Several malicious apps have been caught posing as #Android security scanners on the #Google Play Store

Read — https://thehackernews.com/2021/04/brata-malware-poses-as-android-security.html
These apps trick users into installing fake versions of Chrome, WhatsApp, or PDF Reader, which can steal banking credentials.

As part of an ongoing campaign, attackers are making use of contact forms on websites to deliver malicious links to targeted businesses.



https://thehackernews.com/2021/04/hackers-using-websites-contact-forms-to.html

More than 100 million consumer and enterprise IoT devices are at risk due to 9 newly discovered vulnerabilities affecting 4 widely used TCP/IP stacks.

Read: https://thehackernews.com/2021/04/new-namewreck-vulnerabilities-impact.html

Attention: Google warns that a set of exploits for two new #Chrome flaws exist in the wild, making it possible for hackers to engage in active exploitations.

https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html
As new Chrome updates become available for Windows, Mac, Linux, make sure to install them ASAP!

Summary: Patch Tuesday — April 2021

✅ 114 new flaws, of which are 19 critical
✅ Windows 0-day under active attack
✅ 27 RCE flaws in Windows RPC
✅ NSA uncovers new Exchange server flaws
✅ FBI sanitized hacked Exchange servers
Details: https://lnkd.in/ebuuENd

🔥IMPORTANT: Unfortunately, Google Chrome users are still at risk of hacking even after installing the latest update released today.

Researcher pointed out that there's another bug in V8 engine that still hasn't been addressed in Chrome.
https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html

SMASH ATTACK — Hackers can now use a new JavaScript exploit to trigger 🔨 Rowhammer attacks remotely on modern DDR4 RAM, despite the extensive mitigations over the past seven years.

Find details and demo here: https://thehackernews.com/2021/04/new-javascript-exploit-can-now-carry.html

🔥 A recently reported bug in WhatsApp messenger could have enabled attackers to hack into your phone remotely and even compromise encrypted communications.

Find details and demos here https://thehackernews.com/2021/04/new-whatsapp-bug-couldve-let-attackers.html

ALERT: Cybercriminals are flooding the web with thousands of web pages offering malicious PDF documents such as invoices, templates, questionnaires, and receipts as a ploy for luring business professionals to download a RAT capable of carrying out a wide range of attacks.

https://thehackernews.com/2021/04/yikes-cybercriminals-flood-intrenet.html

🔥 Experts find 1-CLICK code execution bugs in popular desktop apps for Windows, macOS & Linux—including Telegram, Nextcloud, VLC, Libre-/OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark and more.

https://thehackernews.com/2021/04/1-click-hack-found-in-popular-desktop.html
If you're using any of them, make sure it's up-to-date.

In retaliation for the SolarWinds cyberattack, which the United States has attributed with "high confidence" to the operatives working for the Russian intelligence service, the Biden administration today imposed sweeping sanctions on Russia and expelled 10 diplomats.

https://thehackernews.com/2021/04/us-sanctions-russia-and-expels-10.html

Researchers have found multiple severe vulnerabilities affecting OpENer EtherNet/IP stack used in industrial systems that could enable DoS, RCE, and memory leak attacks.

Read: https://thehackernews.com/2021/04/severe-bugs-reported-in-ethernetip.html
A simple crafted packet would be all that's needed to exploit these issues.

A Ukrainian hacker—who worked as system administrator for the billion-dollar hacking group FIN7—has been sentenced to 10 years in U.S. prison.

https://thehackernews.com/2021/04/sysadmin-of-billion-dollar-hacking.html

XCSSET macOS malware campaign that targeted Xcode developers has been updated to include support for Apple's new M1 chips and expand its capabilities to steal from cryptocurrency apps.

Read: https://thehackernews.com/2021/04/malware-spreads-via-xcode-projects-now.html

In recent spear-phishing attacks, North Korean Lazarus APT hackers are now using BMP images to hide RAT malware.

Read: https://thehackernews.com/2021/04/lazarus-apt-hackers-are-now-using-bmp.html

Watch Out! Researchers have spotted a new set of fraudulent Android apps—with over 700,000 downloads—on the Google Play store that hijack SMS notifications for billing scams.

Check list here: https://thehackernews.com/2021/04/over-750000-users-download-new-billing.html

🔥 WARNING !!!

APT hackers are exploiting a new UNPATCHED 0-DAY critical authentication bypass vulnerability (CVE-2021-22893) in Pulse Connect Secure Gateway to breach organizations worldwide.
Details — https://thehackernews.com/2021/04/warning-hackers-exploit-unpatched-pulse.html
Temporary mitigations currently available.

0-DAY ALERT — Hackers have been exploiting 3 new flaws in #SonicWall Email Security appliances to penetrate corporate networks and "install a backdoor, access files and email, and move laterally on the victim's network."

Details: https://thehackernews.com/2021/04/3-zero-day-exploits-hit-sonicwall.html

⚡ Google Chrome users should UPDATE (90.0.4430.85 or above) their browsers immediately to fix a high-risk vulnerability for which no patch was available for a week after a PoC exploit was made public.

Read — https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html

REvil ransomware gang has compromised Apple supplier Quanta, and hackers are now threatening to leak stolen blueprints of future MacBooks if a $50 million ransom isn't paid.

Sample blueprints published. Read: https://thehackernews.com/2021/04/hackers-threaten-to-leak-stolen-apple.html