🔥 Watch Out! Hackers are exploiting a zero-day vulnerability flaw in Gatekeeper that permits unapproved software to run on Apple macbooks.

Read detail: https://thehackernews.com/2021/04/hackers-exploit-0-day-gatekeeper-flaw.html
Users are advised to install the latest updates to patch the issue.

Babuk ransomware gang compromises D.C. Police Department, Steals nearly 250 GB of data and is now threatening to expose police informants to criminal gangs if a ransom isn't paid.

https://thehackernews.com/2021/04/hackers-threaten-to-leak-dc-police.html

Attention, Android users! A banking malware capable of stealing sensitive information is spreading rapidly across Europe, with the U.S. likely to be the next target.

https://thehackernews.com/2021/04/attention-flubot-android-banking.html

F5's BIG -IP devices have been found vulnerable to the Kerberos KDC spoofing vulnerability that could allow attackers to bypass security policies and gain unfettered access to sensitive workloads.

Details: https://thehackernews.com/2021/04/f5-big-ip-found-vulnerable-to-kerberos.html
F5 is expected to roll out patches today.

Watch Out — Cybercriminals are heavily utilizing the Excel 4.0 macro documents to distribute malware.

Read details: https://thehackernews.com/2021/04/cybercriminals-widely-abusing-excel-40.html

Researchers have identified a stealthy Linux malware that had gone undetected for 3 years, allowing hackers to harvest and steal sensitive information from infected systems.

https://thehackernews.com/2021/04/researchers-uncover-stealthy-linux.html

Researchers have uncovered a new cyber espionage campaign by Naikon APT Chinese hackers targeting military organizations in Southeast Asia using two new backdoors—called "Nebulae" and "RainyDay"—to steal data.

Read details: https://thehackernews.com/2021/04/chinese-hackers-attacking-military.html

Researchers uncover new cyberattack activities, collectively named "EmissarySoldier," attributed to LuckyMouse, the APT hacking group that’s well-known for its watering hole attacks against government entities.

Read details: https://thehackernews.com/2021/04/luckymouse-hackers-target-banks.html

WATCH OUT!!!

A newly disclosed critical command injection vulnerability (CVE-2021-29472) in PHP composer (dependency management tools) could enable widespread supply-chain attacks.
https://thehackernews.com/2021/04/a-new-php-composer-bug-could-enable.html
Patch your PHP Packagist/Composer immediately.

IMPORTANT — Passwordstate warns its password management software customers of ongoing phishing attacks against after the recent data breach.

Read: https://thehackernews.com/2021/04/passwordstate-warns-of-ongoing-phishing.html

Microsoft disclosed two dozen BadAlloc vulnerabilities which could enable hackers to execute arbitrary code on a wide range of Industrial IoT and Operational Technology (OT) devices used in industrial, medical, and enterprise systems.

Read: https://thehackernews.com/2021/04/microsoft-finds-badalloc-flaws.html

A Chinese APT group of hackers is using a new backdoor against a leading Russian nuclear submarine design company.

Read: https://thehackernews.com/2021/05/new-chinese-malware-targeted-russias.html

⚡A leaked document has surfaced revealing an Iranian state-sponsored ransomware operation, researchers claim.

Read details — https://thehackernews.com/2021/05/researchers-uncover-iranian-state.html

Now there is a new Buer malware variant in the wild, written in the Rust programming language.



https://thehackernews.com/2021/05/a-new-buer-malware-variant-has-been.html

A new mobile app security search engine—called BeVigil—identifies over 40 popular mobile apps with more than 100 million downloads leaking AWS keys, putting their internal networks and users' information at risk.

Read: https://thehackernews.com/2021/05/over-40-apps-with-more-than-100-million.html

IMPORTANT — Apple releases emergency software security updates for iOS, macOS, and watchOS to patch 3 new 0-day vulnerabilities that are under active attack and extend patches for a fourth vulnerability.

Read details: https://thehackernews.com/2021/05/apple-releases-urgent-security-patches.html

A security patch has now been released for the critical vulnerability (CVE-2021-22893) affecting Pulse Secure VPN appliances, which had been made public after it was spotted being used in an active zero-day attack.

Details: https://thehackernews.com/2021/05/critical-patch-out-for-month-old-pulse.html

Researchers discover a new malware called "Pingback" that uses ICMP tunneling in an attempt to avoid C&C detection.

Read details: https://thehackernews.com/2021/05/new-pingback-malware-using-icmp.html

Watch Out! Researchers discovered a new set of 21 vulnerabilities in EXIM mail software that could be exploited to gain root privileges on hundreds of thousands of vulnerable servers.

https://thehackernews.com/2021/05/alert-new-21nails-exim-bugs-expose.html

Multiple security vulnerabilities—which went undetected since 2009—affecting hundreds of millions of DELL computers worldwide could allow malware to gain kernel-mode privileges on compromised systems.



Read: https://thehackernews.com/2021/05/bios-privesc-bug-affects-hundreds-of.html