Following reports of active exploitation in the wild, the U.S. cybersecurity agency (CISA) is urging companies to patch the newly discovered vulnerability in F5 BigIP which could allow attackers to take over multi-purpose network devices.

Read: https://thehackernews.com/2022/05/cisa-urges-organizations-to-patch.html

Experts unveil IceApple post-exploitation framework hackers used on hacked Microsoft Exchange servers to facilitate credential harvesting from local/remote host registries, credential logging on OWA servers, reconnaissance & data exfiltration.

https://thehackernews.com/2022/05/hackers-deploy-iceapple-exploitation.html

Cybersecurity agencies from Australia, Canada, New Zealand, the United Kingdom and the United States jointly issued a warning Wednesday about threats targeting managed service providers (MSPs) and their customers.

Read: https://thehackernews.com/2022/05/government-agencies-warned-of-increase.html

⭐ EXCELLENT!!!

Google will soon allow users to generate virtual credit cards when making online payments via the Chrome browser and Android — an important step towards protecting real credit cards.

Details: https://thehackernews.com/2022/05/blog-post.html

Researchers have identified a massive campaign responsible for injecting malicious JavaScript code into thousands of compromised WordPress websites that redirect visitors to scam pages and other malicious websites to generate illegitimate traffic.

Read: https://thehackernews.com/2022/05/thousands-of-wordpress-sites-hacked-to.html

European Commission has proposed a new regulation that would require technology companies to scan for child sexual abuse material (CSAM) and grooming behavior, raising #privacy concerns about the potential impact on end-to-end encryption.

https://thehackernews.com/2022/05/eu-proposes-new-rules-for-tech.html

Iranian hackers leverage legitimate tools like BitLocker and DiskCryptor in ransomware attacks against organizations in Israel, the U.S., Europe, and Australia.

Read: https://thehackernews.com/2022/05/iranian-hackers-leveraging-bitlocker.html

Zyxel has released a patch to address a critical security vulnerability affecting firewall devices that can allow unauthenticated and remote attackers to gain arbitrary code execution.

Read: https://thehackernews.com/2022/05/zyxel-releases-patch-for-critical.html

Jordan's foreign ministry has been targeted by a spear-phishing campaign dropping a stealthy backdoor dubbed Saitama.

Read: https://thehackernews.com/2022/05/new-saitama-backdoor-targeted-official.html

Google has announced the creation of a new "Open Source Maintenance Crew" to focus on improving the cybersecurity of critical open source projects.

Read: https://thehackernews.com/2022/05/google-created-open-source-maintenance.html

SonicWall has published an advisory warning of three new vulnerabilities in its Secure Mobile Access (SMA) 1000 appliances, including a high-threat authentication bypass vulnerability.

Read: https://thehackernews.com/2022/05/sonicwall-releases-patches-for-new.html

European Parliament announced a "provisional agreement" on NIS2, a new directive that aims to improve cybersecurity by setting stricter ground rules for critical industries such as energy, financial markets, health, and digital infrastructure.

https://thehackernews.com/2022/05/europe-agrees-to-adopt-new-nis2.html

A 28-year-old Ukrainian national has been sentenced to four years in prison for siphoning thousands of server credentials and selling them on the darkweb to make money.

Read: https://thehackernews.com/2022/05/ukrainian-hacker-jailed-for-4-years-in.html

Researchers are warning about a new malware toolkit called "Eternity Project" that allows professional and amateur cybercriminals to buy stealers, clippers, worms, miners, #ransomware, and a distributed denial of service (DDoS) bot.

Read: https://thehackernews.com/2022/05/researchers-warn-of-eternity-project.html

In a first-of-its-kind study, researchers have demonstrated a novel attack surface that could allows malware to be executed on the iPhone while the phone is "OFF".

Read: https://thehackernews.com/2022/05/researchers-find-way-to-run-malware-on.html

More than 200 apps masquerading as fitness, photo editing, and puzzle apps on Google Play Store have been caught infecting users' Android devices with the Facestealer spyware, which steals credentials and valuable cryptocurrency information.

https://thehackernews.com/2022/05/over-200-apps-on-play-store-caught.html

Russian Conti ransomware gang has threatened to overthrow the newly elected government of Costa Rica with a cyberattack and has increased its ransom demand to $20 million in order to obtain a decryption key to unlock the hacked systems.

Read: https://thehackernews.com/2022/05/russian-conti-ransomware-gang-threatens.html

Microsoft warns against "cryware" malware that steals information and exfiltrates data directly from untrusted cryptocurrency wallets.

Read: https://thehackernews.com/2022/05/microsoft-warns-of-cryware-info.html

U.S. State Department, Treasury Department, and FBI warn that highly skilled North Korean software and app developers are posing as "non-DPRK nationals" to work as freelancers or IT consultants enabling the regime's malicious cyberattacks.

Read: https://thehackernews.com/2022/05/us-warns-against-north-korean-hackers.html

Microsoft warns of a new malicious campaign targeting SQL Servers that involves use of a built-in PowerShell utility (sqlps.exe) to achieve fileless persistence on compromised systems.

Read: https://thehackernews.com/2022/05/hackers-gain-fileless-persistence-on.html

Researchers reveal the inner working of a cybercriminal group known as "Wizard Spider," providing unprecedented visibility into its structure, background, and motivations.

Read details — https://thehackernews.com/2022/05/researchers-expose-inner-working-of.html