Windows LodaRAT malware with credential-stealing and espionage capabilities has now expanded its scope to set its sights on users of Android devices.

Read more: https://thehackernews.com/2021/02/lodarat-windows-malware-now-also.html

🔥 A novel dependency confusion supply-chain attack allowed a security researcher to breach over 35 high-profile companies—including Microsoft, Apple, PayPal, Shopify, Netflix, Tesla, Uber—and achieve remote code execution.

Details: https://thehackernews.com/2021/02/dependency-confusion-supply-chain.html

In its latest cyber espionage attacks, Iranian hackers utilize a legit remote access tool, called ScreenConnect, to spy on UAE and Kuwait government agencies.

Read details: https://thehackernews.com/2021/02/iranian-hackers-utilize-screenconnect.html

It turns out that poor #password security and outdated system lead to the recent cyberattack on Florida's water treatment facility, where an attacker tried to poison the water supply.

Read details here: https://thehackernews.com/2021/02/poor-password-security-lead-to-recent.html

A researcher discovered a privacy flaw in the Telegram messenger that left media files shared over the self-destructible secret chat feature.

https://thehackernews.com/2021/02/secret-chat-in-telegram-left-self.html

In a separate issue, Telegram's macOS app stored local passcodes in plaintext.

An Employee at Russia's leading technology company 'Yandex' caught selling unauthorized access to the users' mailboxes for personal gain.

Details: https://thehackernews.com/2021/02/yandex-employee-caught-selling-access.html

Yandex discloses 4,887 email accounts were compromised.

As a new privacy feature, Apple will proxy Safe Browsing requests to preserve iOS users' privacy and hide IP addresses from Google.

Read: https://thehackernews.com/2021/02/apple-will-proxy-safe-browsing-requests.html

A malicious sticker sent on the Telegram messaging app could have exposed your secret messages, photos, and videos to remote hackers.

Read more: https://thehackernews.com/2021/02/a-sticker-sent-on-telegram-could-have.html

In a 3-year-long stealthy cyber espionage operation, Russian hackers exploit IT monitoring tool 'Centreon' to target several French entities.

Read details: https://thehackernews.com/2021/02/hackers-exploit-it-monitoring-tool.html

Researchers disclose multiple unpatched vulnerabilities affecting popular SHAREit app for Android that could be abused to leak a user's sensitive data, execute arbitrary code, and possibly lead to remote code execution.

https://thehackernews.com/2021/02/unpatched-shareit-android-app-flaw.html

Malvertisers exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirected users to fraudulent websites gift card scams.

Read details: https://t.co/em1xrNEYy8

Researchers warn of a new FUD office malware builder, called 'APOMacroSploit,' getting popular among cybercriminals and also unmasked the identity of hackers behind its development.

Read — https://t.co/rc6wffiz8t

HACKERS WANTED BY THE FBI !!!

The United States has charged 3 North Korean military hackers to steal and extort over $1.3 billion in cash and cryptocurrencies from financial institutions and businesses.
https://thehackernews.com/2021/02/us-charges-3-north-korean-hackers-over.html

🔥 First #malware tailored to run natively on Apple's M1 chips has been discovered in the wild.

Details: https://thehackernews.com/2021/02/first-malware-designed-for-apple-m1.html

(New) Microsoft discloses that SolarWinds hackers stole source code for some of its Azure, Exchange, and Intune components.

Details: https://thehackernews.com/2021/02/solarwinds-hackers-stole-some-source.html

Masslogger, an infamous credential stealer trojan, has been updated to steal all your credentials from Microsoft Outlook, Google Chrome, and instant messenger apps.

Read details: https://thehackernews.com/2021/02/masslogger-trojan-upgraded-to-steal-all.html

🔥 WATCH OUT !!!

A new hack lets criminals bypass PIN for Mastercard contactless cards by tricking terminals into believing it to be a Visa card.
Read about 'Card Brand Mixup Attack' here — https://thehackernews.com/2021/02/new-hack-lets-attackers-bypass.html

A privacy bug in Brave Browser exposes the Dark-Web browsing history of its users by sending queries for .onion domains to public internet DNS resolvers rather than routing them through Tor nodes.

https://thehackernews.com/2021/02/privacy-bug-in-brave-browser-exposes.html

Researchers disclose yet another malware that targets both Apple Macs running M1 and Intel processors, which has so far already infected nearly 30,000 systems.

Read details: https://thehackernews.com/2021/02/new-silver-sparrow-malware-infected.html

New evidence suggests Chinese hackers had access to an U.S-made hacking tool and some zero-day exploits years before the Shadow Brokers group disclosed them publicly.

Details: https://thehackernews.com/2021/02/chinese-hackers-had-access-to-us.html
APT31 repurposed them to attack U.S. targets between 2014 and 2017.

UNC2546 hackers exploited Accellion FTA's 0-day vulnerabilities to steal its targets' data in the recent extortion attacks.

Read details: https://thehackernews.com/2021/02/hackers-exploit-accellion-zero-days-in.html