Experts warn of TeaBot, a new Android banking Trojan that hijacks users' credentials and SMS messages to enable fraudulent activity against users of more than 60 banks in Spain, Germany, Italy, Belgium and the Netherlands.


Read: https://thehackernews.com/2021/05/experts-warn-of-new-android-banking.html

US intelligence agencies are warning of weaknesses in the 5G network—such as inadequate deployments and supply chain threats—that cybercriminals and nation-state adversaries can exploit to gain valuable intelligence.

Read: https://thehackernews.com/2021/05/us-intelligence-agencies-warn-about-5g.html

Alert: Hackers Exploit Adobe Reader 0-Day Vulnerability in the Wild

Read: https://thehackernews.com/2021/05/alert-hackers-exploit-adobe-reader-0.html
Also receiving critical patches today are Adobe Experience Manager, InDesign, Illustrator, Magento, Creative Cloud, Media Encoder, After Effects, and Animate.

BABUK ransomware hacker gang leaked data from the Metropolitan Police Department after talks failed over $4 million ransom demand.

Read details: https://thehackernews.com/2021/05/ransomware-gang-leaks-metropolitan.html

Patch Tuesday (May 2021)

Microsoft has released the latest Windows updates to patch a dozen newly discovered vulnerabilities, one of the most critical of which is a wormable RCE (CVE-2021-31166) in the HTTP protocol stack.
Read details - https://thehackernews.com/2021/05/latest-microsoft-windows-updates-patch.html

🔥 Attention! A set of new vulnerabilities—dubbed FragAttacks—affects nearly all Wi-Fi devices shipped in the past 24 years.

https://thehackernews.com/2021/05/nearly-all-wifi-devices-are-vulnerable.html
These flaws could let hackers forge encrypted frames in various ways, enabling code execution and exfiltration of sensitive data.

The dark web is getting loaded with bogus COVID19 test results, fraudulent vaccination cards and questionable vaccines.

Read: https://thehackernews.com/2021/05/dark-web-getting-loaded-with-bogus.html

Source code of cybersecurity company Rapid7 was accessed by hackers during a recent supply-chain attack that compromised Codecov, a popular code coverage tool.

Details: https://thehackernews.com/2021/05/rapid7-source-code-breached-in-codecov.html

Colonial Pipeline paid hackers $5 million to regain control of its data and network after a devastating cyberattack forced the company to shut down fuel pipeline operations for six days.

Read: https://thehackernews.com/2021/05/colonial-pipeline-paid-nearly-5-million.html

Magecart cybercriminals are now hiding malicious PHP shell backdoors in the website's favicon to maintain remote access and steal financial data from e-commerce users.

Read: https://thehackernews.com/2021/05/magecart-hackers-now-hide-php-based.html

Transparent Tribe APT, a Pakistan-linked hacker group known for attacking Indian diplomatic and military facilities, has increased its hacking tool arsenal with new Windows #malware.

Read: https://thehackernews.com/2021/05/pakistan-linked-hackers-added-new.html

Cybercriminals are distributing RAT and password-stealing malware filelessly using Microsoft Build Engine, an open-source development tool.

Read: https://thehackernews.com/2021/05/hackers-using-microsoft-build-engine-to.html

DarkSide, the cybercriminal group behind the recent ransomware attack on a US pipeline company, has gone underground after its servers and Bitcoins were seized.



https://thehackernews.com/2021/05/us-pipeline-ransomware-attackers-go.html

Researchers uncover an ongoing malware campaign that heavily relies on the AutoHotkey (AHK) scripting language to spread several remote-access Trojans (RAT) such as Revenge RAT, LimeRAT, AsyncRAT, Houdini, and Vjw0rm.

Read: https://thehackernews.com/2021/05/experts-warn-about-ongoing-autohotkey.html

Researchers demonstrated how attackers could upload data from non-internet-connected devices by taking advantage of the Find My Network feature in nearby Apple devices.

Read details: https://thehackernews.com/2021/05/apples-find-my-network-can-be-abused-to.html

Watch Out, Users! Bizarro banking malware has now been targeting over 70 banks in Europe and South America.

Read: https://thehackernews.com/2021/05/70-european-and-south-american-banks.html

Over 150 vulnerabilities have been discovered in 58 popular Android stalkerware apps, allowing others to take control of them and put victims' security and privacy at even greater risk.

Read: https://thehackernews.com/2021/05/experts-reveal-over-150-ways-to-steal.html

A new report uncovers how Apple gave the Chinese government access to its users' iCloud data and also allegedly censored several apps.

Read details: https://thehackernews.com/2021/05/how-apple-gave-chinese-government.html

🔥 AWESOME!!!

Google Chrome browser to offer users a new feature allowing them to identify and reset their compromised passwords for various websites with just one-click.
Read details: https://thehackernews.com/2021/05/a-simple-1-click-compromised-password.html

Mozilla has begun rolling out 'Site Isolation' security feature for its Firefox browser in nightly and beta channels that aims to protect users against a new class of attacks from malicious sites.

Read details: https://thehackernews.com/2021/05/mozilla-begins-rolling-out-site.html

Cybercriminals behind the DarkSide ransomware attacks extorted nearly $90 million in ransom from multiple victims in 9 months.

Read: https://thehackernews.com/2021/05/darkside-ransomware-gang-extorted-90.html