Hackers backed by the North Korean government set up a "fake" cybersecurity firm to attack "real" security experts, Google revealed.

Read details: https://thehackernews.com/2021/03/hackers-set-up-fake-cybersecurity-firm.html

Researchers find hackers are exploiting a feature built into the Microsoft Windows Operating system to avoid Firewalls and launch persistent malware attacks against their targets.

Read details here: https://thehackernews.com/2021/04/hackers-using-windows-os-feature-to.html

DeepDotWeb administrator—who received over $8 million in kickbacks for promoting links to illegal Darknet marketplaces—pleads guilty to money laundering charges.

https://thehackernews.com/2021/04/deepdotweb-admin-pleads-guilty-to-money.html

Google is limiting which apps can access the list of other installed apps on your Android device

https://thehackernews.com/2021/04/google-limits-which-apps-can-access.html

533 million Facebook users' personal and contact information posted publicly on a hacking forum, free for public download.

Read: https://thehackernews.com/2021/04/533-million-facebook-users-phone.html
The leaked data was harvested by hackers in 2019 using a Facebook vulnerability.

In a new malware campaign, hackers are targeting professionals on #LinkedIn with weaponized job offers in an attempt to infect targets' devices with a sophisticated backdoor trojan called "more_eggs."

https://thehackernews.com/2021/04/hackers-targeting-professionals-with.html

Chinese hackers have been spotted spying on the Vietnamese government and military organizations in an advanced cyberespionage operation.

Details: https://thehackernews.com/2021/04/hackers-from-china-target-vietnamese.html

Alert: Mission-critical SAP applications—including but not limited to ERP, SCM, HCM, PLM, CRM and others—are currently under active attack.

https://thehackernews.com/2021/04/watch-out-mission-critical-sap.html
Businesses are advised to perform a compromise assessment, apply security patches, and fix misconfigurations to prevent unauthorized access.

Researchers revealed details of a new banking trojan targeting corporate users in Brazil across various sectors such as engineering, healthcare, retail, manufacturing, finance, transportation, and government.

Read: https://thehackernews.com/2021/04/experts-uncover-new-banking-trojan.html

Researchers have found a critical authentication bypass vulnerability (CVE-2021-21982) in VMWare Carbon Black Cloud Workload software. Patch it!

Read: https://thehackernews.com/2021/04/critical-auth-bypass-bug-found-in.html
VMware has also addressed 2 separate bugs in vRealize Operations Manager solution.

A new wormable Android malware has been discovered that's capable of propagating via WhatsApp messages automatically.

Details — https://thehackernews.com/2021/04/whatsapp-based-wormable-android-malware.html
Disguised as a rogue Netflix app, malware app was downloadable directly from the official Google Play Store.

In a bid to reduce memory-based vulnerabilities, Google is adding Rust programming language support to Android OS low-level development.

Read details: https://thehackernews.com/2021/04/android-to-support-rust-programming.html

🔥 UPDATE — PHP Supply Chain Attack

Hackers compromised the user database at PHP's official site—including passwords—which was then used to implant a backdoor in the source code.
https://thehackernews.com/2021/04/php-sites-user-database-was-hacked-in.html
PHP maintainers have reset all existing passwords.

Hackers are actively exploiting critical VPNs vulnerabilities on unpatched industrial systems to deploy Cring ransomware.

Read: https://thehackernews.com/2021/04/hackers-exploit-unpatched-vpns-to.html
At least one such hacking incident led to the shutdown of a production site.

Researchers discover a new #Iranian malware, dubbed 'SideTwist,' used in the recent cyberattacks against Lebanese entities.

https://thehackernews.com/2021/04/researchers-uncover-new-iranian-malware.html

Supply Chain Attack!

It turns out that the pre-installed malware app found on hundreds of thousands of Gigaset Android smartphones was pushed as part of an official software update after hackers compromised the company’s servers.
Read: https://thehackernews.com/2021/04/gigaset-android-update-server-hacked-to.html

WARNING: Cisco will not patch a newly discovered critical RCE vulnerability affecting its end-of-life small business routers.



Details: https://thehackernews.com/2021/04/cisco-will-not-patch-critical-rce-flaw.html
The company is urging businesses to purchase new equipment for secure networking.

Alert — A new malware dropper, dubbed 'Saint Bot,' found in the wild is infecting computers with a virus that steals passwords.
https://thehackernews.com/2021/04/alert-theres-new-malware-out-there.html

WARNING — In yet another supply-chain attack, hackers tampered with the popular mobile app store 'APKPure' software to distribute malicious apps to millions of Android devices.



https://thehackernews.com/2021/04/hackers-tampered-with-apkpure-store-to.html

This year at Pwn2Own contest, hackers have hacked the following widely-used programs, resulting in up to $1.2 million in bounties.

✅ Microsoft Exchange and Teams
✅ Windows 10 and Ubuntu
✅ Apple Safari, Google Chrome, Edge
✅ Parallels Desktop
✅ Zoom

https://thehackernews.com/2021/04/windows-ubuntu-zoom-safari-ms-exchange.html