An increasing number of malware attacks are leveraging a nascent command-and-control service called "Dark Utilities," which allows hackers to remotely control compromised systems.

Read details: https://thehackernews.com/2022/08/a-growing-number-of-malware-attacks.html

The U.S. Department of Homeland Security (DHS) has warned of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices that could enable attackers to send fake messages.

Read details: https://thehackernews.com/2022/08/emergency-alert-system-flaws-could-let.html

Slack has reset passwords for some of its users after discovering a vulnerability in its workspace invitation system that exposed their salted password hashes.

Read details: https://thehackernews.com/2022/08/slack-resets-passwords-after-bug.html

Twitter reveals that hackers exploited a new zero-day vulnerability to expose 5.4 million user accounts by linking emails and phone numbers to them.

Read details: https://thehackernews.com/2022/08/hackers-exploit-twitter-vulnerability.html

Researchers discover new IoT RapperBot malware capable of brute-forcing SSH credentials to compromise Linux servers.

Read details: https://thehackernews.com/2022/08/new-iot-rapperbot-malware-targeting.html

Meta said it took action against two espionage operations in South Asia that used the Facebook platform to spread malware to potential targets.

Read details: https://thehackernews.com/2022/08/meta-cracks-down-on-cyber-espionage.html

A sophisticated scam-as-a-service scheme known as "Classiscam" is now targeting Singapore.

Read details: https://t.co/OIhdnnMgTh

A new botnet named Orchard has been observed using Bitcoin creator Satoshi Nakamoto's account transaction information to generate domain names to conceal its command-and-control (C2) infrastructure.

Details: https://t.co/hZ3swtxAX3

Researchers have discovered 10 new malicious Python packages distributed via the Python Package Index (PyPI) to harvest critical data points, such as users' passwords and API tokens.

Read details: https://thehackernews.com/2022/08/10-credential-stealing-python-libraries.html

Researchers have detected a wave of targeted cyberattacks on military-industrial complex enterprises and public institutions in several Eastern European countries and Afghanistan.

Read details: https://thehackernews.com/2022/08/chinese-hackers-targeted-dozens-of.html

The U.S. Treasury sanctions virtual currency mixer Tornado Cash, citing its involvement with North Korea's Lazarus Group's high-profile hacking of Ethereum bridges to launder and cash out ill-gotten gains.

Details: https://thehackernews.com/2022/08/us-sanctions-virtual-currency-mixer.html

Customer engagement platform Twilio suffered a data breach after hackers gained "unauthorised access" by tricking some employees into providing their credentials via SMS-based phishing campaigns.

Read details: https://thehackernews.com/2022/08/twilio-suffers-data-breach-after.html

Patch Tuesday, August 2022 — Microsoft releases security updates to address 121 newly reported vulnerabilities, including a zero-day (CVE-2022-34713) bug that the company says is being actively exploited.

Read details: https://thehackernews.com/2022/08/microsoft-issues-patches-for-121-flaws.html

CISA added a recently disclosed security flaw in UnRAR for Linux to its Known Exploited Vulnerabilities Catalog after receiving evidence of active attacks.

Read details: https://thehackernews.com/2022/08/cisa-issues-warning-on-active.html

At least 76 Cloudflare employees and their families were also targeted by hackers behind the recent Twilio security breach.

Read details: https://thehackernews.com/2022/08/hackers-behind-twilio-breach-also_10.html

Researchers detail the Maui ransomware attacks carried out by North Korean government-backed hackers.

Read details: https://thehackernews.com/2022/08/experts-uncover-details-on-maui.html

A former Twitter employee has been convicted of spying on the private information of Twitter users for Saudi Arabia.

Read details: https://thehackernews.com/2022/08/former-twitter-employee-found-guilty-of.html

GitHub now sends Dependabot alerts for vulnerable GitHub Actions to help developers fix security issues in CI/CD workflows.

Read details: https://thehackernews.com/2022/08/github-dependabot-now-alerts-developers.html

Researchers have disclosed multiple severe security vulnerabilities in the Device42 asset management platform that could allow hackers to take control of affected systems.

Read details: https://thehackernews.com/2022/08/critical-flaws-disclosed-in-device42-it.html

Hackers behind the Cuba ransomware attacks are using a new remote access trojan called ROMCOM RAT on compromised systems.

Read details: https://thehackernews.com/2022/08/hackers-behind-cuba-ransomware-attacks.html

Cisco confirmed that it was hacked by the Yanluowang ransomware gang after the hackers gained access to an employee's personal Google account, which contained all the credentials synced by the victim's browser.

Read: https://thehackernews.com/2022/08/cisco-confirms-its-been-hacked-by.html