British hacker 'Dark Overlord' has been sentenced to 5 years in prison for blackmailing healthcare and accounting companies in the United States; and also ordered to pay $1,467,048 in restitution to the victims.

Details — https://thehackernews.com/2020/09/british-hacker-jailed.html

An unprotected Microsoft server exposed Bing search engine users' data, including search queries, device details, and GPS coordinates, among others.

Details — https://thehackernews.com/2020/09/bing-search-hacking.html

A new ransomware hacking group, named "OldGremlin," is aggressively targeting large corporate networks of medical labs, banks, manufacturers, and software developers in Russia.

https://thehackernews.com/2020/09/russian-ransomware-hack.html

🔥🔥🔥 A major vulnerability (CVE-2020-1895) in Instagram Android app could have allowed remote attackers to take control over targeted devices just by sending victims a specially crafted image.

Details: https://thehackernews.com/2020/09/instagram-android-hack.html

Fortinet's Fortigate VPN solution running default settings leave over 200,000 businesses vulnerable to man-in-the-middle (MitM) attacks.

Learn how: https://thehackernews.com/2020/09/fortigate-vpn-security.html

Source Code for Microsoft Windows XP OS Reportedly Leaked Online

https://thehackernews.com/2020/09/windows-xp-source-code.html

Researchers discover new versions of powerful FinSpy spyware (legally sold) for Linux and macOS systems that a new unknown group of attackers used in a campaign targeting Egyptian civil society organizations.

https://thehackernews.com/2020/09/finspy-malware-macos-linux.html

Red Team — Automation or Simulation?

Learn how organizations can discover exploitable vulnerabilities and remediate misconfigurations using automated security testing and continuous breach simulation.

Details: https://thehackernews.com/2020/09/red-team-penetration-test.html

A Chinese APT hackers group targeted construction, engineering, electronics, and finance sectors in Japan, Taiwan, the US, and China.

Read more: https://thehackernews.com/2020/09/chinese-apt-group-targets-media-finance.html

Cisco releases security patches for 2 high-severity vulnerabilities (CVE-2020-3566 and CVE-2020-3569) affecting IOS XR software—actively being exploited in the wild at least since last month.

Details: https://thehackernews.com/2020/09/cisco.html

Critical Security Vulnerabilities Discovered in 2 Popular Industrial Remote Access Systems (B&R Automation and MB Connect Line)—Potentially Affecting Automotive, Energy, Oil & Gas, Metal, and Packaging Sectors.

Details: https://thehackernews.com/2020/10/industrial-remote-access.html

A Russian cybercriminal—who hacked LinkedIn, Dropbox, Formspring, and stole data on over 200 million user accounts—has finally been sentenced to 88 months in the U.S. prison.

https://thehackernews.com/2020/10/russian-linkedin-hacker.html

BEWARE — Hackers have been found distributing a new stealthy Android spyware (SpyC23.A) posing as Telegram, Threema, and other popular messaging apps.

Details: https://thehackernews.com/2020/10/android-mobile-hacking.html

🔥 This is really Interesting!

Researchers fingerprint two Exploit Developers—"Volodya" (BuggiCorp) & "PlayBit"—who sold over a dozen Windows exploits to several cyber criminals & malware authors in recent years.

Read details ➤ https://thehackernews.com/2020/10/exploit-development.html

Researchers reported security flaws in top ANTIVIRUS software that could make your computers more vulnerable to hackers.

https://thehackernews.com/2020/10/antivirus-software-vulnerabilities.html

Affected vendors have released patches:
—Kaspersky
—McAfee
—Symantec
—Fortinet
—Check Point
—Trend Micro
—Avira
—Microsoft Defender

MosaicRegressor — A new rare kind of potentially dangerous UEFI bootkit found actively targeting diplomats with persistent malware.

Read details: https://thehackernews.com/2020/10/uefi-bootkit-malware.html

Cybersecurity researchers have taken the wraps off a new botnet that's hijacking Internet-connected smart devices in the wild to perform nefarious tasks, mostly DDoS attacks, and illicit cryptocurrency coin mining.

Read more: https://thehackernews.com/2020/10/p2p-iot-botnet.html

NEW: Intezer researchers reported security vulnerabilities in Microsoft Azure App Service that could allow attackers to carry out SSRF attacks, insert phishing pages or execute arbitrary code and take over the administration server.

Read more: https://thehackernews.com/2020/10/microsoft-azure-vulnerability.html

Researchers find 55 new security flaws in Apple services and software — 11 of which are critical — allowing attackers to:

✅ hack customer & employee apps,
✅ wormable iCloud account taking over,
✅ retrieve source code for internal Apple projects,
✅ hack industrial control warehouse software,
✅ take over sessions of Apple employees & accessing management tools and sensitive resources.

Read details — https://thehackernews.com/2020/10/apple-security.html

Microsoft has issued a warning about a new ransomware malware that leverages incoming call notifications and Android's Home button to lock the device behind a ransom note.

Read details: https://thehackernews.com/2020/10/android-ransomware-lock.html