Google TAG identifies state-sponsored cyber actor FROZENLAKE (aka APT28, Fancy Bear, and more) conducting phishing campaigns to extract intelligence and influence public discourse related to the war in Ukraine.

Learn more: https://thehackernews.com/2023/04/google-tag-warns-of-russian-hackers.html

Israeli spyware maker NSO Group reportedly deployed at least 3 "zero-click" exploits against iPhones in 2022 to install Pegasus and spy on human rights defenders, journalists and others.

☠️ LATENTIMAGE
☠️ FINDMYPWN
☠️ PWNYOURHOME

Details: https://thehackernews.com/2023/04/nso-group-used-3-zero-click-iphone.html

China-linked hackers target African telecom service providers in a sophisticated campaign using previously unseen plugins from the MgBot malware framework.

Read details: https://thehackernews.com/2023/04/daggerfly-cyberattack-campaign-hits.html

Alibaba Cloud's ApsaraDB RDS and AnalyticDB for PostgreSQL have been hit with critical vulnerabilities that could expose sensitive data belonging to other customers.

Learn more about the BrokenSesame flaws here: https://thehackernews.com/2023/04/two-critical-flaws-found-in-alibaba.html

Notorious Lazarus Group hackers strike again, this time leveraging fraudulent job offers to trick victims into downloading Linux malware.

Read details: https://thehackernews.com/2023/04/lazarus-group-adds-linux-malware-to.html

Fortra sheds light on a zero-day remote code execution (RCE) vulnerability (CVE-2023-0669) in its GoAnywhere MFT tool, actively exploited by ransomware attackers.

Read details: https://thehackernews.com/2023/04/fortra-sheds-light-on-goanywhere-mft.html

North Korean hackers demonstrate new levels of sophistication with the recent supply chain attack targeting 3CX. Researchers have revealed that it's the first time a software supply chain attack has led to another attack.

Read details: https://thehackernews.com/2023/04/nk-hackers-employ-matryoshka-doll-style.html

🔥 Attention IT teams! Critical security flaws have been found in Cisco and VMware products that could allow attackers to execute arbitrary code on affected systems.

Details here: https://thehackernews.com/2023/04/cisco-and-vmware-release-security.html

Make sure to patch your systems immediately.

Researchers report GhostToken vulnerability in Google Cloud Platform, allowing threat actors to hide malicious apps in victim's Google account.

Read details: https://thehackernews.com/2023/04/ghosttoken-flaw-could-let-attackers.html

Heads up, Kubernetes users! A large-scale attack campaign exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) has been discovered, leading to backdoors and cryptocurrency miners.

Read details: https://thehackernews.com/2023/04/kubernetes-rbac-exploited-in-large.html

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds 3 vulnerabilities to its KEV catalog due to active exploitation!

Read details: https://thehackernews.com/2023/04/cisa-adds-3-actively-exploited-flaws-to.html

✅ CVE-2023-28432
✅ CVE-2023-27350
✅ CVE-2023-2136

⚡ Lazarus group's compromise of X_TRADER app not only led to the 3CX supply chain attack but also impacted power and energy sectors & financial trading businesses.

Read details: https://thehackernews.com/2023/04/lazarus-xtrader-hack-impacts-critical.html

PaperCut, a print management software provider, has warned about ongoing exploitation of unpatched servers, potentially by Russian hackers, to gain persistent access and execute malicious code on infected hosts.

Read details: https://thehackernews.com/2023/04/russian-hackers-suspected-in-ongoing.html

A new malware called "EvilExtractor" has been spotted in the wild, stealing data and files from Windows systems. It's being sold on cybercrime forums and marketed as an educational tool.

Read details: https://thehackernews.com/2023/04/new-all-in-one-evilextractor-stealer.html

Hackers are exploiting an outdated WordPress plugin, Eval PHP, to secretly backdoor websites in an ongoing campaign.

Read: https://thehackernews.com/2023/04/hackers-exploit-outdated-wordpress.html

⚡ Ransomware attackers are utilizing a new "defense evasion tool" called AuKill to deactivate EDR software using a BYOVD attack.

Learn more: https://thehackernews.com/2023/04/ransomware-hackers-using-aukill-tool-to.html

Russian-speaking threat actor behind Tomiris is focused on gathering intelligence in Central Asia, primarily targeting government and diplomatic entities.

Read details: https://thehackernews.com/2023/04/russian-hackers-tomiris-targeting.html

🔥 Google Cloud launches Security AI Workbench, powered by Sec-PaLM, a large language model fine-tuned for threat detection, incident analysis, and analytics to provide actionable intelligence for countering infections.

Details: https://thehackernews.com/2023/04/google-cloud-introduces-security-ai.html

🔒 Google's Authenticator app just got a major upgrade!

The new sync option lets users back up their time-based one-time passwords (TOTPs) to the cloud, so you never lose access to your accounts.

Read details: https://thehackernews.com/2023/04/google-authenticator-app-gets-cloud.html

BlueNoroff, a suspected subgroup of Lazarus Group, is now targeting Apple's macOS with new malware RustBucket, highlighting hackers' expanding toolsets for cross-platform threats.

Learn more: https://thehackernews.com/2023/04/lazarus-subgroup-targeting-apple.html