Google announced plans to implement support for passwordless logins in Android and the Chrome web browser, allowing users to log in across devices and websites regardless of platform.

Read: https://thehackernews.com/2022/05/google-to-add-passwordless.html

The National Institute of Standards and Technology (NIST) has published updated cybersecurity guidelines for managing risks in the supply chain, which is increasingly proving to be a lucrative attack vector.

Read: https://thehackernews.com/2022/05/nist-releases-updated-guidance-for.html

Google releases monthly security patches for Android with fixes for 37 vulnerabilities in various components, including a fix for an actively exploited vulnerability in the Linux kernel.

Details: https://thehackernews.com/2022/05/google-releases-android-update-to-patch.html

Researchers uncover a new cyber espionage campaign by Chinese "Mustang Panda" hackers using PlugX implant, custom stagers, reverse shells, and Meterpreter-based shellcode to persist long-term on infected endpoints.

Read: https://thehackernews.com/2022/05/experts-uncover-new-espionage-attacks.html

Hackers using PrivateLoader's pay-per-install (PPI) service to spread a "fairly sophisticated" NetDooka malware framework that gives attackers complete control over infected devices.

Read: https://thehackernews.com/2022/05/hackers-using-privateloader-ppi-service.html

Security researchers have discovered a new Windows malware with worm-like capabilities that spreads via removable USB devices.

Read: https://thehackernews.com/2022/05/researchers-warn-of-raspberry-robin.html

QNAP has issued firmware updates to address 9 new vulnerabilities affecting network-attached storage (NAS) devices, including a critical vulnerability that could be exploited to take over affected systems.

Read: https://thehackernews.com/2022/05/qnap-releases-firmware-patches-for-9.html

A new fileless malware has been discovered that takes advantage of Windows event logs to hide chunks of shellcode for the first time in the wild.

Details: https://thehackernews.com/2022/05/this-new-fileless-malware-hides.html

U.S. Treasury Department has sanctioned cryptocurrency mixer "Blender" for helping North Korean hackers launder millions of dollars.

Read: https://thehackernews.com/2022/05/us-sanctions-cryptocurrency-mixer.html

Researchers have developed an exploit for the latest remote code execution vulnerability in F5's BIG-IP family of products.

Details: https://thehackernews.com/2022/05/researchers-develop-rce-exploit-for.html

U.S. State Department is offering a reward of up to $10 million for information leading to the identification of key individuals who are part of the notorious Conti ransomware gang.

Read: https://thehackernews.com/2022/05/us-offering-10-million-reward-for.html

Ukraine's CERT warns citizens of a new wave of cyberattacks, infecting compromised systems with a new malware called Jester Stealer that steals login credentials, cookies, and credit card information along with data from passwords managers, chat messengers, email clients, crypto wallets, and gaming apps to the attackers.

Read: https://thehackernews.com/2022/05/ukrainian-cert-warns-citizens-of-new.html

Cybercriminals are once again abusing Google Play Store to spread a new set of trojanized apps that infect Android devices with the Joker malware.

Read: https://thehackernews.com/2022/05/another-set-of-joker-trojan-laced.html

Cybersecurity researchers have shed light on an actively maintained remote access trojan called DCRat ( aka DarkCrystal RAT), which can be purchased for "dirt-cheap" prices, making it accessible to both professional criminals and novices.

Read: https://thehackernews.com/2022/05/experts-sound-alarm-on-dcrat-backdoor.html

RubyGems package manager has fixed a critical bug that would have allowed attackers to remove gems and replace them with malicious versions.

Read: https://thehackernews.com/2022/05/critical-gems-takeover-bug-reported-in.html

U.S. PHMSA agency is proposing nearly $1 million in penalties against Colonial Pipeline for violating several federal pipeline safety regulations while dealing with a massive ransomware attack last year.

Read: https://thehackernews.com/2022/05/us-proposes-1-million-fine-on-colonial.html

A vulnerability (CVE-2022-29972) in #Microsoft Azure Synapse and Azure Data Factory could have led to remote code execution attacks, allowing attackers to gain control of other Synapse workspaces and leak sensitive data, including Azure service keys and API tokens, as well as passwords for other services.

Read: https://thehackernews.com/2022/05/microsoft-mitigates-rce-vulnerability.html

Cybersecurity researchers have dissected the inner workings of an information-stealing malware called Saintstealer that's designed to siphon credentials and system information.

Read: https://thehackernews.com/2022/05/experts-detail-saintstealer-and-prynt.html

Analysis of some new REvil ransomware samples shows that the notorious cybercriminal gang has resumed its activities after six months of inactivity.

Read: https://thehackernews.com/2022/05/new-revil-samples-indicate-ransomware.html

Microsoft releases patches for 74 newly reported security vulnerabilities, including one for a ZERO-DAY bug that is actively being exploited in the wild.

Read details: https://thehackernews.com/2022/05/microsoft-releases-fix-for-new-zero-day.html