Researchers demonstrate a novel class of 'Shadow' attacks that could let attackers hide in or replace the content of digitally signed PDF documents.

Read details: https://thehackernews.com/2021/02/shadow-attacks-let-attackers-replace.html

🔥 (New) Researchers developed a new attack framework that could let them learn what a targeted user is typing (keystrokes) during a video chat or live streaming solely by analyzing visible body movements.

Read details: https://thehackernews.com/2021/02/experts-find-way-to-learn-what-youre.html

With browser makers steadily clamping down on 3rd-party tracking, advertising tech companies are increasingly embracing DNS-based CNAME Cloaking technique to evade such defenses, thereby posing a threat to web security and privacy.

Details: https://thehackernews.com/2021/02/online-trackers-increasingly-switching.html

Ukraine says Russian spy hackers compromised its document management system of state bodies in a sophisticated supply-chain malware attack and attempted to infect Government officials.

https://thehackernews.com/2021/02/russian-hackers-targeted-ukraine.html

Researchers today unwrapped a new campaign aimed at #spying on Tibetan communities globally by deploying a malicious #Firefox extension on target systems.

https://thehackernews.com/2021/02/chinese-hackers-using-firefox-extension.html

Cisco releases patches for critical authentication bypass vulnerabilities affecting its ACI Multi-Site Orchestrator and App Services Engine; and a separate unauthenticated arbitrary file actions bug in NX-OS Software.



Read details: https://thehackernews.com/2021/02/cisco-releases-security-patches-for.html

A new study finds that malicious Alexa Skills can easily bypass Amazon's vetting process, designed to trick users into giving up sensitive information.

Read details: https://thehackernews.com/2021/02/alert-malicious-amazon-alexa-skills-can.html

In a new ongoing cyberespionage campaign, prolific North Korean state-sponsored hacking group 'Lazarus' has been spotted targeting defense companies with 'ThreatNeedle' malware.

Read: https://thehackernews.com/2021/02/north-korean-hackers-targeting-defense.html

SolarWinds executives blame an Intern for using the weak password 'solarwinds123' that went unnoticed for several years and eventually led to the largest supply-chain cyberattack of 2020.

https://thehackernews.com/2021/03/solarwinds-blame-intern-for-weak.html

Researchers find Chinese state-sponsored hackers targeted India's critical infrastructure amid geopolitical tensions, with 10 out of 12 targeted organizations from the Power Generation & Transmission sector.

Read: https://thehackernews.com/2021/03/chinese-hackers-targeted-indias-power.html

Gootkit RAT, a framework notorious for delivering banking Trojan, has been spotted leveraging Search Engine Optimization (SEO) on compromised sites to distribute a wider range of malware, including ransomware payloads.

Read details here: https://thehackernews.com/2021/03/gootkit-rat-using-seo-to-distribute.html

A new version of the popular "unc0ver" jailbreaking tool supports iOS 14.3 and earlier releases—making it possible to unlock almost every iPhone model using an in-the-wild exploited vulnerability that Apple disclosed in January.

Details: https://thehackernews.com/2021/03/new-unc0ver-tool-can-jailbreak-all.html

Researchers unearth technical links between SunCrypt and QNAPCrypt ransomware, likely an updated version of the strain that went on to infect several targets last year.

https://thehackernews.com/2021/03/researchers-unearth-links-between.html

🔥 WARNING: Update Your Chrome Browser ASAP!

A new Chrome 0-day vulnerability has been found being actively exploited in the wild.
Read details — https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html
Besides this, latest Google Chrome update for Windows, macOS, and Linux patches a total of 47 flaws.

🔥 URGENT! Chinese hackers actively exploiting 4 new 0-day vulnerabilities affecting on-premises Microsoft Exchange servers to perpetrate data theft and install additional malware.

Read details here: https://thehackernews.com/2021/03/urgent-4-actively-exploited-0-day-flaws.html
Emergency patches released.

Researcher reveals details of a critical $50,000 vulnerability that could have allowed hackers to hijack any Microsoft account.

Read details: https://thehackernews.com/2021/03/a-50000-bug-couldve-allowed-hackers.html

Cybercriminals are now deploying ObliqueRAT malware under the guise of seemingly innocuous image files hosted on compromised websites.

Read details: https://thehackernews.com/2021/03/hackers-now-hiding-obliquerat-payload.html

CISA has issued an emergency directive warning of the "active exploitation" of multiple zero-day flaws reported in the Microsoft Exchange Server.

Read: https://thehackernews.com/2021/03/cisa-issues-emergency-directive-on-in.html

According to ESET, not just the Chinese HAFNIUM group but several cyber-espionage groups, including LuckyMouse, Tick, and Calypso, have been spotted exploiting these zero-day flaws

Cybersecurity firm Qualys got compromised, the company admitted.

Read: https://thehackernews.com/2021/03/extortion-gang-breaches-cybersecurity.html
A prolific extortion gang exploited Accellion File Transfer Appliance server vulnerability to steal sensitive data and posted some files on the darkweb as evidence.

⚡ Google will use 'FLoC' and 'FLEDGE' for Ad-targeting once 3rd-party cookies are dead, stopping trackers from serve ads based on your browsing history.

Learn how it works and also, some concerns about control, privacy, trust: https://thehackernews.com/2021/03/google-will-use-floc-for-ad-targeting.html

Everything You Need to Know About Evolving Threat of Ransomware

https://thehackernews.com/2021/02/everything-you-need-to-know-about.html
Cybersecurity world is constantly evolving to new forms of threats & vulnerabilities; but ransomware proves to be a different animal—most destructive & is showing no signs of slowing down.