Personal data of over 100 million users is exposed by 23 #Android apps on the Google Play Store, potentially making them a lucrative target for malicious actors.

The list of affected apps can be found here: https://thehackernews.com/2021/05/these-23-android-apps-expose-over.html

Microsoft warns users to be watchful of the threat of STRRAT data-stealing malware, which is being spread through a "massive email campaign" posing as a ransomware infection.

Read details: https://thehackernews.com/2021/05/microsoft-warns-of-data-stealing.html

CNA Financial, one of the largest insurance companies in the US, has reportedly paid hackers $40 MILLION in ransom to regain access to its systems—making it the most expensive ransom payment to date.

Read: https://thehackernews.com/2021/05/insurance-firm-cna-financial-reportedly.html

A massive data breach at India's flag carrier airline — AirIndia — has exposed credit card and passport data of 4.5 million passengers registered between August 2011 and February 2021, a period of nearly 10 years.

Read: https://thehackernews.com/2021/05/indias-flag-carrier-airline-air-india.html

The FBI has issued a ⚡FLASH ALERT warning of the Conti ransomware that has affected 16 healthcare and emergency services organizations in the United States.

Read details: https://thehackernews.com/2021/05/fbi-warns-conti-ransomware-hit-16-us.html

Researchers disclose details on several critical vulnerabilities affecting Nagios IT monitoring software that could let attackers hijack corporate networks.

Read: https://thehackernews.com/2021/05/details-disclosed-on-critical-flaws.html

A new study has revealed that state-sponsored hackers linked to North Korea were behind a series of "CryptoCore" cyberattacks on cryptocurrency exchanges over the past 3 years.

Read: https://thehackernews.com/2021/05/researchers-link-cryptocore-attacks-on.html

Apple‌ ‌has‌ ‌released‌ ‌software‌ ‌updates‌ ‌for‌ ‌iOS,‌ ‌macOS,‌ ‌tvOS,‌ ‌watchOS,‌ ‌and‌ ‌Safari‌ ‌web‌ ‌browser, containing security patches to address multiple vulnerabilities—including EMERGENCY security patches for the ongoing 0-DAY ‌attacks

https://thehackernews.com/2021/05/apple-issues-patches-to-combat-ongoing.html

A‌ ‌newly discovered set of vulnerabilities in Bluetooth Core and Mesh Profile specifications could pose a threat to legitimate devices, allowing attackers to impersonate them and initiate MITM‌ ‌attacks.

Read: https://thehackernews.com/2021/05/new-bluetooth-flaws-let-attackers.html

A new high-severity buffer overflow vulnerability (CVE-2021-22908) has been reported in Pulse Connect Secure (PCS) that allows a remote, authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user.

Read: https://thehackernews.com/2021/05/new-high-severity-vulnerability.html

Russian-language darkweb marketplace Hydra has emerged as a hotspot for illicit activities, pulling in a whopping $1.37 BILLION worth of cryptocurrencies in 2020.

Read details: https://thehackernews.com/2021/05/russian-hydra-darknet-market-made-over.html

A critical flaw — CVE-2021-21985 — has been found in VMware vCenter Server that could let attackers execute arbitrary code on the targeted servers.

https://thehackernews.com/2021/05/critical-rce-vulnerability-found-in.html
Additionally, VMware has released patches for a separate authentication issue affecting vSphere Client.

Researchers at #Google have discovered yet another variant of the DRAM Rowhammer attack, called 'Half-Double,' that bypasses all existing defenses to tamper with data stored in memory.

Read details: https://thehackernews.com/2021/05/google-researchers-discover-new-variant.html

🔥 WhatsApp has sued the Indian government over new Internet regulations that could force it to break encryption for "traceability,' eventually putting the privacy of billions of users at risk.

Read: https://thehackernews.com/2021/05/whatsapp-sues-indian-government-over.html

Iranian hackers deployed a series of destructive wiper #malware attacks against Israeli targets, disguising the activities as ransomware attacks.

Read: https://thehackernews.com/2021/05/data-wiper-malware-disguised-as.html

Researchers have discovered severe security vulnerabilities in Visual Studio Code extensions, demonstrating yet another supply chain attack vector that could enable attackers to compromise local machines as well as build and deployment systems through an integrated development environment (IDE).

https://thehackernews.com/2021/05/newly-discovered-bugs-in-vscode.html

Hackers are now using fake foundations to trick Uyghurs based in Pakistan and China into downloading #malware as part of espionage activities.

Read details: https://thehackernews.com/2021/05/hackers-using-fake-foundations-to.html

Watch Out!!!

Cybercriminals used malvertising campaigns on #Google search pages to spread trojanized installers of the widely used remote desktop software AnyDesk.
Read details: https://thehackernews.com/2021/05/malvertising-campaign-on-google.html

Chinese hackers continue to target Pulse Secure VPN devices as part of their #cyberespionage activities, dropping malicious web shells to exfiltrate sensitive information from corporate networks.

https://thehackernews.com/2021/05/chinese-cyber-espionage-hackers.html

Hackers behind SolarWinds supply-chain attack target government agencies, think tanks, consultants, and other organizations in 24 countries with new backdoor malware.



Read details: https://thehackernews.com/2021/05/solarwinds-hackers-target-think-tanks.html