“The second Tuesday of every month will be 'just another Tuesday.”

Microsoft to launch a new feature with the release of Windows 10/11 Enterprise E3 — called Autopatch — to help companies automatically keep their systems up-to-date.

Details: https://thehackernews.com/2022/04/microsofts-new-autopatch-feature-to.html

Cybersecurity researchers warn against two different information-stealing malware, named "FFDroider" and "Lightning" Stealer, which are capable of siphoning off data and launching further attacks.

Details: https://thehackernews.com/2022/04/researchers-warn-of-ffdroider-and.html

Parrot Traffic Direction System (TDS) is leveraging over 16,500 compromised websites to spread various malware families, including Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish.

https://thehackernews.com/2022/04/over-16500-sites-hacked-to-distribute.html

Google is taking legal action against a scammer who runs fraudulent websites to trick unsuspecting people into buying non-existent puppies.

Read details: https://thehackernews.com/2022/04/google-sues-scammer-for-running-puppy.html

Maintainers of the NGINX web server project have published workarounds to address a publicly discussed potential zero-day #vulnerability affecting the LDAP Reference Implementation.

Read details: https://thehackernews.com/2022/04/nginx-shares-mitigations-for-zero-day.html

At least five senior European Union officials were reportedly targeted with NSO Group's Pegasus surveillance tool.

Read details: https://thehackernews.com/2022/04/eu-officials-reportedly-targeted-with.html

Researchers have reported a critical LFI vulnerability in the developer-focused blogging platform Hashnode that could have let attackers to access sensitive data such as SSH keys, the server's IP address, and other network information.

Read: https://thehackernews.com/2022/04/critical-lfi-vulnerability-reported-in.html

Microsoft releases April 2022 Patch Tuesday updates to fix a total of 128 new flaws.

Read: https://thehackernews.com/2022/04/microsoft-issues-patches-for-2-windows.html

10 of them are classified as critical, 115 as important and three as moderate, with one #vulnerability already publicly known and another being actively exploited.

Law enforcement agencies have raided and seized the site and user database of RaidForums, one of the most notorious hacking forums that sell access to hacked personal data.

Read: https://thehackernews.com/2022/04/fbi-europol-seize-raidforums-hacker.html

A forum administrator and his two accomplices have also been arrested.

Russian hacker group "Sandworm" attempted to sabotage the operation of Ukraine's power grid with a new destructive variant of the Industroyer malware.

Read details: https://thehackernews.com/2022/04/russian-hackers-tried-attacking.html

Microsoft exposes the way Chinese hackers hide Tarrask malware on Windows machines in order to avoid detection.

Read details: https://thehackernews.com/2022/04/microsoft-exposes-evasive-chinese.html

A week after VMware released patches to fix 8 vulnerabilities in VMware Workspace ONE Access, threat actors have begun actively exploiting one of the critical vulnerabilities (CVE-2022-22954) in the wild.

Details: https://thehackernews.com/2022/04/vmware-releases-patches-for-critical.html

U.S. cybersecurity and federal agencies have issued a joint warning against APT hackers who are continually targeting critical infrastructure with specially designed malware that can scan, compromise, and control certain ICS/SCADA devices.

https://thehackernews.com/2022/04/us-warns-of-apt-hackers-targeting.html

Microsoft and a consortium of cybersecurity companies took legal and technical steps to disrupt the ZLoader cybercrime botnet.

Read details: https://thehackernews.com/2022/04/microsoft-disrupts-zloader-cybercrime.html

Keksec's new EnemyBot DDoS botnet borrows features and exploit code from Mirai and Gafgyt malware.

Read details: https://thehackernews.com/2022/04/new-enemybot-ddos-botnet-borrows.html

Cybersecurity researchers have disclosed a security flaw in the Rarible non-fungible token (NFT) marketplace that could have allowed attackers to takeover cryptocurrency wallets.

Read: https://thehackernews.com/2022/04/rarible-nft-marketplace-flaw-couldve.html

Former Ethereum developer Virgil Griffith has been sentenced to 5 years and 3 months in prison and fined $100,000 for helping NorthKorea evade sanctions.

Read details: https://thehackernews.com/2022/04/ethereum-developer-jailed-63-months-for.html

⚡An urgent update for Google Chrome browser has been released to patch a new zero-day security vulnerability (CVE-2022-1364) that is being actively exploited by hackers.

Read details: https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html

A highly-critical vulnerability (CVE-2022-22966) has been discovered in VMWare Cloud Director that can be exploited for RCE attacks, allowing attackers to gain access to sensitive data & take over private clouds within an entire infrastructure.

https://thehackernews.com/2022/04/critical-vmware-cloud-director-bug.html

Haskers gang has released a new information stealing malware called ZingoStealer for free to other cybercriminals so that they can use the tool for nefarious purposes.

Read details: https://thehackernews.com/2022/04/haskers-gang-gives-away-zingostealer.html

Researchers publish details of 5 new vulnerabilities, dubbed JekyllBot:5, that affect Aethon Tug hospital robots and could allow attackers to intercept medication and lab samples and control the devices.

Read: https://thehackernews.com/2022/04/new-jekyllbot5-flaws-let-attackers-take.html