based #Google Safe Browsing #malware detection technology before opening the file.

https://security.googleblog.com/2020/09/improved-malware-protection-for-users.html

WARNING: Drupal releases patches for 4 newly discovered vulnerabilities, one of which is critical, and others are moderately critical in severity.

https://www.drupal.org/security

CVE-2020-13668
CVE-2020-13670
CVE-2020-13667
CVE-2020-13669

Upgrade to Drupal 8.8.10, 8.9.6, or 9.0.6.

After revealing criminal charges against 5 Chinese and 2 Malaysian hackers, the U.S. government yesterday also made two separate announcements charging 2 Iranian and 2 Russian hackers for their involvement in a series of hacking operations, and added them to the FBI's most-wanted list.

https://thehackernews.com/2020/09/us-announces-charges-against-2-russian.html

The US government imposes sanctions on a front company operated by APT39 hackers and backed by Iranian Intelligence agency.

Details: https://thehackernews.com/2020/09/iranian-hackers-sanctioned.html

Google recently started rolling out Android 11, the latest version of its mobile operating system.

Here are 5 new "security and privacy features of Android 11" that you need to know ➤

https://thehackernews.com/2020/09/android-11-security-privacy.html

Researchers uncover "Rampant Kitten," a 6-year long, and still ongoing, cyberespionage campaign targeting Iranian dissidents with Windows and Android malware—designed to steal documents, passwords, Telegram messages, and 2FA codes.

Details: https://thehackernews.com/2020/09/iran-hacking-dissidents.html

🔥 A new vulnerability in the Firefox browser app for Android could let attackers execute intent-based commands on smartphones connected to the same network as the attacker.

Details, Demo and Exploit — https://thehackernews.com/2020/09/firefox-android-wifi-hacking.html

Make sure your Firefox is updated to v80 or later.

In case you missed it...

A patient dies after ransomware attack paralyzes a German hospital systems—reportedly first casualty linked to a cyberattack on a hospital.

Details — https://thehackernews.com/2020/09/a-patient-dies-after-ransomware-attack.html

Launched originally at a University, malware mistakenly hit the hospital.

British hacker 'Dark Overlord' has been sentenced to 5 years in prison for blackmailing healthcare and accounting companies in the United States; and also ordered to pay $1,467,048 in restitution to the victims.

Details — https://thehackernews.com/2020/09/british-hacker-jailed.html

An unprotected Microsoft server exposed Bing search engine users' data, including search queries, device details, and GPS coordinates, among others.

Details — https://thehackernews.com/2020/09/bing-search-hacking.html

A new ransomware hacking group, named "OldGremlin," is aggressively targeting large corporate networks of medical labs, banks, manufacturers, and software developers in Russia.

https://thehackernews.com/2020/09/russian-ransomware-hack.html

🔥🔥🔥 A major vulnerability (CVE-2020-1895) in Instagram Android app could have allowed remote attackers to take control over targeted devices just by sending victims a specially crafted image.

Details: https://thehackernews.com/2020/09/instagram-android-hack.html

Fortinet's Fortigate VPN solution running default settings leave over 200,000 businesses vulnerable to man-in-the-middle (MitM) attacks.

Learn how: https://thehackernews.com/2020/09/fortigate-vpn-security.html

Source Code for Microsoft Windows XP OS Reportedly Leaked Online

https://thehackernews.com/2020/09/windows-xp-source-code.html

Researchers discover new versions of powerful FinSpy spyware (legally sold) for Linux and macOS systems that a new unknown group of attackers used in a campaign targeting Egyptian civil society organizations.

https://thehackernews.com/2020/09/finspy-malware-macos-linux.html