A new study finds that malicious Alexa Skills can easily bypass Amazon's vetting process, designed to trick users into giving up sensitive information.

Read details: https://thehackernews.com/2021/02/alert-malicious-amazon-alexa-skills-can.html

In a new ongoing cyberespionage campaign, prolific North Korean state-sponsored hacking group 'Lazarus' has been spotted targeting defense companies with 'ThreatNeedle' malware.

Read: https://thehackernews.com/2021/02/north-korean-hackers-targeting-defense.html

SolarWinds executives blame an Intern for using the weak password 'solarwinds123' that went unnoticed for several years and eventually led to the largest supply-chain cyberattack of 2020.

https://thehackernews.com/2021/03/solarwinds-blame-intern-for-weak.html

Researchers find Chinese state-sponsored hackers targeted India's critical infrastructure amid geopolitical tensions, with 10 out of 12 targeted organizations from the Power Generation & Transmission sector.

Read: https://thehackernews.com/2021/03/chinese-hackers-targeted-indias-power.html

Gootkit RAT, a framework notorious for delivering banking Trojan, has been spotted leveraging Search Engine Optimization (SEO) on compromised sites to distribute a wider range of malware, including ransomware payloads.

Read details here: https://thehackernews.com/2021/03/gootkit-rat-using-seo-to-distribute.html

A new version of the popular "unc0ver" jailbreaking tool supports iOS 14.3 and earlier releases—making it possible to unlock almost every iPhone model using an in-the-wild exploited vulnerability that Apple disclosed in January.

Details: https://thehackernews.com/2021/03/new-unc0ver-tool-can-jailbreak-all.html

Researchers unearth technical links between SunCrypt and QNAPCrypt ransomware, likely an updated version of the strain that went on to infect several targets last year.

https://thehackernews.com/2021/03/researchers-unearth-links-between.html

🔥 WARNING: Update Your Chrome Browser ASAP!

A new Chrome 0-day vulnerability has been found being actively exploited in the wild.
Read details — https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html
Besides this, latest Google Chrome update for Windows, macOS, and Linux patches a total of 47 flaws.

🔥 URGENT! Chinese hackers actively exploiting 4 new 0-day vulnerabilities affecting on-premises Microsoft Exchange servers to perpetrate data theft and install additional malware.

Read details here: https://thehackernews.com/2021/03/urgent-4-actively-exploited-0-day-flaws.html
Emergency patches released.

Researcher reveals details of a critical $50,000 vulnerability that could have allowed hackers to hijack any Microsoft account.

Read details: https://thehackernews.com/2021/03/a-50000-bug-couldve-allowed-hackers.html

Cybercriminals are now deploying ObliqueRAT malware under the guise of seemingly innocuous image files hosted on compromised websites.

Read details: https://thehackernews.com/2021/03/hackers-now-hiding-obliquerat-payload.html

CISA has issued an emergency directive warning of the "active exploitation" of multiple zero-day flaws reported in the Microsoft Exchange Server.

Read: https://thehackernews.com/2021/03/cisa-issues-emergency-directive-on-in.html

According to ESET, not just the Chinese HAFNIUM group but several cyber-espionage groups, including LuckyMouse, Tick, and Calypso, have been spotted exploiting these zero-day flaws

Cybersecurity firm Qualys got compromised, the company admitted.

Read: https://thehackernews.com/2021/03/extortion-gang-breaches-cybersecurity.html
A prolific extortion gang exploited Accellion File Transfer Appliance server vulnerability to steal sensitive data and posted some files on the darkweb as evidence.

⚡ Google will use 'FLoC' and 'FLEDGE' for Ad-targeting once 3rd-party cookies are dead, stopping trackers from serve ads based on your browsing history.

Learn how it works and also, some concerns about control, privacy, trust: https://thehackernews.com/2021/03/google-will-use-floc-for-ad-targeting.html

Everything You Need to Know About Evolving Threat of Ransomware

https://thehackernews.com/2021/02/everything-you-need-to-know-about.html
Cybersecurity world is constantly evolving to new forms of threats & vulnerabilities; but ransomware proves to be a different animal—most destructive & is showing no signs of slowing down.

🔥 FireEye and Microsoft researchers discover 3 new malware strains used by SolarWinds hackers, including a "sophisticated second-stage backdoor."

✅ GoldMax (aka SUNSHUTTLE)
✅ GoldFinder
✅ Sibot
Details — https://thehackernews.com/2021/03/researchers-find-3-new-malware-strains.html

Mazafaka Got Hacked!

In what's a case of hackers getting hacked, a prominent underground cybercrime forum has been compromised by unknown attackers, making it the fourth forum to have been breached since the start of the year.
Read more: https://thehackernews.com/2021/03/mazafaka-elite-hacking-and-cybercrime.html

(New) Researchers detail design flaws in Apple's crowdsourced Bluetooth location tracking system that could have led to location correlation attacks and unauthorized access to the location histories.

Read details: https://thehackernews.com/2021/03/bug-in-apples-find-my-feature-couldve.html

Multiple threat actors actively exploiting the recently disclosed Microsoft Exchange vulnerability and are believed to have infected over 30,000 businesses & government entities.

Learn everything we know so far about this massive cyberattack — https://thehackernews.com/2021/03/microsoft-exchange-cyber-attack-what-do.html

Researchers demonstrate the first microarchitectural side-channel attacks that leverage contention on the CPU ring interconnect against Intel CPUs, allowing malware to pilfer sensitive data from modern processors.

Read details: https://thehackernews.com/2021/03/malware-can-exploit-new-flaw-in-intel.html