Researchers uncover details of a hacking campaign by South Korean hacker group DarkHotel that targeted luxury hotels and resorts in Macau.

Read details: https://thehackernews.com/2022/03/south-korean-darkhotel-hackers-targeted.html

CryptoRom crypto scammers trick unsuspecting victims into installing fake apps by exploiting legitimate #iOS features like TestFlight and Web Clips.

Read details: https://thehackernews.com/2022/03/cryptorom-crypto-scam-abusing-iphone.html

Hackers use an open-source package installer to compromise French entities in the construction, real estate and government sectors with a new backdoor called "Serpent."

Read details: https://thehackernews.com/2022/03/new-backdoor-targets-french-entities.html

A researcher warns of a new "browser-in-the-browser" (BITB) technique that could allow attackers to spoof a legitimate domain to launch nearly undetectable phishing attacks and steal credentials.

Read details: https://thehackernews.com/2022/03/new-browser-in-browser-bitb-attack.html

A set of newly disclosed critical vulnerabilities in Dell BIOS software affect millions of Edge, Inspiron, Vostro, XPS, Latitude and Alienware series computers.

Read details: https://thehackernews.com/2022/03/new-dell-bios-bugs-affect-millions-of.html

Lapsus$ hacker group claim to have breached Microsoft & authentication company Okta and released 37 GB of data, including source code for Bing Search, Bing Maps and #Cortana, Microsoft's virtual assistant.

https://thehackernews.com/2022/03/lapsus-hackers-claim-to-have-breached.html

⚡ Microsoft and Okta confirm the breach after LAPSUS$ hackers posted stolen source code and screenshots online showing access to the company's internal systems.

Read details: https://thehackernews.com/2022/03/microsoft-and-okta-confirm-breach-by.html

More than 200,000 MicroTik routers worldwide are controlled by botnet malware, described by cybersecurity researchers as one of the largest botnet-as-a-service cybercrime operations in recent years.

Details: https://thehackernews.com/2022/03/over-200000-microtik-routers-worldwide.html

A new variant of Gimmick malware has been spotted that's designed to target Apple macOS systems.

Read details: https://thehackernews.com/2022/03/new-variant-of-chinese-gimmick-malware.html

Hackers from the Chinese cyberespionage group "Mustang Panda" deploying a new variant of the Korplug malware, dubbed Hodur.

Read details: https://thehackernews.com/2022/03/chinese-mustang-panda-hackers-spotted.html

VMware releases patches for critical vulnerabilities in Carbon Black App Control, including a command injection (CVE-2022-22951) and a file upload vulnerability (CVE-2022-22952).

Read details: https://thehackernews.com/2022/03/vmware-issues-patches-for-critical.html

Researchers identified over 200 malicious NPM packages distributed via official repositories that targeted Microsoft Azure developers.

Read: https://thehackernews.com/2022/03/over-200-malicious-npm-packages-caught.html

Researchers have traced the LAPSUS$ cyberattacks to a 16-year-old hacker in England.

Read details: https://thehackernews.com/2022/03/researchers-trace-lapsus-cyber-attacks.html

A 23-year-old Russian national has been indicted in the U.S. and added to the FBI's Cyber Most Wanted list for allegedly administering a cybercrime forum that sold stolen login credentials, personal and credit card data.

Read: https://thehackernews.com/2022/03/23-year-old-russian-hacker-wanted-by.html

At least 2 distinct groups of North Korean state- sponsored hackers exploited a ZERO-DAY (CVE-2022-0609) vulnerability in Google Chrome to launch cyberattacks on the fintech, IT, and media industries.

Read details: https://thehackernews.com/2022/03/north-korean-hackers-exploited-chrome.html

British police have arrested seven suspected members, aged 16 to 21, of the cyber extortion and hacking gang LAPSUS$, which attacked Okta, Microsoft, and Nvidia.

Read details: https://thehackernews.com/2022/03/7-suspected-members-of-lapsus-hacker.html

How to Build a Custom Malware Analysis Sandbox

https://thehackernews.com/2022/03/how-to-build-custom-malware-analysis.html

Google has rolled out an urgent out-of-band update for the Chrome browser for millions of Windows, macOS, and Linux users to patch a new actively exploited zero-day vulnerability.

Read details: https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html

Another Chinese hacker group has entered the fray of the Ukraine conflict and is attacking victims with the HeaderTip backdoor.

Read details: https://thehackernews.com/2022/03/another-chinese-hacking-group-spotted.html

U.S. Federal Communications Commission (FCC) has added Russian cybersecurity firm Kaspersky Lab and two Chinese telecom firms on its list of national security threats, saying they pose an "unacceptable risk" to the country's national security.

https://thehackernews.com/2022/03/fcc-adds-kaspersky-and-chinese-telecom.html

Muhstik botnet is targeting Redis servers using a recently disclosed highly critical vulnerability (CVE-2022-0543 / CVSS 10.0) in the database system.

Read details: https://thehackernews.com/2022/03/muhstik-botnet-targeting-redis-servers.html