Ukraine's CERT warns citizens of a new wave of cyberattacks, infecting compromised systems with a new malware called Jester Stealer that steals login credentials, cookies, and credit card information along with data from passwords managers, chat messengers, email clients, crypto wallets, and gaming apps to the attackers.

Read: https://thehackernews.com/2022/05/ukrainian-cert-warns-citizens-of-new.html

Cybercriminals are once again abusing Google Play Store to spread a new set of trojanized apps that infect Android devices with the Joker malware.

Read: https://thehackernews.com/2022/05/another-set-of-joker-trojan-laced.html

Cybersecurity researchers have shed light on an actively maintained remote access trojan called DCRat ( aka DarkCrystal RAT), which can be purchased for "dirt-cheap" prices, making it accessible to both professional criminals and novices.

Read: https://thehackernews.com/2022/05/experts-sound-alarm-on-dcrat-backdoor.html

RubyGems package manager has fixed a critical bug that would have allowed attackers to remove gems and replace them with malicious versions.

Read: https://thehackernews.com/2022/05/critical-gems-takeover-bug-reported-in.html

U.S. PHMSA agency is proposing nearly $1 million in penalties against Colonial Pipeline for violating several federal pipeline safety regulations while dealing with a massive ransomware attack last year.

Read: https://thehackernews.com/2022/05/us-proposes-1-million-fine-on-colonial.html

A vulnerability (CVE-2022-29972) in #Microsoft Azure Synapse and Azure Data Factory could have led to remote code execution attacks, allowing attackers to gain control of other Synapse workspaces and leak sensitive data, including Azure service keys and API tokens, as well as passwords for other services.

Read: https://thehackernews.com/2022/05/microsoft-mitigates-rce-vulnerability.html

Cybersecurity researchers have dissected the inner workings of an information-stealing malware called Saintstealer that's designed to siphon credentials and system information.

Read: https://thehackernews.com/2022/05/experts-detail-saintstealer-and-prynt.html

Analysis of some new REvil ransomware samples shows that the notorious cybercriminal gang has resumed its activities after six months of inactivity.

Read: https://thehackernews.com/2022/05/new-revil-samples-indicate-ransomware.html

Microsoft releases patches for 74 newly reported security vulnerabilities, including one for a ZERO-DAY bug that is actively being exploited in the wild.

Read details: https://thehackernews.com/2022/05/microsoft-releases-fix-for-new-zero-day.html

Five Eyes nations, along with Ukraine and the EuropeanUnion officially blamed Russia for masterminding the cyberattack on an international satellite communication provider that had a "spillover" effect across Europe.

Read: https://thehackernews.com/2022/05/eu-blames-russia-for-cyberattack-on-ka.html

Researchers uncover a new NPM supply-chain attack campaign in which attackers distribute malicious packages to compromise leading German industrial companies.

Read: https://thehackernews.com/2022/05/malicious-npm-packages-target-german.html

Cybersecurity researchers warn of Nerbian RAT, a new remote-access trojan (RAT) malware written in the Go programming language, that is attacking businesses in Italy, Spain, and the United Kingdom.

Read: https://thehackernews.com/2022/05/researchers-warn-of-nerbian-rat.html

Espionage-focused hacking group Bitter APT, known for its attacks on China, Pakistan, and Saudi Arabia, is now targeting government organisations in Bangladesh as part of an ongoing campaign that began in August 2021.

https://thehackernews.com/2022/05/bitter-apt-hackers-add-bangladesh-to.html

Following reports of active exploitation in the wild, the U.S. cybersecurity agency (CISA) is urging companies to patch the newly discovered vulnerability in F5 BigIP which could allow attackers to take over multi-purpose network devices.

Read: https://thehackernews.com/2022/05/cisa-urges-organizations-to-patch.html

Experts unveil IceApple post-exploitation framework hackers used on hacked Microsoft Exchange servers to facilitate credential harvesting from local/remote host registries, credential logging on OWA servers, reconnaissance & data exfiltration.

https://thehackernews.com/2022/05/hackers-deploy-iceapple-exploitation.html

Cybersecurity agencies from Australia, Canada, New Zealand, the United Kingdom and the United States jointly issued a warning Wednesday about threats targeting managed service providers (MSPs) and their customers.

Read: https://thehackernews.com/2022/05/government-agencies-warned-of-increase.html

⭐ EXCELLENT!!!

Google will soon allow users to generate virtual credit cards when making online payments via the Chrome browser and Android — an important step towards protecting real credit cards.

Details: https://thehackernews.com/2022/05/blog-post.html

Researchers have identified a massive campaign responsible for injecting malicious JavaScript code into thousands of compromised WordPress websites that redirect visitors to scam pages and other malicious websites to generate illegitimate traffic.

Read: https://thehackernews.com/2022/05/thousands-of-wordpress-sites-hacked-to.html

European Commission has proposed a new regulation that would require technology companies to scan for child sexual abuse material (CSAM) and grooming behavior, raising #privacy concerns about the potential impact on end-to-end encryption.

https://thehackernews.com/2022/05/eu-proposes-new-rules-for-tech.html

Iranian hackers leverage legitimate tools like BitLocker and DiskCryptor in ransomware attacks against organizations in Israel, the U.S., Europe, and Australia.

Read: https://thehackernews.com/2022/05/iranian-hackers-leveraging-bitlocker.html