A new Android malware has been found in the wild, stealing authentication cookies 🍪 stored in the browser and other apps—including Chrome & Facebook—on targeted devices to hijack user accounts without requiring their actual login passwords.

https://thehackernews.com/2020/03/android-cookies-malware-hacking.html

26 Cybercriminals BUSTED!

Europol issues warning over the rise in "SIM Swapping" attacks after arresting suspected members of 2 related gangs of fraudsters who stole over $3.5 million in a series of attacks.

Read ➤ https://thehackernews.com/2020/03/sim-swapping-fraud-hacking.html

Here's a very interesting tale...

Researchers uncover how a Nigerian cybercriminal is pursuing his million-dollar dream.

https://thehackernews.com/2020/03/nigerian-hacker-million-dollars.html

Oh, btw, when he gets angry with his allies from the dark world of hackers, he resolves disputes by reporting them to the Interpol.

Popular guitar tutoring site 'TrueFire' suffered a 'Magecart' style data breach that potentially exposed payment card details—name, address, card number, expiration date, CVV—of its customers to the hackers.

Read details ➤ https://thehackernews.com/2020/03/truefire-guitar-tutoring-data-breach.html

TrickBot authors added a new RDP brute-force module to the banking Trojan that's now leveraging infected computers to target thousands of enterprise systems in telecom & financial sectors of the U.S. & Hong Kong.

Read details ➤ https://thehackernews.com/2020/03/trickbot-malware-rdp-bruteforce.html

Adobe today released CRITICAL patches to fix a total of 41 new vulnerabilities affecting 6 of its software.

—Acrobat and Reader
—Photoshop
—ColdFusion
—Adobe Bridge
—Experience Manager
—Genuine Integrity Service

Read more: https://thehackernews.com/2020/03/adobe-software-update.html

WATCH OUT — In the past 3 weeks alone, hackers have created thousands of new Coronavirus related sites as bait to spread dangerous malware (for desktop & mobile) and phishing threats.

Find details & learn how to protect yourself ➤ https://thehackernews.com/2020/03/covid-19-coronavirus-hacker-malware.html

Working remotely from home has significantly increased cybersecurity risks, making it easier for hackers to target organizations without being detected by their security teams.

Here's how CISOs should prepare for Coronavirus-related cyber threats ➤

https://thehackernews.com/2020/03/coronavirus-cybersecurity-ciso.html

Multiple DDoS botnets — Chalubo, FBot, and Moobot — exploited 0-day vulnerabilities in LILIN DVR #surveillance systems at least since August 2019.

Details: https://t.co/7NPEWAMMgG

Mukashi, a new variant of Mirai IoT botnet malware found targeting Zyxel NAS devices in the wild.

https://t.co/zO8gmrPCLm

It leverages a command injection #vulnerability (CVE-2020-9054) in NAS devices that also impacts Zyxel UTM, ATP & VPN firewall products.

WARNING! All versions of #Microsoft Windows (7, 8.1, 10, Server 2008, 2012, 2016, 2019) operating systems contain 2 new font parsing library RCE vulnerabilities that are:


—CRITICAL

—UNPATCHED

—Under active ZERO-DAY attacks


No patch available, so all Windows users are highly recommended to immediately apply workarounds (mentioned in the article) to reduce the risk of getting hacked.


Details ➤ https://thehackernews.com/2020/03/windows-adobe-font-vulnerability.html

Over 50 Android apps for kids on Google Play Store—with over 1 million installs—caught using a new trick to secretly click Ads without the knowledge of users.

Check the list of malware apps in the article and if you have any of them installed, uninstall immediately.

https://thehackernews.com/2020/03/android-apps-ad-fraud.html

Watch Out! TrickBot hackers tricking banking trojan victims into installing a malicious app on their phones that aims to help them intercept one-time secret code and bypass 2‐factor authentication to complete fraudulent 💰 transactions.

Details: https://thehackernews.com/2020/03/trickbot-two-factor-mobile-malware.html

Watch Out!

Now Android apps developers, both legit and malware, have also started capitalizing on coronavirus outbreak to rank high in Google Play Store with COVID2019 related keyword searches.

Read details: https://thehackernews.com/2020/03/coronavirus-covid-apps-android.html

Hackers used local news sites for watering-hole attacks targeting iPhone users with a sophisticated iOS spyware.

Details: https://thehackernews.com/2020/03/iphone-iOS-spyware.html

The topics used as lures were sex-related, clickbait-type headlines, as well as news related to COVID19 (coronavirus) disease.

Two groups of hackers exploit two zero-day vulnerabilities affecting enterprise-grade networking devices—switches, routers, VPN gateways—from DrayTek.

https://thehackernews.com/2020/03/draytek-network-hacking.html

Flaws were used in the wild to spy on network traffic at enterprises and install SSH/system backdoors.

Watch Out!

After coronavirus domains, experts find a massive surge in suspicious "Zoom" named domains in the last 7 days, potentially registered by hackers to exploit Zoom's overnight success in this pandemic time to spread malware.

Details: https://thehackernews.com/2020/03/zoom-video-coronavirus.html

⚠️ Breach Alert!

Hotel chain 'Marriott International' suffers a second massive data breach—this time exposing the personal information of up to 5.2 million guests.

https://thehackernews.com/2020/03/marriott-data-breach.html

Use Marriott's self-service portal to check whether you've been affected.

WARNING!

[New] Experts today uncovered an ongoing cyberattack campaign wherein hackers are compromising over 2000 #Microsoft SQL Servers every day to install secret backdoors or deploy malware, like cryptocurrency miners.

Details ➤ https://thehackernews.com/2020/04/backdoor-.html

Using Zoom On Windows?

⚠️Beware — a new unpatched 'UNC path injection' vulnerability in Zoom video conferencing software could let remote hackers steal your Windows login password.

Learn how ➤ https://thehackernews.com/2020/04/zoom-windows-password.html