⚠️GitHub finds that hackers abused stolen OAuth access tokens issued to 2 third-party OAuth integrators, Heroku and Travis-CI, to unauthorizedly download private data from several organizations.

Details: https://thehackernews.com/2022/04/github-says-hackers-breach-dozens-of.html

U.S. authorities report that NorthKorean Lazarus hackers were responsible for the $540 million Axie Infinity crypto hack, while Symantec researchers warn that the group is now targeting chemical companies in an ongoing cyberespionage campaign.

https://thehackernews.com/2022/04/lazarus-hackers-behind-540-million-axie.html

A critical RCE vulnerability has been reported in the WordPress plugin Elementor Website Builder, with over five million active installations, which could allow attackers to take over unpatched websites.

Details: https://thehackernews.com/2022/04/critical-rce-flaw-reported-in-wordpress.html

Ukraine government has warned of a new wave of hacking campaigns that spread IcedID malware and exploit Zimbra exploits to steal sensitive information.

Details: https://thehackernews.com/2022/04/new-hacking-campaign-targeting.html

Cybersecurity researchers have uncovered a new version of the SolarMarker malware that packs in new enhancements to improve its ability to evade defenses and stay under the radar.

Read details: https://thehackernews.com/2022/04/new-solarmarker-malware-variant-using.html

Researchers provide a detailed technical analysis of the PYSA ransomware group primarily striking government, healthcare, and education sectors.

Read details: https://thehackernews.com/2022/04/researchers-share-in-depth-analysis-of.html

Github's security team has notified users/organizations whose private data was downloaded with stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI.

Details: https://thehackernews.com/2022/04/github-notifies-victims-whose-private.html

U.S. government has issued a new warning about North Korean state-sponsored hackers targeting blockchain companies, including cryptocurrency exchanges, DeFi protocols, trading firms, venture capital funds, and individuals holding NFTs.

Read: https://thehackernews.com/2022/04/fbi-us-treasury-and-cisa-warns-of-north.html

A previously unknown zero-click exploit for Apple's iMessage was used to install spyware from NSO Group and Candiru on 65 people as part of a "multi-year clandestine operation."

Read details: https://thehackernews.com/2022/04/experts-uncover-spyware-attacks-against.html

Researchers discover multiple UEFI firmware vulnerabilities in various Lenovo laptop models that allow malicious actors to install and execute firmware implants on the affected devices.

Read details: https://thehackernews.com/2022/04/new-lenovo-uefi-firmware.html

CISA has issued a new warning that hackers are exploiting a recently reported vulnerability in the Windows Print Spooler, as well as two other vulnerabilities in Zimbra and WhatsApp that are being exploited.

Read: https://thehackernews.com/2022/04/hackers-exploiting-recently-reported.html

Okta said it concluded its investigation into the breach of a third-party vendor by the LAPSUS$ extortionist gang in late January 2022 and determined only two customers were affected.

Read details: https://thehackernews.com/2022/04/okta-says-security-breach-by-lapsus.html

Researchers disclose details about a now-patched vulnerability in the Snort Intrusion Detection and Prevention System that could allow attackers to render it powerless against malicious traffic.

Read details: https://thehackernews.com/2022/04/researchers-detail-bug-that-could.html

Google Project Zero called 2021 a "record year for in-the-wild 0-days," as 58 security vulnerabilities were detected and disclosed during the course of the year.

Details: https://thehackernews.com/2022/04/google-project-zero-detects-record.html

Five Eyes nations have released a joint cybersecurity advisory warning of an increase in malicious attacks by Russian state-sponsored actors and criminal groups on critical infrastructure amid the ongoing military siege of #Ukraine.

Read: https://thehackernews.com/2022/04/five-eyes-nations-warn-of-russian-cyber.html

Researchers have published a new incident report revealing how hackers exploited "ProxyShell" vulnerabilities in Microsoft Exchange to encrypt companies' networks with Hive ransomware.

Read details: https://thehackernews.com/2022/04/new-incident-report-reveals-how-hive.html

Researchers have found three vulnerabilities in the audio decoders of Qualcomm and MediaTek Android mobile chips that, if exploited, could allow hackers to remotely access media and audio conversations on affected devices.

Read: https://thehackernews.com/2022/04/critical-chipset-bug-opens-millions-of.html

A new unpatched vulnerability has been disclosed in the RainLoop webmail client that could allow hackers to remotely access the victim's inbox by sending a specially crafted email.

Read details: https://thehackernews.com/2022/04/unpatched-bug-in-rainloop-webmail-could.html

Cisco has released security updates to address three high-severity vulnerabilities in its TelePresence, RoomOS and Umbrella VA products that could be exploited to conduct DoS attacks and take control of affected systems.

Read: https://thehackernews.com/2022/04/cisco-releases-security-patches-for.html

QNAP has issued a notice recommending users update firmware for network-attached storage (NAS) appliances to fix two vulnerabilities affecting the Apache HTTP component.

Read: https://thehackernews.com/2022/04/qnap-advises-users-to-update-nas.html

Cybersecurity researchers warn of LemonDuck cryptocurrency mining botnet targeting Docker and TeamTNT hacker group attacking #Kubernetes and public cloud providers to mine cryptocurrencies.

Read details: https://thehackernews.com/2022/04/watch-out-cryptocurrency-miners.html