GitLab releases patch for a critical account takeover vulnerability (CVE-2022-1680) affecting all versions of Enterprise Edition from 11.10 before 14.9.5, all versions from 14.10 before 14.10.4, and all versions from 15.0 before 15.0.1.

Read: https://thehackernews.com/2022/06/gitlab-issues-security-patch-for.html

Atlassian has released a security patch that addresses a critical vulnerability (CVE-2022-26134) in Confluence Server and Data Center products that is being actively exploited by attackers.

Read details: https://thehackernews.com/2022/06/atlassian-releases-patch-for-confluence.html

Researchers discover a new state-sponsored attack that exploits the "Follina" vulnerability in Microsoft Office to target government entities in Europe and the United States.

Read details: https://thehackernews.com/2022/06/state-backed-hackers-exploit-microsoft.html

CISA has issued a warning about critical vulnerabilities in Illumina DNA Sequencing devices that could allow unauthenticated attackers to remotely take control of the affected product.

Read details: https://thehackernews.com/2022/06/cisa-warned-about-critical.html

Microsoft said it has taken legal action to stop spear-phishing campaigns associated with Iranian Bohrium hackers by taking over 41 domains used as command-and-control infrastructure.

Read details: https://thehackernews.com/2022/06/microsoft-seizes-41-domains-used-in.html

Two unpatched security vulnerabilities have been disclosed in the open-source U-Boot bootloader used by Linux-based embedded systems, such as ChromeOS, and ebook readers like the Amazon Kindle and Kobo eReader.

Read details: https://thehackernews.com/2022/06/unpatched-critical-flaws-disclosed-in-u.html

10 of the most prolific banking Trojans targeting a wide range of applications available on the Google Play Store and used by over a billion people in total.

Read details: https://thehackernews.com/2022/06/10-most-prolific-banking-trojans.html

Apple has introduced a "Rapid Security Response" feature in iOS16 and macOS Ventura that automatically installs security updates without requiring you to download & install a full OS update and reboot your system.

Details: https://thehackernews.com/2022/06/apples-new-feature-will-install.html

Researchers warn of a new spam campaign distributing SVCReady malware to target its victims.

Read details: https://thehackernews.com/2022/06/researchers-warn-of-spam-campaign.html

Cybercrime group Evil Corp shifts to LockBit ransomware in an attempt to get around sanctions imposed by the U.S. Treasury in December 2019.

Read details: https://thehackernews.com/2022/06/evil-corp-cybercrime-group-shifts-to.html

FBI seizes SSNDOB darknet marketplace for selling personal information such as credit card and Social Security numbers of about 24 million people, generating $19 million in revenue for its operators.

Details: https://thehackernews.com/2022/06/fbi-seizes-ssndob-id-theft-service-for.html

U.S. cybersecurity and intelligence agencies have warned that Chinese state-sponsored cyber actors have been exploiting vulnerabilities in networks to attack organizations in the private and public sectors since at least 2020.

Read details: https://thehackernews.com/2022/06/us-agencies-warn-about-chinese-hackers.html

Emotet botnet malware has been upgraded with a new module for stealing victims' credit card data stored in the Chrome web browser.

Read details: https://thehackernews.com/2022/06/new-emotet-variant-stealing-users.html

Researchers uncover a decade-long Chinese cyber espionage campaign targeting government, educational and telecommunications institutions, primarily in Southeast Asia and Australia.

Read: https://thehackernews.com/2022/06/a-decade-long-chinese-espionage.html

Researchers have uncovered “Symbiote,” what they call a "nearly-impossible-to-detect" Linux malware that’s targeting the financial sector in Latin America.

Read details: https://thehackernews.com/2022/06/symbiote-stealthy-linux-malware.html

Researchers propose a new privacy-focused framework for IoT devices — dubbed "Peekaboo" — that gives users control over what data can be processed and shared with external servers.

Read details: https://thehackernews.com/2022/06/new-privacy-framework-for-iot-devices.html

Experts disclose critical flaws in Carrier's LenelS2 HID Mercury access control system—widely used in healthcare, education and government facilities—which could allow attackers to remotely unlock and lock doors and modify user accounts.

https://thehackernews.com/2022/06/researchers-disclose-critical-flaws-in.html

Researchers say cybercriminals use spoofed emails and fake login pages to impersonate popular cryptocurrency platforms such as Binance, Celo, and Trust Wallet, in order to steal login details and deceptively transfer virtual funds.

Read: https://thehackernews.com/2022/06/researchers-detail-how-cyber-criminals.html

A new study has shown for the first time that the Bluetooth signals constantly emitted by our smartphones have a unique fingerprint that can be used to fingerprint and track individuals' movements.

Details: https://thehackernews.com/2022/06/researchers-find-bluetooth-signals-can.html

MIT researchers demonstrated multiple PoC attacks for a novel hardware attack method, dubbed PACMAN, that targets Apple's M1 processor chipsets and potentially allows attackers to execute arbitrary code on targeted systems.

https://thehackernews.com/2022/06/mit-researchers-discover-new-flaw-in.html

Lyceum group of Iranian state-sponsored hackers has recently been spotted using a new custom .NET-based DNS backdoor in its recent campaigns targeting the Middle East.

Read details: https://thehackernews.com/2022/06/iranian-hackers-spotted-using-new-dns.html