British police have arrested seven suspected members, aged 16 to 21, of the cyber extortion and hacking gang LAPSUS$, which attacked Okta, Microsoft, and Nvidia.

Read details: https://thehackernews.com/2022/03/7-suspected-members-of-lapsus-hacker.html

How to Build a Custom Malware Analysis Sandbox

https://thehackernews.com/2022/03/how-to-build-custom-malware-analysis.html

Google has rolled out an urgent out-of-band update for the Chrome browser for millions of Windows, macOS, and Linux users to patch a new actively exploited zero-day vulnerability.

Read details: https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html

Another Chinese hacker group has entered the fray of the Ukraine conflict and is attacking victims with the HeaderTip backdoor.

Read details: https://thehackernews.com/2022/03/another-chinese-hacking-group-spotted.html

U.S. Federal Communications Commission (FCC) has added Russian cybersecurity firm Kaspersky Lab and two Chinese telecom firms on its list of national security threats, saying they pose an "unacceptable risk" to the country's national security.

https://thehackernews.com/2022/03/fcc-adds-kaspersky-and-chinese-telecom.html

Muhstik botnet is targeting Redis servers using a recently disclosed highly critical vulnerability (CVE-2022-0543 / CVSS 10.0) in the database system.

Read details: https://thehackernews.com/2022/03/muhstik-botnet-targeting-redis-servers.html

"Purple Fox" hackers have been using a new FatalRAT variant in their recent malware distribution campaigns and have also improved evasion mechanisms to bypass security software.

Read details: https://thehackernews.com/2022/03/purple-fox-hackers-spotted-using-new.html

Cybercriminals are exploiting unpatched Microsoft Exchange servers to hijack email reply chains, tricking victims into installing IceID info-stealing malware.

Read details: https://thehackernews.com/2022/03/hackers-hijack-email-reply-chains-on.html

This Mandiant incident report for Okta's Lapsus$ breach details the entire timeline of events.

Read details: https://thehackernews.com/2022/03/new-report-on-okta-hack-reveals-entire.html

Researchers have uncovered a large-scale supply chain attack which exploited dependency confusion attacks on NPM repository by uploading more than 800 malicious packages.

Read details: https://thehackernews.com/2022/03/a-threat-actor-dubbed-red-lili-has-been.html

Hackers using a "complex and powerful" malware loader with the goal of installing cryptocurrency miners on compromised systems and potentially enabling the theft of #Discord tokens.

Details: https://thehackernews.com/2022/03/new-malware-loader-verblecon-infects.html

A group of academics has designed a new system called "Privid" that provides privacy-preserving surveillance video analytics to combat concerns about invasive tracking.

Read details: https://thehackernews.com/2022/03/privid-privacy-preserving-surveillance.html

Researchers have observed a new “Transparent Tribe” hacking campaign targeting #Indian government and military entities.

Read details: https://thehackernews.com/2022/03/new-hacking-campaign-by-transparent.html

A potentially critical SonicOS vulnerability affects SonicWall firewall appliances, allowing unauthenticated, remote attackers to execute arbitrary code and cause a denial-of-service (DoS) condition.

Read details: https://thehackernews.com/2022/03/critical-sonicos-vulnerability-affects.html

U.S. Cybersecurity Agency (CISA) and the Department of Energy (DoE) have issued a joint warning against attacks on Internet-connected uninterruptible power supply (UPS) devices.

Read details: https://thehackernews.com/2022/03/cisa-warns-of-ongoing-cyber-attacks.html

⚡ LAPSUS$ gang announced their return on after a week-long "vacation," leaking a large amount of data (70 GB) allegedly from the software company Globant, including the source code for some of its customers.

https://thehackernews.com/2022/03/lapsus-claims-to-have-breached-it-firm.html

Researchers demonstrate a new vulnerability in remote keyless entry system that could allow thieves to remotely unlock and even start Honda and Acura vehicles.

Read details: https://thehackernews.com/2022/03/hondas-keyless-access-bug-could-let.html

Researchers have uncovered a new malware campaign in which attackers are using a cracked version of the Mars backdoor and spreading it via Google ads to steal information stored in web browsers and cryptocurrency wallets.

Read: https://thehackernews.com/2022/03/researchers-expose-mars-stealer-malware.html

QNAP warns that a selected number of its network-attached storage (NAS) devices are affected by a recently disclosed Infinite Loop bug in the open-source OpenSSL encryption library.

Details: https://thehackernews.com/2022/03/qnap-warns-of-openssl-infinite-loop.html

⚡Researcher discloses PoC for a new UNPATCHED zero-day remote code execution vulnerability in the Java Spring Framework, threatening the security of enterprise systems and web apps worldwide.

Details: https://thehackernews.com/2022/03/unpatched-java-spring-framework-0-day.html

Hackers are increasingly using the recently disclosed browser-in-the-browser (BitB) technique as part of their credential phishing campaigns exploiting the ongoing Russian-Ukrainian war.

Read details: https://thehackernews.com/2022/03/hackers-increasingly-using-browser-in.html