Researchers discover vulnerabilities in Xiaomi's mobile payment mechanism affecting smartphone devices powered by MediaTek chips.

Read details: https://thehackernews.com/2022/08/xiaomi-phones-with-mediatek-chips-found.html

Researchers have discovered new UEFI Secure Boot bypass vulnerabilities affecting 3 Microsoft-signed boot loaders that could allow attackers to modify the OS on load, install backdoors, and disable security controls.

Read: https://thehackernews.com/2022/08/researchers-uncover-uefi-secure-boot.html

Researchers have uncovered a new malware campaign in which Chinese "Lucky Mouse" hackers backdoor the chat app MiMi to compromise Windows, Linux, and macOS systems.

Read details: https://thehackernews.com/2022/08/chinese-hackers-backdoored-mimi-chat.html

A developer of Tornado Cash has been arrested in the Netherlands on suspicion of concealing criminal financial flows and facilitating money laundering, just days after the U.S. sanctioned the decentralized cryptocurrency mixing service.

Details: https://thehackernews.com/2022/08/tornado-cash-developer-arrested-after.html

Researchers discover a new Python package distributed via the PyPI repository that drops fileless crypto-mining malware onto Linux systems.

Read details: https://thehackernews.com/2022/08/newly-uncovered-pypi-package-drops.html

Researchers discover a new variant of SOVA Android banking trojan with upgraded capabilities i.e. intercepting two-factor authentication codes, stealing cookies & data, taking screenshots, and preventing it from being removed by its victims.

https://thehackernews.com/2022/08/sova-android-banking-trojan-returns-new.html

Russian state-sponsored actors continue to attack Ukrainian entities with information-stealing malware in what appears to be a cyber espionage campaign.

Read details: https://thehackernews.com/2022/08/russian-state-hackers-continue-to.html

Microsoft has taken action to disrupt phishing attacks from SEABORGIUM, a "highly persistent threat actor" whose goals closely align with the interests of the Russian state.

Read details: https://thehackernews.com/2022/08/microsoft-warns-about-phishing-attacks.html

Researchers have developed a novel attack technique, dubbed ‘Evil PLC,’ that weaponizes PLCs to gain an initial foothold in technical workplaces and penetrate operational technology networks.

Read details: https://thehackernews.com/2022/08/new-evil-plc-attack-weaponizes-plcs-to.html

Researchers have uncovered details of the ÆPIC and SQUIP vulnerabilities in Intel and AMD processors that allow attackers to obtain encryption keys and other secret information.

Read: https://thehackernews.com/2022/08/pic-and-squip-vulnerabilities-found-in.html

North Korea-backed Lazarus Group has been observed attacking job seekers with #macOS malware that can run on Apple Macs with Intel and M1 chipsets.

Read details: https://thehackernews.com/2022/08/north-korea-hackers-spotted-targeting.html

Nearly 1.31 million users have been targeted by malicious or unwanted web browser extensions at least once during this year.

Read details: https://thehackernews.com/2022/08/malicious-browser-extensions-targeted.html

RubyGems, the official Ruby package manager, now requires popular package maintainers to use multi-factor authentication (MFA).

Read: https://thehackernews.com/2022/08/rubygems-makes-multi-factor.html

Google releases an important update for the Chrome browser for Mac, Linux, and Windows systems to patch several new vulnerabilities, including a zero-day that is being exploited for attacks.

Read details: https://thehackernews.com/2022/08/new-google-chrome-zero-day.html

Researchers have spotted a new Android dropper trojan that's currently in development, designed to bypass Google's new security mechanisms introduced with the latest Android 13.

Details: https://thehackernews.com/2022/08/cybercriminals-developing-bugdrop.html

Apple releases security updates for iOS, iPadOS, and macOS platforms to fix two new zero-day vulnerabilities that are exploited by threat actors to compromise users.

Read: https://thehackernews.com/2022/08/apple-releases-security-updates-to.html

Hackers associated with BazarLoader, TrickBot, and IcedID are increasingly using the Bumblebee malware loader in their campaigns to breach target networks for post-exploitation activities.

Read: https://thehackernews.com/2022/08/hackers-using-bumblebee-loader-to.html

Researchers confirm that Chinese APT41 hackers attacked at least 13 organizations in the U.S., Taiwan, India, Vietnam, and China during four separate campaigns in 2021.

Read details: https://thehackernews.com/2022/08/china-backed-apt41-hackers-targeted-13.html

Researchers detail DarkTortilla, an evasive crypter used by hackers to spread a broad array of commodity malware and targeted payloads such as Cobalt Strike and Metasploit, likely since 2015.

Read details: https://thehackernews.com/2022/08/researchers-detail-evasive-darktortilla.html

Researchers have discovered a new high-severity vulnerability in the Amazon Ring app for Android, allowing rogue apps to access sensitive information.

Read details: https://thehackernews.com/2022/08/new-amazon-ring-vulnerability-could.html

Google says it has fended off the largest ever HTTPS-based distributed denial of service (DDoS) attack to date, which peaked at 46 million requests per second.

Read details: https://thehackernews.com/2022/08/google-cloud-blocks-record-ddos-attack.html