The United States on Tuesday indicted two hackers for allegedly defacing American websites in response to the killing of Iranian military commander Qasem Soleimani in a drone strike.

https://thehackernews.com/2020/09/soleimani-website-hacking.html

FBI charges 5 Chinese state-sponsored hackers—members of the APT41 group responsible for attacking 100's of organizations—and adds them to its most-wanted list.

Details: https://thehackernews.com/2020/09/apt41-hackers-wanted-by-fbi.html

2 Malaysian co-conspirators were also arrested earlier this week.

Besides warning when a downloaded file may be malicious, #Chrome is now giving Advanced Protection users the ability to send risky files to be scanned by cloud-based #Google Safe Browsing #malware detection technology before opening the file.

https://security.googleblog.com/2020/09/improved-malware-protection-for-users.html

WARNING: Drupal releases patches for 4 newly discovered vulnerabilities, one of which is critical, and others are moderately critical in severity.

https://www.drupal.org/security

CVE-2020-13668
CVE-2020-13670
CVE-2020-13667
CVE-2020-13669

Upgrade to Drupal 8.8.10, 8.9.6, or 9.0.6.

After revealing criminal charges against 5 Chinese and 2 Malaysian hackers, the U.S. government yesterday also made two separate announcements charging 2 Iranian and 2 Russian hackers for their involvement in a series of hacking operations, and added them to the FBI's most-wanted list.

https://thehackernews.com/2020/09/us-announces-charges-against-2-russian.html

The US government imposes sanctions on a front company operated by APT39 hackers and backed by Iranian Intelligence agency.

Details: https://thehackernews.com/2020/09/iranian-hackers-sanctioned.html

Google recently started rolling out Android 11, the latest version of its mobile operating system.

Here are 5 new "security and privacy features of Android 11" that you need to know ➤

https://thehackernews.com/2020/09/android-11-security-privacy.html

Researchers uncover "Rampant Kitten," a 6-year long, and still ongoing, cyberespionage campaign targeting Iranian dissidents with Windows and Android malware—designed to steal documents, passwords, Telegram messages, and 2FA codes.

Details: https://thehackernews.com/2020/09/iran-hacking-dissidents.html

🔥 A new vulnerability in the Firefox browser app for Android could let attackers execute intent-based commands on smartphones connected to the same network as the attacker.

Details, Demo and Exploit — https://thehackernews.com/2020/09/firefox-android-wifi-hacking.html

Make sure your Firefox is updated to v80 or later.

In case you missed it...

A patient dies after ransomware attack paralyzes a German hospital systems—reportedly first casualty linked to a cyberattack on a hospital.

Details — https://thehackernews.com/2020/09/a-patient-dies-after-ransomware-attack.html

Launched originally at a University, malware mistakenly hit the hospital.

British hacker 'Dark Overlord' has been sentenced to 5 years in prison for blackmailing healthcare and accounting companies in the United States; and also ordered to pay $1,467,048 in restitution to the victims.

Details — https://thehackernews.com/2020/09/british-hacker-jailed.html

An unprotected Microsoft server exposed Bing search engine users' data, including search queries, device details, and GPS coordinates, among others.

Details — https://thehackernews.com/2020/09/bing-search-hacking.html

A new ransomware hacking group, named "OldGremlin," is aggressively targeting large corporate networks of medical labs, banks, manufacturers, and software developers in Russia.

https://thehackernews.com/2020/09/russian-ransomware-hack.html

🔥🔥🔥 A major vulnerability (CVE-2020-1895) in Instagram Android app could have allowed remote attackers to take control over targeted devices just by sending victims a specially crafted image.

Details: https://thehackernews.com/2020/09/instagram-android-hack.html

Fortinet's Fortigate VPN solution running default settings leave over 200,000 businesses vulnerable to man-in-the-middle (MitM) attacks.

Learn how: https://thehackernews.com/2020/09/fortigate-vpn-security.html

Source Code for Microsoft Windows XP OS Reportedly Leaked Online

https://thehackernews.com/2020/09/windows-xp-source-code.html

Researchers discover new versions of powerful FinSpy spyware (legally sold) for Linux and macOS systems that a new unknown group of attackers used in a campaign targeting Egyptian civil society organizations.

https://thehackernews.com/2020/09/finspy-malware-macos-linux.html

Red Team — Automation or Simulation?

Learn how organizations can discover exploitable vulnerabilities and remediate misconfigurations using automated security testing and continuous breach simulation.

Details: https://thehackernews.com/2020/09/red-team-penetration-test.html

A Chinese APT hackers group targeted construction, engineering, electronics, and finance sectors in Japan, Taiwan, the US, and China.

Read more: https://thehackernews.com/2020/09/chinese-apt-group-targets-media-finance.html

Cisco releases security patches for 2 high-severity vulnerabilities (CVE-2020-3566 and CVE-2020-3569) affecting IOS XR software—actively being exploited in the wild at least since last month.

Details: https://thehackernews.com/2020/09/cisco.html