🔥 New Chinese-linked #malware, Mélofée, threatens Linux servers!

Uncovered by ExaTrack, it enables remote control over servers and hides itself using kernel-mode rootkits.

Learn more: https://thehackernews.com/2023/03/melofee-researchers-uncover-new-linux.html

🚨 Google's TAG reveals commercial spyware vendors exploited zero-day vulnerabilities on Android & iOS devices last year.

Learn more: https://thehackernews.com/2023/03/spyware-vendors-caught-exploiting-zero.html

These highly targeted campaigns put dissidents, journalists, & human rights workers at risk.

Beware of 🦠 Trojanized TOR installers targeting Russia & Eastern Europe with clipper malware designed to steal cryptocurrencies.

Learn more: https://thehackernews.com/2023/03/trojanized-tor-browser-installers.html

⚠️ 🚨 Active supply chain attack targets popular voice and video conferencing software 3CX Desktop App, affecting hundreds of well-known brands and millions of users.

A multi-stage attack chain has been identified, beginning with a trojanized app and leading to a 3rd stage infostealer DLL, capable of targeting Google Chrome, Microsoft Edge, Brave, and Mozilla Firefox browsers.

Learn more: https://thehackernews.com/2023/03/3cx-desktop-app-targeted-in-supply.html

🚨 New cybersecurity threat! AlienFox, a highly modular & constantly evolving toolset distributed on Telegram, enables attackers to harvest API keys & secrets from popular cloud service providers like AWS, Google Workspace, and Microsoft 365.

Learn more: https://thehackernews.com/2023/03/alienfox-malware-targets-api-keys-and.html

🔥 A group of academics has uncovered a new fundamental flaw in IEEE 802.11 Wi-Fi protocol standard affecting Linux, FreeBSD, Android & iOS devices.

Read: https://thehackernews.com/2023/03/new-wi-fi-protocol-security-flaw.html

Hackers can hijack TCP connections or intercept web traffic, potentially executing a DoS attack.

RedGolf, a highly-likely Chinese state-sponsored threat group, is using a new custom backdoor called KEYPLUG to target multiple sectors, including US government entities.

Learn more: https://thehackernews.com/2023/03/chinese-redgolf-group-targeting-windows.html

Researchers reveal details on Super FabriXss, a high-risk vulnerability in Azure Service Fabric Explorer that can lead to unauthenticated RCE attacks on containers hosted on nodes.

Learn more: https://thehackernews.com/2023/03/researchers-detail-severe-super.html

3CX, has confirmed that multiple versions of its desktop app for Windows & macOS have been affected by a supply chain attack.

The attack appears to have compromised 3CX's software build pipeline.

Learn more: https://thehackernews.com/2023/03/3cx-supply-chain-attack-heres-what-we.html

Cyber Police of Ukraine, along with law enforcement officials from Czechia, have arrested several members of a cybercriminal gang that earned over $4.33 million in illicit profits through phishing scams.

Learn more: https://thehackernews.com/2023/03/cyber-police-of-ukraine-busted-phishing.html

Cyber espionage group Winter Vivern (aka TA473) targets officials in Europe and U.S. by exploiting unpatched Zimbra vulnerability in gov't webmail portals.

Learn more: https://thehackernews.com/2023/03/winter-vivern-apt-targets-european.html

🔥 WEBINAR | Become an Incident Response Pro!

Unlock the secrets to bulletproof incident Response – Master the 6-Phase process with Asaf Perlman, Cynet's IR Leader!

Don't Miss Out – Save Your Seat: https://thehackernews.com/2023/03/deep-dive-into-6-key-steps-to.html

🚨 Urgent: Hackers are exploiting a high-severity flaw in the Elementor Pro plugin for WordPress, enabling them to take control of WooCommerce enabled sites. Update to version 3.11.7 or 3.12.0 immediately.

Learn more: https://thehackernews.com/2023/04/hackers-exploiting-wordpress-elementor.html

🚨 High-risk security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by hackers!

Details: https://thehackernews.com/2023/04/cacti-realtek-and-ibm-aspera-faspex.html

Update your systems ASAP to protect against MooBot and ShellBot attacks.

🚨 Microsoft patches Azure Active Directory misconfiguration issue, which exposed high-impact apps to unauthorized access and could have allowed attackers to modify Bing search results.

Learn more: https://thehackernews.com/2023/04/microsoft-fixes-new-azure-ad.html

Italy's data protection watchdog, Garante, temporarily bans OpenAI's ChatGPT, citing data protection concerns & potential violation of GDPR laws.

Learn more: https://thehackernews.com/2023/04/italian-watchdog-bans-openais-chatgpt.html

Despite the ban, apps using OpenAI's tech, such as Microsoft's Bing, are unaffected.

⚠️ Beware of OpcJacker! This stealthy malware is targeting users through fake websites, promising VPN services and more. Its main functions: keylogging, data theft, and crypto hijacking.

Learn more: https://thehackernews.com/2023/04/crypto-stealing-opcjacker-malware.html

⚠️ Western Digital discloses a network security breach involving unauthorized access to its systems on March 26, 2023.

Learn more: https://thehackernews.com/2023/04/western-digital-hit-by-network-security.html

Investigation underway with the help of cybersecurity experts and law enforcement.

A supply chain attack targeting 3CX has been linked to North Korea's Lazarus Group, with the second-stage implant (Gopuram) specifically singling out a select few cryptocurrency companies.

Learn more: https://thehackernews.com/2023/04/cryptocurrency-companies-targeted-in.html

🔒 Microsoft is taking action against malware abuse in OneNote by automatically blocking embedded files with "dangerous extensions".

Find the full list of 120 extensions here: https://thehackernews.com/2023/04/microsoft-tightens-onenote-security-by.html