IMPORTANT — Passwordstate warns its password management software customers of ongoing phishing attacks against after the recent data breach.

Read: https://thehackernews.com/2021/04/passwordstate-warns-of-ongoing-phishing.html

Microsoft disclosed two dozen BadAlloc vulnerabilities which could enable hackers to execute arbitrary code on a wide range of Industrial IoT and Operational Technology (OT) devices used in industrial, medical, and enterprise systems.

Read: https://thehackernews.com/2021/04/microsoft-finds-badalloc-flaws.html

A Chinese APT group of hackers is using a new backdoor against a leading Russian nuclear submarine design company.

Read: https://thehackernews.com/2021/05/new-chinese-malware-targeted-russias.html

⚡A leaked document has surfaced revealing an Iranian state-sponsored ransomware operation, researchers claim.

Read details — https://thehackernews.com/2021/05/researchers-uncover-iranian-state.html

Now there is a new Buer malware variant in the wild, written in the Rust programming language.



https://thehackernews.com/2021/05/a-new-buer-malware-variant-has-been.html

A new mobile app security search engine—called BeVigil—identifies over 40 popular mobile apps with more than 100 million downloads leaking AWS keys, putting their internal networks and users' information at risk.

Read: https://thehackernews.com/2021/05/over-40-apps-with-more-than-100-million.html

IMPORTANT — Apple releases emergency software security updates for iOS, macOS, and watchOS to patch 3 new 0-day vulnerabilities that are under active attack and extend patches for a fourth vulnerability.

Read details: https://thehackernews.com/2021/05/apple-releases-urgent-security-patches.html

A security patch has now been released for the critical vulnerability (CVE-2021-22893) affecting Pulse Secure VPN appliances, which had been made public after it was spotted being used in an active zero-day attack.

Details: https://thehackernews.com/2021/05/critical-patch-out-for-month-old-pulse.html

Researchers discover a new malware called "Pingback" that uses ICMP tunneling in an attempt to avoid C&C detection.

Read details: https://thehackernews.com/2021/05/new-pingback-malware-using-icmp.html

Watch Out! Researchers discovered a new set of 21 vulnerabilities in EXIM mail software that could be exploited to gain root privileges on hundreds of thousands of vulnerable servers.

https://thehackernews.com/2021/05/alert-new-21nails-exim-bugs-expose.html

Multiple security vulnerabilities—which went undetected since 2009—affecting hundreds of millions of DELL computers worldwide could allow malware to gain kernel-mode privileges on compromised systems.



Read: https://thehackernews.com/2021/05/bios-privesc-bug-affects-hundreds-of.html

A new academic study has highlighted a number of serious #privacy and security pitfalls associated with recycling mobile phone numbers that could be abused to stage a variety of attacks, including account takeovers, phishing, spam attacks.

Read: https://thehackernews.com/2021/05/new-study-warns-of-security-threats.html

🔥 Researchers have found a new variant of Spectre vulnerability that bypasses all current protections built into Intel & AMD processors, potentially putting BILLIONS of systems—desktops, laptops, cloud servers, smartphones—at risk of hacking.

https://thehackernews.com/2021/05/new-spectre-flaws-in-intel-and-amd-cpus.html

A new Qualcomm MSM vulnerability (CVE-2020-11292) could allow hackers to spy on Android devices by hiding malicious activity in modem chips.

Read details: https://thehackernews.com/2021/05/new-qualcomm-chip-bug-could-let-hackers.html

Newly discovered critical vulnerabilities in Cisco vManage and HyperFlex HX could allow hackers to remotely execute commands as root on affected devices or even create unauthorized administrators.

Read details: https://thehackernews.com/2021/05/critical-flaws-hit-cisco-sd-wan-vmanage.html

A newly discovered stealth ROOTKIT malware—active since at least 2018—has infiltrated the networks of several high-profile organizations, helping hackers gain control of remote hosts as well as facilitate lateral movement.

Read details: https://thehackernews.com/2021/05/new-stealthy-rootkit-infiltrated.html

TsuNAME — A new critical vulnerability affecting DNS resolvers could let attackers carry out reflection-based DDoS attacks to take down authoritative servers.

Find details here: https://thehackernews.com/2021/05/new-tsuname-flaw-could-let-attackers.html

A researcher has disclosed 6 unpatched 0-day vulnerabilities affecting the "RemoteMouse" app for Android (over 1 million installs) & iOS devices that could let remote hackers gain full RCE on connected computers without user interaction.

Read: https://thehackernews.com/2021/05/6-unpatched-flaws-disclosed-in-remote.html

Google this week announced 4 major privacy and security that everyone needs to know about:

— Two-factor authentication for all, by default.
— Privacy labels for Google Play apps
— Hardware-Enforced Exploit Protection for Chrome
— Cosign for signing and verifying container images
Read details here: https://thehackernews.com/2021/05/4-major-privacy-and-security-updates.html

Facebook has decided it won't deactivate WhatsApp accounts that don't agree with its latest controversial privacy policy by May 15, but will instead restrict some key features as a reminder.https://thehackernews.com/2021/05/facebook-will-limit-your-whatsapp.html