A new report uncovers how Apple gave the Chinese government access to its users' iCloud data and also allegedly censored several apps.

Read details: https://thehackernews.com/2021/05/how-apple-gave-chinese-government.html

🔥 AWESOME!!!

Google Chrome browser to offer users a new feature allowing them to identify and reset their compromised passwords for various websites with just one-click.
Read details: https://thehackernews.com/2021/05/a-simple-1-click-compromised-password.html

Mozilla has begun rolling out 'Site Isolation' security feature for its Firefox browser in nightly and beta channels that aims to protect users against a new class of attacks from malicious sites.

Read details: https://thehackernews.com/2021/05/mozilla-begins-rolling-out-site.html

Cybercriminals behind the DarkSide ransomware attacks extorted nearly $90 million in ransom from multiple victims in 9 months.

Read: https://thehackernews.com/2021/05/darkside-ransomware-gang-extorted-90.html

Google has released Android security updates, including patches for 4 zero-day vulnerabilities affecting Arm and Qualcomm components that have been exploited in the wild.

Details: https://thehackernews.com/2021/05/android-issues-patches-for-4-new-zero.html

Researchers find that the Oldsmar water plant was likely targeted by a watering hole attack via the website of an infrastructure contractor in the U.S. state of Florida.

Read: https://thehackernews.com/2021/05/watering-hole-attack-was-used-to-target.html

Personal data of over 100 million users is exposed by 23 #Android apps on the Google Play Store, potentially making them a lucrative target for malicious actors.

The list of affected apps can be found here: https://thehackernews.com/2021/05/these-23-android-apps-expose-over.html

Microsoft warns users to be watchful of the threat of STRRAT data-stealing malware, which is being spread through a "massive email campaign" posing as a ransomware infection.

Read details: https://thehackernews.com/2021/05/microsoft-warns-of-data-stealing.html

CNA Financial, one of the largest insurance companies in the US, has reportedly paid hackers $40 MILLION in ransom to regain access to its systems—making it the most expensive ransom payment to date.

Read: https://thehackernews.com/2021/05/insurance-firm-cna-financial-reportedly.html

A massive data breach at India's flag carrier airline — AirIndia — has exposed credit card and passport data of 4.5 million passengers registered between August 2011 and February 2021, a period of nearly 10 years.

Read: https://thehackernews.com/2021/05/indias-flag-carrier-airline-air-india.html

The FBI has issued a ⚡FLASH ALERT warning of the Conti ransomware that has affected 16 healthcare and emergency services organizations in the United States.

Read details: https://thehackernews.com/2021/05/fbi-warns-conti-ransomware-hit-16-us.html

Researchers disclose details on several critical vulnerabilities affecting Nagios IT monitoring software that could let attackers hijack corporate networks.

Read: https://thehackernews.com/2021/05/details-disclosed-on-critical-flaws.html

A new study has revealed that state-sponsored hackers linked to North Korea were behind a series of "CryptoCore" cyberattacks on cryptocurrency exchanges over the past 3 years.

Read: https://thehackernews.com/2021/05/researchers-link-cryptocore-attacks-on.html

Apple‌ ‌has‌ ‌released‌ ‌software‌ ‌updates‌ ‌for‌ ‌iOS,‌ ‌macOS,‌ ‌tvOS,‌ ‌watchOS,‌ ‌and‌ ‌Safari‌ ‌web‌ ‌browser, containing security patches to address multiple vulnerabilities—including EMERGENCY security patches for the ongoing 0-DAY ‌attacks

https://thehackernews.com/2021/05/apple-issues-patches-to-combat-ongoing.html

A‌ ‌newly discovered set of vulnerabilities in Bluetooth Core and Mesh Profile specifications could pose a threat to legitimate devices, allowing attackers to impersonate them and initiate MITM‌ ‌attacks.

Read: https://thehackernews.com/2021/05/new-bluetooth-flaws-let-attackers.html

A new high-severity buffer overflow vulnerability (CVE-2021-22908) has been reported in Pulse Connect Secure (PCS) that allows a remote, authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user.

Read: https://thehackernews.com/2021/05/new-high-severity-vulnerability.html

Russian-language darkweb marketplace Hydra has emerged as a hotspot for illicit activities, pulling in a whopping $1.37 BILLION worth of cryptocurrencies in 2020.

Read details: https://thehackernews.com/2021/05/russian-hydra-darknet-market-made-over.html

A critical flaw — CVE-2021-21985 — has been found in VMware vCenter Server that could let attackers execute arbitrary code on the targeted servers.

https://thehackernews.com/2021/05/critical-rce-vulnerability-found-in.html
Additionally, VMware has released patches for a separate authentication issue affecting vSphere Client.

Researchers at #Google have discovered yet another variant of the DRAM Rowhammer attack, called 'Half-Double,' that bypasses all existing defenses to tamper with data stored in memory.

Read details: https://thehackernews.com/2021/05/google-researchers-discover-new-variant.html

🔥 WhatsApp has sued the Indian government over new Internet regulations that could force it to break encryption for "traceability,' eventually putting the privacy of billions of users at risk.

Read: https://thehackernews.com/2021/05/whatsapp-sues-indian-government-over.html

Iranian hackers deployed a series of destructive wiper #malware attacks against Israeli targets, disguising the activities as ransomware attacks.

Read: https://thehackernews.com/2021/05/data-wiper-malware-disguised-as.html