A‌ ‌newly discovered set of vulnerabilities in Bluetooth Core and Mesh Profile specifications could pose a threat to legitimate devices, allowing attackers to impersonate them and initiate MITM‌ ‌attacks.

Read: https://thehackernews.com/2021/05/new-bluetooth-flaws-let-attackers.html

A new high-severity buffer overflow vulnerability (CVE-2021-22908) has been reported in Pulse Connect Secure (PCS) that allows a remote, authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user.

Read: https://thehackernews.com/2021/05/new-high-severity-vulnerability.html

Russian-language darkweb marketplace Hydra has emerged as a hotspot for illicit activities, pulling in a whopping $1.37 BILLION worth of cryptocurrencies in 2020.

Read details: https://thehackernews.com/2021/05/russian-hydra-darknet-market-made-over.html

A critical flaw — CVE-2021-21985 — has been found in VMware vCenter Server that could let attackers execute arbitrary code on the targeted servers.

https://thehackernews.com/2021/05/critical-rce-vulnerability-found-in.html
Additionally, VMware has released patches for a separate authentication issue affecting vSphere Client.

Researchers at #Google have discovered yet another variant of the DRAM Rowhammer attack, called 'Half-Double,' that bypasses all existing defenses to tamper with data stored in memory.

Read details: https://thehackernews.com/2021/05/google-researchers-discover-new-variant.html

🔥 WhatsApp has sued the Indian government over new Internet regulations that could force it to break encryption for "traceability,' eventually putting the privacy of billions of users at risk.

Read: https://thehackernews.com/2021/05/whatsapp-sues-indian-government-over.html

Iranian hackers deployed a series of destructive wiper #malware attacks against Israeli targets, disguising the activities as ransomware attacks.

Read: https://thehackernews.com/2021/05/data-wiper-malware-disguised-as.html

Researchers have discovered severe security vulnerabilities in Visual Studio Code extensions, demonstrating yet another supply chain attack vector that could enable attackers to compromise local machines as well as build and deployment systems through an integrated development environment (IDE).

https://thehackernews.com/2021/05/newly-discovered-bugs-in-vscode.html

Hackers are now using fake foundations to trick Uyghurs based in Pakistan and China into downloading #malware as part of espionage activities.

Read details: https://thehackernews.com/2021/05/hackers-using-fake-foundations-to.html

Watch Out!!!

Cybercriminals used malvertising campaigns on #Google search pages to spread trojanized installers of the widely used remote desktop software AnyDesk.
Read details: https://thehackernews.com/2021/05/malvertising-campaign-on-google.html

Chinese hackers continue to target Pulse Secure VPN devices as part of their #cyberespionage activities, dropping malicious web shells to exfiltrate sensitive information from corporate networks.

https://thehackernews.com/2021/05/chinese-cyber-espionage-hackers.html

Hackers behind SolarWinds supply-chain attack target government agencies, think tanks, consultants, and other organizations in 24 countries with new backdoor malware.



Read details: https://thehackernews.com/2021/05/solarwinds-hackers-target-think-tanks.html

Researchers have revealed technical details of how "Facefish" infects targeted Linux systems with rootkits to steal victims' login credentials.

Read: https://thehackernews.com/2021/05/researchers-warn-of-facefish-backdoor.html

Researchers demonstrate 2 new attack techniques on certified PDF documents that allow an attacker to alter visible content without invalidating the signature.

Read details: https://thehackernews.com/2021/05/researchers-demonstrate-2-new-hacks-to.html

A new serious memory protection bypass vulnerability affects Siemens SIMATIC S7-1200 and S7-1500 PLCs that could allow attackers to gain unrestricted and undetected code execution.

Read details: https://thehackernews.com/2021/05/a-new-bug-in-siemens-plcs-could-let.html

Starting June 8, Amazon will automatically enable a feature on your Alexa, Echo, or other Amazon devices that will share‌ ‌some‌ ‌‌of ‌your‌ ‌Internet‌ bandwidth‌‌ ‌with‌ ‌your‌ ‌neighbors.

Learn how to turn off Amazon Sidewalk — https://thehackernews.com/2021/05/your-amazon-devices-to-automatically.html

Denmark's Secret Service assisted the U.S. NSA in wiretapping underwater Internet cables and spying on the German Chancellor Angela Merkel and other European politicians and high-ranking officials.

Read: https://thehackernews.com/2021/06/report-danish-secret-service-helped-nsa.html

Malware authors can use these 2 new tactics to bypass the anti-ransomware defenses offered by popular antivirus programs and disable their real-time protection.

Learn more about the "Cut-and-Mouse" and "Ghost Control" attacks: https://thehackernews.com/2021/06/malware-can-use-this-trick-to-bypass.html

The U.S. Department of Justice has seized two domain names used by SolarWinds hackers in a recent cyber espionage campaign targeting government agencies, think tanks, and humanitarian groups.

Read details: https://thehackernews.com/2021/06/us-seizes-domains-used-by-solarwinds.html

Be careful. Attackers are actively exploiting an unpatched zero-day vulnerability in a premium e-commerce plugin for WordPress installed on more than 17,000 websites.

Read details: https://thehackernews.com/2021/06/hackers-actively-exploiting-0-day-in.html