New variants of Hello XD ransomware now install a secret backdoor on targeted Windows and Linux systems to gain persistent remote access as part of its double extortion scheme.

Read details: https://thehackernews.com/2022/06/hello-xd-ransomware-installing-backdoor.html

Researchers have disclosed details of two new flaws (CVE-2022-29854 and CVE-2022-29855) in Mitel desk phones that could allow an attacker to gain root permissions.

Read: https://thehackernews.com/2022/06/researchers-disclose-rooting-backdoor.html

Chinese APT hackers known as "Gallium" have been spotted using a new remote access trojan, dubbed "PingPull," in their espionage attacks on companies in Southeast Asia, Europe & Africa.

Read details: https://thehackernews.com/2022/06/chinese-gallium-hackers-using-new.html

Chinese-speaking, technically sophisticated, "SeaFlower" threat actors are targeting cryptocurrency users with backdoored versions of Web3 wallets for Android and #iOS devices in an effort to steal their funds.

Read: https://thehackernews.com/2022/06/chinese-hackers-distribute-backdoored.html

Quick and Simple: BPFDoor Explained

Read: https://thehackernews.com/2022/06/quick-and-simple-bpfdoor-explained.html

Researchers detail the workings of a fully-featured malware loader dubbed "PureCrypter," which is purchased by cybercriminals to spread a variety of remote access trojans and information stealers.

Read: https://thehackernews.com/2022/06/researchers-detail-purecrypter-loader.html

A new covert Linux kernel rootkit called "Syslogk" has been discovered in the wild that allows attackers to remotely command the malware using "magic network packets."

Read details: https://thehackernews.com/2022/06/new-syslogk-linux-rootkit-lets.html

An unpatched security bug in Travis CI API has left thousands of developers' tokens exposed to potential attacks, effectively allowing attackers to breach cloud infrastructures, make unauthorized code changes, and launch supply-chain attacks.

https://thehackernews.com/2022/06/unpatched-travis-ci-api-bug-exposes.html

Researchers release technical details for the 'SynLapse' vulnerability that could have allowed an attacker to perform an RCE and gain access to another Microsoft Azure client’s cloud environment.

https://thehackernews.com/2022/06/technical-details-released-for-synlapse.html

A new, high-severity vulnerability has been discovered in the Zimbra email suite that allows unauthenticated attackers to steal users' plaintext passwords without requiring user interaction.

Read: https://thehackernews.com/2022/06/new-zimbra-email-vulnerability-could.html

< June 2022, Patch Tuesday >

Microsoft, Adobe, Citrix, Dell, Apache Projects, Cisco, Intel, AMD, SAP, Siemens, VMware and other software vendors have released security updates to address dozens of newly discovered vulnerabilities.

Read — https://thehackernews.com/2022/06/patch-tuesday-microsoft-issues-fix-for.html

Cloudflare mitigated a 26 million request/second DDoS attack — the largest HTTPS DDoS attack on record.

Read: https://thehackernews.com/2022/06/cloudflare-saw-record-breaking-ddos.html

A botnet of 5,067 devices (likely hijacked VMs & powerful servers) was involved, with each node generating ~5,200 RPS at its peak.

Researchers unveil a new class of side-channel attacks dubbed 'Hertzbleed" that affect all modern AMD and Intel processors and could allow attackers to extract cryptographic keys from remote servers that were previously considered secure.

Read: https://thehackernews.com/2022/06/new-hertzbleed-side-channel-attack.html

Researchers have discovered a new Golang-based peer-to-peer botnet malware that targets Linux servers and appears to be operated by Japanese hackers.

Read: https://t.co/zlKl1doKVE

A new strain of Android malware has been spotted in the wild, targeting online banking and cryptocurrency wallet users in Spain and Italy, and can steal credentials, cookies, and bypass multi-factor authentication codes.

Read details: https://thehackernews.com/2022/06/malibot-new-android-banking-trojan.html

Cisco releases a patch to address a critical vulnerability in the Email Security Appliance (ESA) and Secure Email and Web Manager that could be exploited by an unauthenticated, remote attacker to bypass authentication.

Read: https://thehackernews.com/2022/06/critical-flaw-in-cisco-secure-email-and.html

Researchers detail a recently reported high-severity vulnerability (CVE-2022-25845) in the Fastjson library that could potentially be exploited for remote code execution attacks.

Read: https://thehackernews.com/2022/06/high-severity-rce-vulnerability.html

Researchers warn of a potentially "dangerous feature" in Microsoft's Office 365 suite that ransomware attackers can abuse to take files stored on SharePoint or OneDrive servers hostage.

Read details: https://thehackernews.com/2022/06/a-microsoft-office-365-feature-could.html

Microsoft warns that the BlackCat ransomware crew is exploiting unpatched Exchange server vulnerabilities to gain access to targeted networks.

Read details: https://thehackernews.com/2022/06/blackcat-ransomware-gang-targeting.html

WordPress has pushed a forced automatic update for Ninja Forms, one of the most popular plugins with over a million active installations, to patch a critical vulnerability that researchers say was likely being actively exploited.

https://thehackernews.com/2022/06/over-million-wordpress-sites-forcibly.html