More than 200 apps masquerading as fitness, photo editing, and puzzle apps on Google Play Store have been caught infecting users' Android devices with the Facestealer spyware, which steals credentials and valuable cryptocurrency information.

https://thehackernews.com/2022/05/over-200-apps-on-play-store-caught.html

Russian Conti ransomware gang has threatened to overthrow the newly elected government of Costa Rica with a cyberattack and has increased its ransom demand to $20 million in order to obtain a decryption key to unlock the hacked systems.

Read: https://thehackernews.com/2022/05/russian-conti-ransomware-gang-threatens.html

Microsoft warns against "cryware" malware that steals information and exfiltrates data directly from untrusted cryptocurrency wallets.

Read: https://thehackernews.com/2022/05/microsoft-warns-of-cryware-info.html

U.S. State Department, Treasury Department, and FBI warn that highly skilled North Korean software and app developers are posing as "non-DPRK nationals" to work as freelancers or IT consultants enabling the regime's malicious cyberattacks.

Read: https://thehackernews.com/2022/05/us-warns-against-north-korean-hackers.html

Microsoft warns of a new malicious campaign targeting SQL Servers that involves use of a built-in PowerShell utility (sqlps.exe) to achieve fileless persistence on compromised systems.

Read: https://thehackernews.com/2022/05/hackers-gain-fileless-persistence-on.html

Researchers reveal the inner working of a cybercriminal group known as "Wizard Spider," providing unprecedented visibility into its structure, background, and motivations.

Read details — https://thehackernews.com/2022/05/researchers-expose-inner-working-of.html

VMware has issued patches to address two new vulnerabilities — CVE-2022-22972 and CVE-2022-22973 — affecting Workspace ONE Access, Identity Manager and vRealize Automation, which can be exploited to backdoor enterprise networks.

Read: https://thehackernews.com/2022/05/vmware-releases-patches-for-new.html

Web trackers running in the background of several of the world's most popular websites are intercepting emails and passwords of visitors even before they submit an online form.

Read: https://thehackernews.com/2022/05/web-trackers-caught-intercepting-online.html

Google has patched a high-severity vulnerability in its OAuth library for Java that could be exploited by a malicious actor with a compromised token to trigger arbitrary payloads.

Read: https://thehackernews.com/2022/05/high-severity-bug-reported-in-googles.html

A novel Bluetooth relay attack could allow attackers to remotely unlock and operate cars, open smart locks in residential buildings, and breach secured areas more easily than ever before.

Read: https://thehackernews.com/2022/05/new-bluetooth-hack-could-let-attackers.html

QNAP urges its users to update their network-attached storage (NAS) devices immediately to prevent a new wave of Deadbolt ransomware attacks.

Read details: https://thehackernews.com/2022/05/qnap-urges-users-to-update-nas-devices.html

The North Korean-backed Lazarus hacker group has been observed exploiting the Log4Shell vulnerability in VMware Horizon servers to deploy the NukeSped implant ( aka Manuscrypt) against targets in its southern counterpart.

Read: https://thehackernews.com/2022/05/hackers-exploiting-vmware-horizon-to.html

Researchers discover a new Rust Crate Registry's software supply chain attack targeting cloud continuous integration (CI) pipelines with malware written in the Go language.

Read: https://thehackernews.com/2022/05/researchers-uncover-rust-supply-chain.html

Google researchers have pointed fingers at spyware company Cytrox for developing exploits for 5 zero-day vulnerabilities, including 4 in Chrome and 1 in Android, to remotely hack targeted Android devices.

Read: https://thehackernews.com/2022/05/cytroxs-predator-spyware-target-android.htm

Microsoft has discovered that the activity of the Linux botnet malware known as "XorDdos" has increased by 254% in the last six months.

Read: https://thehackernews.com/2022/05/microsoft-warns-rise-in-xorddos-malware.html

Cisco releases security patches for a new vulnerability in its IOS XR software that has been exploited in real-world attacks to access Redis instances.

Read details — https://thehackernews.com/2022/05/cisco-issues-patches-for-new-ios-xr.html

Researchers have found a backdoor in multiple versions of a WordPress plugin called School Management Pro that gives attackers complete control over websites that use it.

Read: https://thehackernews.com/2022/05/researchers-find-backdoor-in-school.html

Chinese "Twisted Panda" APT hacking group using sanctions-related baits to hack and spy on Russian defense institutes.

Read: https://thehackernews.com/2022/05/chinese-twisted-panda-hackers-caught.html

Researcher claims to have discovered an unpatched vulnerability in PayPal that could allow attackers to trick victims into unknowingly complete attacker-directed transactions with a single click.

Details and Demo: https://thehackernews.com/2022/05/paypal-pays-hacker-200000-for.html

***Story has been rectified.

Researchers reveal more details about the Fronton IoT botnet, finding that it is much more powerful than previously thought and capable of launching mass disinformation campaigns on social media platforms.

Read: https://thehackernews.com/2022/05/fronton-russian-iot-botnet-designed-to.html