An unknown group of attackers has been found using coronavirus-themed lures to target Governments and SCADA sectors with PoetRAT malware—capable of exfiltrating sensitive documents, keystrokes, passwords, and even images from the webcam.

Read details: https://thehackernews.com/2020/04/coronavirus-scada-malware.html

⭐ StarBleed Bug

Researchers uncover a new unpatchable hardware vulnerability in Xilinx FPGA chips that could expose critical devices—powering consumer electronics, data centers, aerospace, automotive & more—to remote hackers.

Details: https://thehackernews.com/2020/04/fpga-chip-vulnerability.html

Researcher discloses 4 unpatched 0-DAY bugs affecting IBM Data Risk Manager—enterprise security software—after company didn't accept responsible disclosure.

Details + PoC ➤ https://thehackernews.com/2020/04/ibm-data-risk-manager-vulnerabilities.html

✅Auth bypass
✅Command Exec.
✅Insecure default password
✅Any file download

⚠️ WARNING !!!

It's possible to hack iPhones / iPads just by sending an email to targeted users.

Hackers have been exploiting critical 0-click + 0-day RCE vulnerability in the default mail app installed on millions of Apple devices.

Details — https://thehackernews.com/2020/04/zero-day-warning-its-possible-to-hack.html

(NEW) Chinese hackers found using a new iPhone hack to target Uyghurs Muslims with an iOS spyware program—capable of stealing contacts, location data, and plaintext messages from secure messaging and email clients, including Signal and ProtonMail.

https://thehackernews.com/2020/04/iphone-zero-day-exploit.html

Hackers behind a recent BEC attack tricked 3 British Private Equity firms into wire-transferring them $1.3 million — while the victimized executives thought they closed an investment deal with some startups.

Details: https://thehackernews.com/2020/04/bec-scam-wire-transfer-money.html

Malicious USB Drives Infect 35,000 Computers With Crypto-Mining Botnet

Read Details — https://thehackernews.com/2020/04/usb-drive-botnet-malware.html

Wormable BUG!

Just by sending an innocent-looking image, remote attackers could've taken over an organization's entire roster of 'Microsoft Teams' accounts. (Patch Released)

Read details — https://thehackernews.com/2020/04/microsoft-teams-vulnerability.html

Nowhere to hide!

Researchers uncover a potential new method of profiling users in the crowd by de-anonymizing their smart device IDs (e.g., MAC addresses) to their biometrics (e.g., face, voice, gait).

Details ➤ https://thehackernews.com/2020/04/deanonymize-device-biometrics.html

</> Patch 'em all </>

Adobe today released security patches for over a dozen newly-discovered critical vulnerabilities affecting 3 of its popular software:

✅ Magento CMS
✅ Adobe Illustrator
✅ Adobe Bridge

Read details — https://thehackernews.com/2020/04/adobe-software-updates.html

During COVID19 pandemic, where many organizations & universities are embracing online learning, researchers discover multiple critical vulnerabilities in 3 widely-used Learning Management System (LMS) plugins for #WordPress sites.

Read more — https://thehackernews.com/2020/04/wordpress-lms-plugins.html

EventBot — A new Android malware spotted in-the-wild steals infected users' BANKING passwords, exfiltrate private DATA, and capture KEYSTROKES to spy on accounts and the content of other apps installed on the targeted devices.

Read: https://thehackernews.com/2020/04/android-banking-keylogger.html

🔥 WARNING — Here’s a new CVSS 10 Bug.

A newly disclosed critical SaltStack RCE (as root) vulnerability (CVE-2020-11651) affects thousands of servers (~6000) deployed in data centers and cloud environments.

Read details — https://thehackernews.com/2020/05/saltstack-rce-vulnerability.html

WARNING — Just within a day after public disclosure of SaltStack RCE vulnerability (CVE-2020-11651), hackers have started exploiting unpatched servers.

✅ LineageOS [hacked]
✅ Ghost CMS [hacked]
✅ DigiCert [hacked]

Read more: https://thehackernews.com/2020/05/saltstack-rce-exploit.html

Now this 👇 is Interesting!

A researcher demonstrated a malware that jumps air-gapped — also audio gapped — devices (PC, servers, IoT, embedded devices) by turning their power-supplies into out-of-band speakers.

Read details + watch demo ➤
https://thehackernews.com/2020/05/air-gap-malware-power-speaker.html

Attention Xiaomi Users!

You Should immediately change the newly introduced PRIVACY setting in your Mi/Mi Pro and Mint browsers to prevent the company from spying on your web history and online activities when browsing in INCOGNITO mode.

Read details:
https://thehackernews.com/2020/05/xiaomi-browser-history.html

{new} 🔥 Watch Out Enterprises!

Citrix ShareFile platform contains critical vulnerabilities that could let unauthenticated attackers steal proprietary, sensitive business data from on-premise storage zone controllers.

Details — https://thehackernews.com/2020/05/citrix-sharefile-vulnerability.html

Facebook launches 'Discover,' a new, yet another, free Internet service in partnership with mobile carriers across the world.

Unlike previous projects, Discover:

✅ Treats all websites equally,
✅ Accesses sites through a secure web proxy,
✅ Lets users browse text-based sites.

Read details:
https://thehackernews.com/2020/05/facebook-discover-free-internet.html

A Chinese APT group has recently been spotted targeting government entities in the Asia-Pacific region as part of a stealthy cyber-espionage campaign that went undetected for the last 5 years.

Read details ➤ https://thehackernews.com/2020/05/asia-pacific-cyber-espionage.html

Digital Ocean — one of the largest modern web hosting companies — recently suffered a data leak incident that exposed some of its customers' data to unauthorized third parties, at least 15 times.

Read more: https://thehackernews.com/2020/05/digitalocean-data-breach.html