Microsoft warns of a Chinese hacking group that recently updated its malware tools to compromise Linux servers with the goal of installing cryptocurrency mining software as part of a long-running campaign.

Details: https://thehackernews.com/2022/06/microsoft-warns-of-cryptomining-malware.html

Amazon has quietly patched a serious security vulnerability affecting its Photos app for Android that could have been exploited to steal a users' access tokens.

Details: https://thehackernews.com/2022/07/amazon-quietly-patches-high-severity.html

A new backdoor, dubbed SessionManager, has been discovered in the wild targeting Microsoft IIS servers belonging to a large number of companies around the world.

Read: https://thehackernews.com/2022/07/new-sessionmanager-backdoor-targeting.html

Google has made a number of improvements to its password manager service to make it more secure and consistent across platforms.

Read: https://thehackernews.com/2022/07/google-improves-its-password-manager-to.html

Microsoft has detailed the evolving capabilities of toll fraud malware apps on Android, pointing out its "complex multi-step attack flow" and an improved mechanism to evade security analysis.

Read details: https://thehackernews.com/2022/07/microsoft-warns-about-evolving.html

In response to the FCC commissioner's request to remove TikTok from the Google Play and Apple app stores, the company sent a letter to U.S. lawmakers explaining how it plans to safeguard American user data from Chinese staff.

Read: https://thehackernews.com/2022/07/tiktok-assures-us-lawmakers-its-working.html

An employee of the HackerOne bug bounty platform was caught improperly accessing zero-day vulnerability reports submitted by researchers for personal gain.

Read: https://thehackernews.com/2022/07/hackerone-employee-caught-stealing.html

Ukrainian police have arrested 9 members of a cybercriminal gang that embezzled 100 million UAH via hundreds of phishing sites purporting to offer financial aid to Ukrainian citizens in order to capitalize on the ongoing conflict.

Read: https://thehackernews.com/2022/07/ukrainian-authorities-arrested-phishing.html

UPDATE your Google Chrome browser for Windows, macOS, Linux and Android devices to patch a newly discovered high-severity zero-day vulnerability (CVE-2022-2294) that is being exploited in the wild.

Details: https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html

Researchers have described the various measures ransomware actors have taken to disguise their true identities online, as well as some techniques to reveal the hosting location of their web server infrastructure.

Read: https://thehackernews.com/2022/07/researchers-share-techniques-to-uncover.html

A pro-China influence campaign singled out rare earth mining companies in Australia, Canada, and the U.S. with negative messages in an unsuccessful attempt to manipulate public discourse in China's favor.

Read: https://thehackernews.com/2022/07/pro-china-group-uses-dragonbridge.html

Researchers have uncovered a new widespread supply-chain attack campaign distributing malicious NPM packages designed to steal sensitive data from forms embedded in mobile apps and websites.

Details: https://thehackernews.com/2022/07/researchers-uncover-malicious-npm.html

Hive ransomware-as-a-service operators have switched their file-encrypting malware to Rust programming and adopted a more sophisticated encryption method.

Read: https://thehackernews.com/2022/07/hive-ransomware-upgrades-to-rust-for.html

State-sponsored hackers have been observed abusing a red-teaming and adversarial attack simulation tool called (Brute Ratel C4) BRc4 for their attacks to stay under the radar and evade detection.

Read: https://thehackernews.com/2022/07/hackers-abusing-brc4-red-team.html

A security patch has been released for OpenSSL to fix a high-severity bug (CVE-2022-2274) in the cryptographic library that could lead to remote code execution attacks in certain scenarios.

Read: https://thehackernews.com/2022/07/openssl-releases-patch-for-high.html

NIST has announced the first set of four quantum-resistant cryptographic algorithms selected as winners in its six-year cryptographic competition to protect against quantum-based threats.

Read: https://thehackernews.com/2022/07/nist-announces-first-four-quantum.html

Apple introduces a new security feature called "Lockdown Mode" on iPhone, iPad and Mac devices to protect high-risk users from spyware attacks by state-sponsored hackers.

Details: https://thehackernews.com/2022/07/apples-new-lockdown-mode-protects.html

Researchers have taken the wraps off a new and previously undiscovered Linux threat dubbed "OrBit" that uses a unique method of hijacking execution flow to load the malicious library.

Read: https://thehackernews.com/2022/07/researchers-warn-of-new-orbit-linux.html

CuteBoi !!!

Researchers have uncovered a new large-scale cryptocurrency mining campaign involving over 1200 malicious NPM JavaScript packages uploaded by over a thousand different user accounts.

Read: https://thehackernews.com/2022/07/over-1200-npm-packages-found-involved.html

U.S. cybersecurity and intelligence agencies warn of hackers backed by the North Korean government attacking the healthcare sector with the Maui ransomware.

Read: https://thehackernews.com/2022/07/north-korean-maui-ransomware-actively.html