Researchers uncover "Rampant Kitten," a 6-year long, and still ongoing, cyberespionage campaign targeting Iranian dissidents with Windows and Android malware—designed to steal documents, passwords, Telegram messages, and 2FA codes.

Details: https://thehackernews.com/2020/09/iran-hacking-dissidents.html

🔥 A new vulnerability in the Firefox browser app for Android could let attackers execute intent-based commands on smartphones connected to the same network as the attacker.

Details, Demo and Exploit — https://thehackernews.com/2020/09/firefox-android-wifi-hacking.html

Make sure your Firefox is updated to v80 or later.

In case you missed it...

A patient dies after ransomware attack paralyzes a German hospital systems—reportedly first casualty linked to a cyberattack on a hospital.

Details — https://thehackernews.com/2020/09/a-patient-dies-after-ransomware-attack.html

Launched originally at a University, malware mistakenly hit the hospital.

British hacker 'Dark Overlord' has been sentenced to 5 years in prison for blackmailing healthcare and accounting companies in the United States; and also ordered to pay $1,467,048 in restitution to the victims.

Details — https://thehackernews.com/2020/09/british-hacker-jailed.html

An unprotected Microsoft server exposed Bing search engine users' data, including search queries, device details, and GPS coordinates, among others.

Details — https://thehackernews.com/2020/09/bing-search-hacking.html

A new ransomware hacking group, named "OldGremlin," is aggressively targeting large corporate networks of medical labs, banks, manufacturers, and software developers in Russia.

https://thehackernews.com/2020/09/russian-ransomware-hack.html

🔥🔥🔥 A major vulnerability (CVE-2020-1895) in Instagram Android app could have allowed remote attackers to take control over targeted devices just by sending victims a specially crafted image.

Details: https://thehackernews.com/2020/09/instagram-android-hack.html

Fortinet's Fortigate VPN solution running default settings leave over 200,000 businesses vulnerable to man-in-the-middle (MitM) attacks.

Learn how: https://thehackernews.com/2020/09/fortigate-vpn-security.html

Source Code for Microsoft Windows XP OS Reportedly Leaked Online

https://thehackernews.com/2020/09/windows-xp-source-code.html

Researchers discover new versions of powerful FinSpy spyware (legally sold) for Linux and macOS systems that a new unknown group of attackers used in a campaign targeting Egyptian civil society organizations.

https://thehackernews.com/2020/09/finspy-malware-macos-linux.html

Red Team — Automation or Simulation?

Learn how organizations can discover exploitable vulnerabilities and remediate misconfigurations using automated security testing and continuous breach simulation.

Details: https://thehackernews.com/2020/09/red-team-penetration-test.html

A Chinese APT hackers group targeted construction, engineering, electronics, and finance sectors in Japan, Taiwan, the US, and China.

Read more: https://thehackernews.com/2020/09/chinese-apt-group-targets-media-finance.html

Cisco releases security patches for 2 high-severity vulnerabilities (CVE-2020-3566 and CVE-2020-3569) affecting IOS XR software—actively being exploited in the wild at least since last month.

Details: https://thehackernews.com/2020/09/cisco.html

Critical Security Vulnerabilities Discovered in 2 Popular Industrial Remote Access Systems (B&R Automation and MB Connect Line)—Potentially Affecting Automotive, Energy, Oil & Gas, Metal, and Packaging Sectors.

Details: https://thehackernews.com/2020/10/industrial-remote-access.html

A Russian cybercriminal—who hacked LinkedIn, Dropbox, Formspring, and stole data on over 200 million user accounts—has finally been sentenced to 88 months in the U.S. prison.

https://thehackernews.com/2020/10/russian-linkedin-hacker.html

BEWARE — Hackers have been found distributing a new stealthy Android spyware (SpyC23.A) posing as Telegram, Threema, and other popular messaging apps.

Details: https://thehackernews.com/2020/10/android-mobile-hacking.html

🔥 This is really Interesting!

Researchers fingerprint two Exploit Developers—"Volodya" (BuggiCorp) & "PlayBit"—who sold over a dozen Windows exploits to several cyber criminals & malware authors in recent years.

Read details ➤ https://thehackernews.com/2020/10/exploit-development.html

Researchers reported security flaws in top ANTIVIRUS software that could make your computers more vulnerable to hackers.

https://thehackernews.com/2020/10/antivirus-software-vulnerabilities.html

Affected vendors have released patches:
—Kaspersky
—McAfee
—Symantec
—Fortinet
—Check Point
—Trend Micro
—Avira
—Microsoft Defender

MosaicRegressor — A new rare kind of potentially dangerous UEFI bootkit found actively targeting diplomats with persistent malware.

Read details: https://thehackernews.com/2020/10/uefi-bootkit-malware.html

Cybersecurity researchers have taken the wraps off a new botnet that's hijacking Internet-connected smart devices in the wild to perform nefarious tasks, mostly DDoS attacks, and illicit cryptocurrency coin mining.

Read more: https://thehackernews.com/2020/10/p2p-iot-botnet.html