Facebook has smashed a network of hackers from China who used its social media platform to hack the Uyghur Muslims living abroad by tricking them into downloading malware designed to spy on their computers and smartphones.

Read details: https://thehackernews.com/2021/03/chinese-hackers-used-facebook-to-hack.html

WATCH OUT! Cisco Jabber messaging software for Windows, macOS, Android, and iOS contains critical vulnerabilities that could allow hackers to hijack your devices remotely.

Details on this, patches and 37 other Cisco advisories: https://thehackernews.com/2021/03/critical-cisco-jabber-bug-could-let.html

Black Kingdom ransomware is hunting unpatched #Microsoft Exchange servers affected by ProxyLogon vulnerabilities.

Read: https://thehackernews.com/2021/03/black-kingdom-ransomware-hunting.html

Warning — SolarWinds Orion Platform has been found vulnerable to a new critical remote code execution (RCE) vulnerability via JSON deserialization.

Read: https://thehackernews.com/2021/03/solarwinds-orion-vulnerability.html
Patches have been released for this and 3 other vulnerabilities.
#infosec #cybersecurity

🔥 Researchers discover new vulnerabilities in 5G network slicing that could expose priority users (i.e., mission-critical sectors) to location tracking and service disruption attacks.

Read details: https://thehackernews.com/2021/03/new-5g-flaw-exposes-priority-networks.html

OpenSSL has released security patches for 2 new high-severity vulnerabilities that could be exploited to perform DoS attacks (CVE-2021-3449) and bypass certificate verification (CVE-2021-3450).

Read details — https://thehackernews.com/2021/03/openssl-releases-patches-for-2-high.html

🔥 Apple yesterday released an URGENT PATCH UPDATE for all of its devices running iOS, iPadOS, macOS, and watchOS to fix another WebKit zero-day vulnerability (CVE-2021-1879) that is being exploited in the wild.

Details: https://thehackernews.com/2021/03/apple-issues-urgent-patch-update-for.html

⚠️Attention — This Android system update notification can install powerful spyware on your device, capable of stealing a massive amount of information--from browser searches to audio and phone call recording.

Read: https://thehackernews.com/2021/03/watch-out-that-android-system-update.html

🔥 ATTENTION — Someone hacked PHP's git server and pushed two new updates to insert a secret RCE backdoor into its source code.

Read more about this latest supply-chain cyberattack on the widely used #programming language: https://thehackernews.com/2021/03/phps-git-server-hacked-to-insert-secret.html

A set of new vulnerabilities in Linux-based operating systems could allow attackers to bypass mitigations for speculative attacks like Spectre and obtain sensitive information from kernel memory.

Read details: https://thehackernews.com/2021/03/new-bugs-could-let-hackers-bypass.html

🔥 MobiKwik, India's popular mobile payment service, suffered a major security breach in which the identity and payment details of over 3.5 million users—including KYC documents (8.2 TB)—were stolen by an unknown hacker.

Details: https://thehackernews.com/2021/03/mobikwik-suffers-major-breach-kyc-data.html

Multiple Japanese industries are being targeted by APT10 hackers using a multi-stage backdoor called 'Ecipekac.'

Read: https://thehackernews.com/2021/03/hackers-are-implanting-multiple.html

Hackers backed by the North Korean government set up a "fake" cybersecurity firm to attack "real" security experts, Google revealed.

Read details: https://thehackernews.com/2021/03/hackers-set-up-fake-cybersecurity-firm.html

Researchers find hackers are exploiting a feature built into the Microsoft Windows Operating system to avoid Firewalls and launch persistent malware attacks against their targets.

Read details here: https://thehackernews.com/2021/04/hackers-using-windows-os-feature-to.html

DeepDotWeb administrator—who received over $8 million in kickbacks for promoting links to illegal Darknet marketplaces—pleads guilty to money laundering charges.

https://thehackernews.com/2021/04/deepdotweb-admin-pleads-guilty-to-money.html

Google is limiting which apps can access the list of other installed apps on your Android device

https://thehackernews.com/2021/04/google-limits-which-apps-can-access.html

533 million Facebook users' personal and contact information posted publicly on a hacking forum, free for public download.

Read: https://thehackernews.com/2021/04/533-million-facebook-users-phone.html
The leaked data was harvested by hackers in 2019 using a Facebook vulnerability.

In a new malware campaign, hackers are targeting professionals on #LinkedIn with weaponized job offers in an attempt to infect targets' devices with a sophisticated backdoor trojan called "more_eggs."

https://thehackernews.com/2021/04/hackers-targeting-professionals-with.html

Chinese hackers have been spotted spying on the Vietnamese government and military organizations in an advanced cyberespionage operation.

Details: https://thehackernews.com/2021/04/hackers-from-china-target-vietnamese.html

Alert: Mission-critical SAP applications—including but not limited to ERP, SCM, HCM, PLM, CRM and others—are currently under active attack.

https://thehackernews.com/2021/04/watch-out-mission-critical-sap.html
Businesses are advised to perform a compromise assessment, apply security patches, and fix misconfigurations to prevent unauthorized access.