Researchers have discovered severe security vulnerabilities in Visual Studio Code extensions, demonstrating yet another supply chain attack vector that could enable attackers to compromise local machines as well as build and deployment systems through an integrated development environment (IDE).

https://thehackernews.com/2021/05/newly-discovered-bugs-in-vscode.html

Hackers are now using fake foundations to trick Uyghurs based in Pakistan and China into downloading #malware as part of espionage activities.

Read details: https://thehackernews.com/2021/05/hackers-using-fake-foundations-to.html

Watch Out!!!

Cybercriminals used malvertising campaigns on #Google search pages to spread trojanized installers of the widely used remote desktop software AnyDesk.
Read details: https://thehackernews.com/2021/05/malvertising-campaign-on-google.html

Chinese hackers continue to target Pulse Secure VPN devices as part of their #cyberespionage activities, dropping malicious web shells to exfiltrate sensitive information from corporate networks.

https://thehackernews.com/2021/05/chinese-cyber-espionage-hackers.html

Hackers behind SolarWinds supply-chain attack target government agencies, think tanks, consultants, and other organizations in 24 countries with new backdoor malware.



Read details: https://thehackernews.com/2021/05/solarwinds-hackers-target-think-tanks.html

Researchers have revealed technical details of how "Facefish" infects targeted Linux systems with rootkits to steal victims' login credentials.

Read: https://thehackernews.com/2021/05/researchers-warn-of-facefish-backdoor.html

Researchers demonstrate 2 new attack techniques on certified PDF documents that allow an attacker to alter visible content without invalidating the signature.

Read details: https://thehackernews.com/2021/05/researchers-demonstrate-2-new-hacks-to.html

A new serious memory protection bypass vulnerability affects Siemens SIMATIC S7-1200 and S7-1500 PLCs that could allow attackers to gain unrestricted and undetected code execution.

Read details: https://thehackernews.com/2021/05/a-new-bug-in-siemens-plcs-could-let.html

Starting June 8, Amazon will automatically enable a feature on your Alexa, Echo, or other Amazon devices that will share‌ ‌some‌ ‌‌of ‌your‌ ‌Internet‌ bandwidth‌‌ ‌with‌ ‌your‌ ‌neighbors.

Learn how to turn off Amazon Sidewalk — https://thehackernews.com/2021/05/your-amazon-devices-to-automatically.html

Denmark's Secret Service assisted the U.S. NSA in wiretapping underwater Internet cables and spying on the German Chancellor Angela Merkel and other European politicians and high-ranking officials.

Read: https://thehackernews.com/2021/06/report-danish-secret-service-helped-nsa.html

Malware authors can use these 2 new tactics to bypass the anti-ransomware defenses offered by popular antivirus programs and disable their real-time protection.

Learn more about the "Cut-and-Mouse" and "Ghost Control" attacks: https://thehackernews.com/2021/06/malware-can-use-this-trick-to-bypass.html

The U.S. Department of Justice has seized two domain names used by SolarWinds hackers in a recent cyber espionage campaign targeting government agencies, think tanks, and humanitarian groups.

Read details: https://thehackernews.com/2021/06/us-seizes-domains-used-by-solarwinds.html

Be careful. Attackers are actively exploiting an unpatched zero-day vulnerability in a premium e-commerce plugin for WordPress installed on more than 17,000 websites.

Read details: https://thehackernews.com/2021/06/hackers-actively-exploiting-0-day-in.html

Researchers uncover North Korean Windows and Android espionage campaigns targeting South Korean government entities.

Read: https://thehackernews.com/2021/06/researchers-uncover-hacking-operations.html

A top Russian-language underground cybercrime forum has been asking its community to submit "unorthodox" ways to perpetrate cryptocurrency attacks in exchange for a $115,000 prize.

https://thehackernews.com/2021/06/cybercriminals-hold-115000-prize.html

Researchers have revealed yet another Chinese cyberespionage campaign, this time targeting a Southeast Asian government via a new backdoor that enables hackers to remotely take screenshots, edit files, and run commands.

Read: https://thehackernews.com/2021/06/experts-uncover-yet-another-chinese.html

A new set of critical vulnerabilities has been disclosed in the Realtek RTL8170C Wi-Fi module that could be abused by an attacker to gain elevated privileges on a device and hijack wireless communications.

Read: https://thehackernews.com/2021/06/researchers-warn-of-critical-bugs.html

Necro Python malware has been enhanced with new exploits for more than 10 different web apps and the SMB protocol, as well as Tezos cryptocurrency mining capabilities.

Read: https://thehackernews.com/2021/06/necro-python-malware-upgrades-with-new.html

Google is going to update the Chrome browser with an improved version of the "Enhanced Safe-Browsing" feature to detect untrusted extensions and suspicious downloads.

Read: https://thehackernews.com/2021/06/google-chrome-to-help-users-identify.html

With the new privacy enhancements, Google will allow Android users to opt-out of Advertising ID-based personalized advertising so that ads can not track them across apps.

https://thehackernews.com/2021/06/google-to-let-android-users-opt-out-to.html