🔒 Heads up! Belkin's Wemo Mini Smart Plug V2 has been found to have a critical unpatched vulnerability that could potentially allow remote control by attackers.

Read: https://thehackernews.com/2023/05/serious-unpatched-vulnerability.html

🚨 ALERT: Financially motivated UNC3944 cyber attackers are leveraging Microsoft Azure Serial Console to gain full administrative access to virtual machines!

Learn more about this unique attack method: https://thehackernews.com/2023/05/threat-group-unc3944-abusing-azure.html

OilAlpha, a hacking group with suspected ties to Yemen's Houthi movement, is on the rise. Find out how they're using encrypted chat messengers and link shorteners to launch attacks.

Learn about their tactics: https://thehackernews.com/2023/05/oilalpha-emerging-houthi-linked-cyber.html

🔒 Cisco has released crucial updates to address 9 vulnerabilities in its Small Business Series Switches. Attackers could exploit these flaws remotely to run arbitrary code or cause a DoS.

Read details: https://thehackernews.com/2023/05/critical-flaws-in-cisco-small-business.html

Safeguard Your Network Now!

In 2022, Apple prevented:

✅ Over $2B in fraudulent transactions.
✅ Rejected 1.7M app submissions for privacy/security violations.
✅ Terminated 428K developer accounts for potential fraud.
✅ Blocked 105K fake developer account creations.
✅ Deactivated 282M bogus customer accounts.
✅ Thwarted 198M fraudulent new accounts.
✅ Blocked 57K untrustworthy apps from illegitimate storefronts.
✅ Reviewed 6.1M app submissions, leading to rejections for spam, copycats, misleading info, hidden features, and privacy violations.
✅ Blocked 147M fraudulent ratings/reviews.
✅ Intercepted 3.9M attempts to install/launch illicitly distributed apps.
✅ Blocked 3.9M stolen credit cards, banned 714K accounts for fraud.
✅ Blocked $2.09B in fraudulent transactions on the App Store.

Read details here: https://thehackernews.com/2023/05/apple-thwarts-2-billion-in-app-store.html

Darknet kingpin pleads guilty! Skynet Market operator pleads guilty in Missouri court, selling financial info of thousands of victims.

Read details here: https://thehackernews.com/2023/05/darknet-carding-kingpin-pleads-guilty.html

⚠️ ALERT: The notorious 8220 Gang strikes again!

They are exploiting a six-year-old critical security flaw in Oracle WebLogic servers to build a botnet for crypto mining.

Read details: https://thehackernews.com/2023/05/8220-gang-exploiting-oracle-weblogic.html

Cyber warfare escalates amidst rising tensions between China and Taiwan. Find out how malicious actors are using phishing lures and trojans to compromise sensitive information.

Details here: https://thehackernews.com/2023/05/escalating-china-taiwan-tensions-fuel.html

🚨 ALERT: Lemon Group, a cybercrime enterprise, has taken control of millions of pre-infected Android smartphones worldwide!

They're stealing SMS messages, social media accounts, and even using them for click fraud.

Learn more: https://thehackernews.com/2023/05/this-cybercrime-syndicate-pre-infected.html

🚨 Act now! Apple releases emergency security patches for iOS, iPadOS, #macOS, tvOS, watchOS, & Safari web browser to counter 3 new actively exploited zero-day vulnerabilities.

🔒 CVE-2023-32409
🔒 CVE-2023-28204
🔒 CVE-2023-32373

Read: https://thehackernews.com/2023/05/webkit-under-attack-apple-issues.html

💻⚡️ AI + Malware = Trouble!

Hackers are using Google Search ads to trick AI tool seekers into downloading malware.

Learn more: https://thehackernews.com/2023/05/searching-for-ai-tools-watch-out-for.html

Two npm packages, nodejs-encrypt-agent and nodejs-cookie-proxy-agent, were found to harbor the TurkoRat malware, capable of stealing sensitive info like login credentials and cryptocurrency data.

Read details: https://thehackernews.com/2023/05/developer-alert-npm-packages-for-nodejs.html

🕒 Countdown to the end of third-party cookies has begun!

Google is finally flipping the switch on its Privacy Sandbox initiatives, bidding farewell to third-party cookies & cross-app identifiers in Chrome.

Learn more about this here: https://thehackernews.com/2023/05/privacy-sandbox-initiative-google-to.html

🚨 Heads up, Samsung devices under attack! CISA warns of an active exploitation targeting a medium-severity flaw.

Read: https://thehackernews.com/2023/05/samsung-devices-under-active.html

💥 Infamous cybercrime syndicate FIN7 is back in business, launching their first ransomware campaign in years and utilizing powerful tools such as POWERTRASH, Lizar, OpenSSH, and Impacket for exploitation.

Find details here: https://thehackernews.com/2023/05/notorious-cyber-gang-fin7-returns-cl0p.html

From teenage hacker to cybercriminal mastermind: Meet 'Jack,' the mind behind Golden Chickens malware. eSentire reveals his digital trail and involvement in developing malicious tools.

Read details here: https://thehackernews.com/2023/05/meet-jack-from-romania-mastermind.html

⚠️ Important notice for the Python community!

The administrators of the PyPI software repository have disabled new user sign-ups and package uploads until further notice due to an overwhelming surge of malicious users and projects.

Read details here: https://thehackernews.com/2023/05/pypi-repository-under-attack-user-sign.html

🚨 Attention KeePass users! A newly discovered security flaw (CVE-2023-32784) could expose your master password in cleartext!

Read details here: https://thehackernews.com/2023/05/keepass-exploit-allows-attackers-to.html

Upgrade to KeePass 2.54 once it's released.

UK national sentenced to 13+ years in prison for operating iSpoof, an online phone number spoofing service. The platform enabled fraudsters to impersonate banks and deceive victims.

Read details: https://thehackernews.com/2023/05/uk-fraudster-behind-ispoof-scam.html

New revelations about the Bad Magic hacker group uncover a longer history than expected. Kaspersky's latest report connects them to CloudWizard, a modular framework with alarming capabilities.

Read details: https://thehackernews.com/2023/05/bad-magics-extended-reign-in-cyber.html

#cybersecurity #hacking #malware

GUI-vil, the financially driven Indonesian group, leverages AWS EC2 instances for crypto mining, leaving victim organizations to bear the cost.

Read details: https://thehackernews.com/2023/05/indonesian-cybercriminals-exploit-aws.html