Fortinet's Fortigate VPN solution running default settings leave over 200,000 businesses vulnerable to man-in-the-middle (MitM) attacks.

Learn how: https://thehackernews.com/2020/09/fortigate-vpn-security.html

Source Code for Microsoft Windows XP OS Reportedly Leaked Online

https://thehackernews.com/2020/09/windows-xp-source-code.html

Researchers discover new versions of powerful FinSpy spyware (legally sold) for Linux and macOS systems that a new unknown group of attackers used in a campaign targeting Egyptian civil society organizations.

https://thehackernews.com/2020/09/finspy-malware-macos-linux.html

Red Team — Automation or Simulation?

Learn how organizations can discover exploitable vulnerabilities and remediate misconfigurations using automated security testing and continuous breach simulation.

Details: https://thehackernews.com/2020/09/red-team-penetration-test.html

A Chinese APT hackers group targeted construction, engineering, electronics, and finance sectors in Japan, Taiwan, the US, and China.

Read more: https://thehackernews.com/2020/09/chinese-apt-group-targets-media-finance.html

Cisco releases security patches for 2 high-severity vulnerabilities (CVE-2020-3566 and CVE-2020-3569) affecting IOS XR software—actively being exploited in the wild at least since last month.

Details: https://thehackernews.com/2020/09/cisco.html

Critical Security Vulnerabilities Discovered in 2 Popular Industrial Remote Access Systems (B&R Automation and MB Connect Line)—Potentially Affecting Automotive, Energy, Oil & Gas, Metal, and Packaging Sectors.

Details: https://thehackernews.com/2020/10/industrial-remote-access.html

A Russian cybercriminal—who hacked LinkedIn, Dropbox, Formspring, and stole data on over 200 million user accounts—has finally been sentenced to 88 months in the U.S. prison.

https://thehackernews.com/2020/10/russian-linkedin-hacker.html

BEWARE — Hackers have been found distributing a new stealthy Android spyware (SpyC23.A) posing as Telegram, Threema, and other popular messaging apps.

Details: https://thehackernews.com/2020/10/android-mobile-hacking.html

🔥 This is really Interesting!

Researchers fingerprint two Exploit Developers—"Volodya" (BuggiCorp) & "PlayBit"—who sold over a dozen Windows exploits to several cyber criminals & malware authors in recent years.

Read details ➤ https://thehackernews.com/2020/10/exploit-development.html

Researchers reported security flaws in top ANTIVIRUS software that could make your computers more vulnerable to hackers.

https://thehackernews.com/2020/10/antivirus-software-vulnerabilities.html

Affected vendors have released patches:
—Kaspersky
—McAfee
—Symantec
—Fortinet
—Check Point
—Trend Micro
—Avira
—Microsoft Defender

MosaicRegressor — A new rare kind of potentially dangerous UEFI bootkit found actively targeting diplomats with persistent malware.

Read details: https://thehackernews.com/2020/10/uefi-bootkit-malware.html

Cybersecurity researchers have taken the wraps off a new botnet that's hijacking Internet-connected smart devices in the wild to perform nefarious tasks, mostly DDoS attacks, and illicit cryptocurrency coin mining.

Read more: https://thehackernews.com/2020/10/p2p-iot-botnet.html

NEW: Intezer researchers reported security vulnerabilities in Microsoft Azure App Service that could allow attackers to carry out SSRF attacks, insert phishing pages or execute arbitrary code and take over the administration server.

Read more: https://thehackernews.com/2020/10/microsoft-azure-vulnerability.html

Researchers find 55 new security flaws in Apple services and software — 11 of which are critical — allowing attackers to:

✅ hack customer & employee apps,
✅ wormable iCloud account taking over,
✅ retrieve source code for internal Apple projects,
✅ hack industrial control warehouse software,
✅ take over sessions of Apple employees & accessing management tools and sensitive resources.

Read details — https://thehackernews.com/2020/10/apple-security.html

Microsoft has issued a warning about a new ransomware malware that leverages incoming call notifications and Android's Home button to lock the device behind a ransom note.

Read details: https://thehackernews.com/2020/10/android-ransomware-lock.html

Microsoft Releases "October 2020" Patch Tuesday Updates:

🔥 Windows TCP/IP RCE
🔥 MS Outlook RCE
🔥 Windows Hyper-V RCE
🔥 6 Publicly Disclosed Flaws
🔥 11 Critical Flaw Out of Total 87

Read Details: https://thehackernews.com/2020/10/windows-tcp-ip-patch-tuesday.html

FIN11 hackers have been spotted using new tactics, techniques, and procedures (TTPs) in widespread ransomware attacks.

Read details: https://thehackernews.com/2020/10/fin11-hackers-spotted-using-new.html

German police raided 15 residential and business premises linked to commercial spyware company FinFisher over illegally exporting the software abroad without proper authorization.

Details — https://thehackernews.com/2020/10/finfisher-spyware-raid.html

US Government has charged 6 Russian intelligence officers for carrying out destructive malware attacks—including BlackEnergy, Industroyer, KillDisk, NotPetya, and Olympic Destroyer.

Read more: https://thehackernews.com/2020/10/russian-hackers.html