Security Affairs newsletter Round 309
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
News
Joker malware infected 538,000 Huawei Android devices
More than 500,000 Huawei users have been infected with the Joker malware after downloading apps from the company’s official Android...
Hackers compromised APKPure client to distribute infected Apps
APKPure, one of the largest alternative app stores, was the victim of a supply chain attack, threat actors compromised client...
Slack and Discord are Being Hijacked by Hackers to Distribute Malware
A few famous online collaboration tools, including the likes of Slack and Discord, are being hijacked by hackers to disperse...
Cybersecurity experts warned of a possible attack on Russian accounts in May
DeviceLock, a company engaged in the fight against data leaks, warned of the preparation of an attack on the accounts...
Zoom Security Flaw: Now Hackers Can Take Control Of Your PC, Wait For Patch
Zoom security issues were lately troubling users worldwide, very often so. The Zoom video conferencing app was not in the...
Chrome Blocks Port 10080 to Prevent Slipstreaming Hacks
Google Chrome has blocked HTTPS, FTP, and HTTP access to TCP (transmission control protocol) port 10080 to protect ports getting...
CareFirst Data Breach: Sensitive Information of Customers Leaked Online
For the third time in the past six years, cybercriminals have targeted CareFirst BlueCross BlueShield Community Health Plan District of...
Crooks abuse website contact forms to deliver IcedID malware
Microsoft researchers spotted a malware campaign abusing contact forms on legitimate websites to deliver the IcedID malware. Security experts from...
This man was planning to kill 70% of Internet in a bomb attack against AWS
The FBI arrested a man for allegedly planning a bomb attack against Amazon Web Services (AWS) to kill about 70%...
Zerodium will pay $300K for WordPress RCE exploits
Zero-day broker Zerodium announced that will triples payouts for remote code execution exploits for the popular WordPress content management system....
Cisco will not release updates to fix critical RCE flaw in EoF Business Routers
Cisco announced it will not release security updates to address a critical security vulnerability affecting some of its Small Business...
Millions of Chrome users quietly added to Google’s FLoC pilot
Last month, Google began a test pilot of its Federated Learning of Cohorts—or FLoC—program, which the company has advertised as...
Cryptomining containers caught coining cryptocurrency covertly
In traditional software development, programmers code an application in one computing environment before deploying it to a similar, but often...
Maze/Egregor Ransomware Earned over $75 Million
Researchers at Analyst1 have noticed that the Maze/Egregor ransomware cartel has made at least $75 million in ransom payments to...
Man Sentenced To 12 Years For Attempting To Purchase Chemical Weapon On The Dark Web
A 46-year-old Missouri man has been sentenced to 12 years without parole in US federal prison today for trying to...
Visa: Hackers Use Web Shells to Compromise Servers and Steal Credit Card Details
Visa, a global payment processor has warned that hackers are on the rise in deploying web shells in infected servers...
North Korean Lazarus Group Attacks South African Freight Via New Weapon
The North Korean-backed Lazarus hacking group employed a new backdoor in targeted attacks against a South African freight and logistics...
Credit Card Hacking Forum Compromised 300,000 User Accounts Due To A Data Breach
As per the information provided by the website ‘Have I Been Pwned’, Carding Mafia, a credit card stealing and trading...
Malicious code in APKPure app
Recently, we’ve found malicious code in version 3.17.18 of the official client of the APKPure app store. The app is...
Pwn2Own 2021: participants earned $1,2M of the $1.5M prize pool
The Pwn2Own 2021 hacking competition was concluded, participants earned more than $1.2 million, the greatest total payout ever. The Pwn2Own...
CISA releases post-compromise tool Aviary to review Microsoft 365
CISA released a Splunk-based dashboard for post-compromise activity in Microsoft Azure Active Directory (AD), Office 365, and MS 365 environments. The Cybersecurity...
330K stolen payment cards and 895K stolen gift cards sold on dark web
A threat actor has sold almost 900,000 gift cards and over 300,000 payment cards on a cybercrime forum on the...
Moodle flaw exposed users to account takeover
Wizcase experts discovered a security flaw in the open-source learning platform Moodle that could allow accounts takeover. At the beginning...
