GitHub describes the recent cyberattack campaign involving the abuse of OAuth access tokens issued to Heroku and Travis-CI as "highly targeted" in nature.

Read: https://thehackernews.com/2022/05/github-says-recent-attack-involving.html

A newly discovered suspected espionage hacking group, dubbed UNC3524, is targeting the emails of employees involved in corporate development, mergers and acquisitions, and large corporate transactions.

Read: https://thehackernews.com/2022/05/new-hacker-group-pursuing-corporate.html

A newly discovered UNPATCHED vulnerability (CVE-2022-05-02) affects the DNS implementation of two popular libraries (Clibc and uClibc-ng) used in a number of IoT devices, allowing attackers to perform DNS poisoning attacks on targeted devices.

https://thehackernews.com/2022/05/unpatched-dns-related-vulnerability.html

China-aligned "Moshen Dragon" cyberespionage group has been caught using abusing popular antivirus products to sideload malware into telecommunications systems operating in Central Asia.

Read details: https://thehackernews.com/2022/05/chinese-hackers-caught-exploiting.html

Researchers have detected a new variant of AvosLocker ransomware that uses a legitimate driver file to disable antivirus solutions and evade detection.

Read: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html

Researchers analyze dozens of communications between Conti and Hive ransomware operators and victims, revealing the actors' communication style, persuasion tactics, ransom negotiation techniques, operational and targeting details, and more.

https://thehackernews.com/2022/05/experts-analyze-conti-and-hive.html

Researchers have discovered 5 new security vulnerabilities — dubbed TLStorm 2.0 — in multiple models of Aruba and Avaya network switches that could be exploited for remote access to enterprise networks and data theft.

Read: https://thehackernews.com/2022/05/critical-tlstorm-20-bugs-affect-widely.html

Google's Threat Analysis Group (TAG) says state-backed hackers and cybercriminals from China, Iran, North Korea and Russia are increasingly using Russian-Ukrainian War-themed documents as bait for phishing and malware campaigns.

Read: https://thehackernews.com/2022/05/ukraine-war-themed-files-become-lure-of.html

A critical RCE vulnerability (CVE-2022-26352) has been reported in the open-source dotCMS content management system, which is used by more than 10,000 customers in 70 countries, including Fortune 500 brands and mid-sized companies.

Read: https://thehackernews.com/2022/05/critical-rce-bug-reported-in-dotcms.html

China's Winnti hackers (also tracked as APT41, Blackfly, and BARIUM) have been spotted stealing sensitive proprietary data from technology and manufacturing firms in East Asia, Western Europe, and North America.

Read: https://thehackernews.com/2022/05/chinese-hackers-caught-stealing.html

The U.S. Securities and Exchange Commission (SEC) has announced that it will increase the size of its enforcement unit to combat cyber threats and frauds; and protect investors in cryptocurrency markets.

Read: https://thehackernews.com/2022/05/sec-plans-to-hire-more-staff-in-crypto.html

WATCH OUT! F5 warns of a new critical BIG-IP remote code execution vulnerability (CVE-2022-1388) due to missing authentication checks that could allow attackers to gain control of affected systems.

Details: https://thehackernews.com/2022/05/f5-warns-of-new-critical-big-ip-remote.html

Salesforce-owned #Heroku begins resetting users' passwords following the theft of #GitHub OAuth tokens, which involved unauthorized access to an internal customer database.

Read: https://thehackernews.com/2022/05/heroku-forces-user-password-resets.html

An insecure database from debt collection service ENCollect exposed data of hundreds of thousands of borrowers, had a total storage size of 5.8 GB, and contained a total of 1,686,363 records.

Read: https://thehackernews.com/2022/05/thousands-of-borrowers-data-exposed.html

Researchers disclose details of two decade-old high-severity vulnerabilities in Avast and AVG antivirus solutions that could be exploited by attackers to take full control of targeted systems.

Read: https://thehackernews.com/2022/05/researchers-disclose-10-year-old.html

Google announced plans to implement support for passwordless logins in Android and the Chrome web browser, allowing users to log in across devices and websites regardless of platform.

Read: https://thehackernews.com/2022/05/google-to-add-passwordless.html

The National Institute of Standards and Technology (NIST) has published updated cybersecurity guidelines for managing risks in the supply chain, which is increasingly proving to be a lucrative attack vector.

Read: https://thehackernews.com/2022/05/nist-releases-updated-guidance-for.html

Google releases monthly security patches for Android with fixes for 37 vulnerabilities in various components, including a fix for an actively exploited vulnerability in the Linux kernel.

Details: https://thehackernews.com/2022/05/google-releases-android-update-to-patch.html

Researchers uncover a new cyber espionage campaign by Chinese "Mustang Panda" hackers using PlugX implant, custom stagers, reverse shells, and Meterpreter-based shellcode to persist long-term on infected endpoints.

Read: https://thehackernews.com/2022/05/experts-uncover-new-espionage-attacks.html

Hackers using PrivateLoader's pay-per-install (PPI) service to spread a "fairly sophisticated" NetDooka malware framework that gives attackers complete control over infected devices.

Read: https://thehackernews.com/2022/05/hackers-using-privateloader-ppi-service.html