A potentially critical SonicOS vulnerability affects SonicWall firewall appliances, allowing unauthenticated, remote attackers to execute arbitrary code and cause a denial-of-service (DoS) condition.

Read details: https://thehackernews.com/2022/03/critical-sonicos-vulnerability-affects.html

U.S. Cybersecurity Agency (CISA) and the Department of Energy (DoE) have issued a joint warning against attacks on Internet-connected uninterruptible power supply (UPS) devices.

Read details: https://thehackernews.com/2022/03/cisa-warns-of-ongoing-cyber-attacks.html

⚡ LAPSUS$ gang announced their return on after a week-long "vacation," leaking a large amount of data (70 GB) allegedly from the software company Globant, including the source code for some of its customers.

https://thehackernews.com/2022/03/lapsus-claims-to-have-breached-it-firm.html

Researchers demonstrate a new vulnerability in remote keyless entry system that could allow thieves to remotely unlock and even start Honda and Acura vehicles.

Read details: https://thehackernews.com/2022/03/hondas-keyless-access-bug-could-let.html

Researchers have uncovered a new malware campaign in which attackers are using a cracked version of the Mars backdoor and spreading it via Google ads to steal information stored in web browsers and cryptocurrency wallets.

Read: https://thehackernews.com/2022/03/researchers-expose-mars-stealer-malware.html

QNAP warns that a selected number of its network-attached storage (NAS) devices are affected by a recently disclosed Infinite Loop bug in the open-source OpenSSL encryption library.

Details: https://thehackernews.com/2022/03/qnap-warns-of-openssl-infinite-loop.html

⚡Researcher discloses PoC for a new UNPATCHED zero-day remote code execution vulnerability in the Java Spring Framework, threatening the security of enterprise systems and web apps worldwide.

Details: https://thehackernews.com/2022/03/unpatched-java-spring-framework-0-day.html

Hackers are increasingly using the recently disclosed browser-in-the-browser (BitB) technique as part of their credential phishing campaigns exploiting the ongoing Russian-Ukrainian war.

Read details: https://thehackernews.com/2022/03/hackers-increasingly-using-browser-in.html

Researchers have discovered the first Python-based #ransomware strain that specifically targets exposed Jupyter notebooks, a web-based interactive computing platform.

Read details: https://thehackernews.com/2022/03/new-python-based-ransomware-targeting.html

3 New security vulnerabilities have been discovered in the popular #Wyze Cam devices that could allow attackers to execute arbitrary code and access camera feeds.

Read details: https://thehackernews.com/2022/03/bugs-in-wyze-cams-could-let-attackers.html

Important — Spring Framework maintainers have released an emergency patch to address a newly disclosed RCE vulnerability (CVE-2022-22965) that could allow unauthenticated attackers to take control of targeted systems.

Details: https://thehackernews.com/2022/03/security-patch-releases-for-critical.html

Apple is rolling out emergency security patches to address 2 new zero-day vulnerabilities affecting iOS, iPadOS and macOS operating systems that may have been exploited in the wild.

Details: https://thehackernews.com/2022/03/apple-issues-patches-for-2-actively.html

Zyxel releases patches for a critical authentication bypass vulnerability (CVE-2022-0342) affecting its firewalls and enterprise VPN products.

Read details: https://thehackernews.com/2022/03/zyxel-releases-patches-for-critical-bug.html

North Korean state-backed Lazarus hacking group has been spreading backdoored versions of DeFi wallet apps to gain remote access to victims' systems and steal their cryptocurrencies.

Read details: https://thehackernews.com/2022/04/north-korean-hackers-distributing.html

Chinese APT hacker group "Deep Panda'' exploits the infamous Log4Shell vulnerability in VMware Horizon to infect targeted servers with rootkit malware signed with a stolen digital certificate.

Details: https://thehackernews.com/2022/04/chinese-hackers-target-vmware-horizon.html

Critical vulnerabilities (CVE-2022-1161, CVE-2022-1159) reported in Rockwell PLCs & engineering workstation software that can be exploited to inject malicious code and stealthily modify automation processes.

Details: https://thehackernews.com/2022/04/critical-bugs-in-rockwell-plc-could.html

Researchers have found a Russian wiper malware, dubbed "AcidRain," believed to be responsible for the recent cyberattack on Viasat that temporarily knocked KA-SAT modems offline.

Read details: https://thehackernews.com/2022/04/russian-wiper-malware-responsible-for.html

DevOps platform GitLab has released software updates to fix a critical vulnerability (CVE-2022-1162) that could allow attackers to hijack accounts.

Read details: https://thehackernews.com/2022/04/gitlab-releases-patch-for-critical.html

British police have charged 2 of the 7 teenagers arrested last week for their alleged links to the LAPSUS$ data extortion gang.

Read details: https://thehackernews.com/2022/04/british-police-charge-two-teenagers.html

A 15-year-old developer account hijacking vulnerability has been disclosed in the PEAR PHP repository that could've allowed attackers to launch supply-chain attacks by releasing new malicious versions of existing packages.

Details: https://thehackernews.com/2022/04/15-year-old-bug-in-pear-php-repository.html