Hackers are actively exploiting critical VPNs vulnerabilities on unpatched industrial systems to deploy Cring ransomware.

Read: https://thehackernews.com/2021/04/hackers-exploit-unpatched-vpns-to.html
At least one such hacking incident led to the shutdown of a production site.

Researchers discover a new #Iranian malware, dubbed 'SideTwist,' used in the recent cyberattacks against Lebanese entities.

https://thehackernews.com/2021/04/researchers-uncover-new-iranian-malware.html

Supply Chain Attack!

It turns out that the pre-installed malware app found on hundreds of thousands of Gigaset Android smartphones was pushed as part of an official software update after hackers compromised the company’s servers.
Read: https://thehackernews.com/2021/04/gigaset-android-update-server-hacked-to.html

WARNING: Cisco will not patch a newly discovered critical RCE vulnerability affecting its end-of-life small business routers.



Details: https://thehackernews.com/2021/04/cisco-will-not-patch-critical-rce-flaw.html
The company is urging businesses to purchase new equipment for secure networking.

Alert — A new malware dropper, dubbed 'Saint Bot,' found in the wild is infecting computers with a virus that steals passwords.
https://thehackernews.com/2021/04/alert-theres-new-malware-out-there.html

WARNING — In yet another supply-chain attack, hackers tampered with the popular mobile app store 'APKPure' software to distribute malicious apps to millions of Android devices.



https://thehackernews.com/2021/04/hackers-tampered-with-apkpure-store-to.html

This year at Pwn2Own contest, hackers have hacked the following widely-used programs, resulting in up to $1.2 million in bounties.

✅ Microsoft Exchange and Teams
✅ Windows 10 and Ubuntu
✅ Apple Safari, Google Chrome, Edge
✅ Parallels Desktop
✅ Zoom

https://thehackernews.com/2021/04/windows-ubuntu-zoom-safari-ms-exchange.html

🔥 WATCH OUT — A new exploit has been released to the public for a $100,000 UNPATCHED security vulnerability affecting Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera, and Brave.

Details: https://thehackernews.com/2021/04/rce-exploit-released-for-unpatched.html

Several malicious apps have been caught posing as #Android security scanners on the #Google Play Store

Read — https://thehackernews.com/2021/04/brata-malware-poses-as-android-security.html
These apps trick users into installing fake versions of Chrome, WhatsApp, or PDF Reader, which can steal banking credentials.

As part of an ongoing campaign, attackers are making use of contact forms on websites to deliver malicious links to targeted businesses.



https://thehackernews.com/2021/04/hackers-using-websites-contact-forms-to.html

More than 100 million consumer and enterprise IoT devices are at risk due to 9 newly discovered vulnerabilities affecting 4 widely used TCP/IP stacks.

Read: https://thehackernews.com/2021/04/new-namewreck-vulnerabilities-impact.html

Attention: Google warns that a set of exploits for two new #Chrome flaws exist in the wild, making it possible for hackers to engage in active exploitations.

https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html
As new Chrome updates become available for Windows, Mac, Linux, make sure to install them ASAP!

Summary: Patch Tuesday — April 2021

✅ 114 new flaws, of which are 19 critical
✅ Windows 0-day under active attack
✅ 27 RCE flaws in Windows RPC
✅ NSA uncovers new Exchange server flaws
✅ FBI sanitized hacked Exchange servers
Details: https://lnkd.in/ebuuENd

🔥IMPORTANT: Unfortunately, Google Chrome users are still at risk of hacking even after installing the latest update released today.

Researcher pointed out that there's another bug in V8 engine that still hasn't been addressed in Chrome.
https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html

SMASH ATTACK — Hackers can now use a new JavaScript exploit to trigger 🔨 Rowhammer attacks remotely on modern DDR4 RAM, despite the extensive mitigations over the past seven years.

Find details and demo here: https://thehackernews.com/2021/04/new-javascript-exploit-can-now-carry.html

🔥 A recently reported bug in WhatsApp messenger could have enabled attackers to hack into your phone remotely and even compromise encrypted communications.

Find details and demos here https://thehackernews.com/2021/04/new-whatsapp-bug-couldve-let-attackers.html

ALERT: Cybercriminals are flooding the web with thousands of web pages offering malicious PDF documents such as invoices, templates, questionnaires, and receipts as a ploy for luring business professionals to download a RAT capable of carrying out a wide range of attacks.

https://thehackernews.com/2021/04/yikes-cybercriminals-flood-intrenet.html

🔥 Experts find 1-CLICK code execution bugs in popular desktop apps for Windows, macOS & Linux—including Telegram, Nextcloud, VLC, Libre-/OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark and more.

https://thehackernews.com/2021/04/1-click-hack-found-in-popular-desktop.html
If you're using any of them, make sure it's up-to-date.

In retaliation for the SolarWinds cyberattack, which the United States has attributed with "high confidence" to the operatives working for the Russian intelligence service, the Biden administration today imposed sweeping sanctions on Russia and expelled 10 diplomats.

https://thehackernews.com/2021/04/us-sanctions-russia-and-expels-10.html

Researchers have found multiple severe vulnerabilities affecting OpENer EtherNet/IP stack used in industrial systems that could enable DoS, RCE, and memory leak attacks.

Read: https://thehackernews.com/2021/04/severe-bugs-reported-in-ethernetip.html
A simple crafted packet would be all that's needed to exploit these issues.