The Hacker News Daily Updates

"Urgent:  Microsoft issues patch for 97 flaws, including Active Ransomware Exploit."

Views expressed in this cybersecurity, cybercrime summary are those of the reporters and correspondents.  Accessed on 12 April 2023, 1424 UTC.  Content provided by email subscription to "The Hacker News Daily Updates."

Source:  https://mail.google.com/mail/u/0/#trash/FMfcgzGsltTqkpFbFZQhcKJpqwQGtqSH ("The Hacker News Daily Updates").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net and https://paper.li/RussellRoberts).

The Hacker News Daily Updates

Why Account Security Doesn't Stop at Login Online accounts hold significant value for online businesses and their users, making them a prime target for fraud and abuse. Download Now Sponsored

LATEST NEWS Apr 12, 2023

Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit Threat actors using hacking tools from an Israeli surveillanceware vendor named QuaDream targeted at least five members of civil society in North America, Central Asia, Southeast Asia, Europe, and the Middle East. According to findings from a group of researchers from the Citizen Lab, the spyware campaign was directed against journalists, political opposition figures, and an NGO worker in ... Read More

The Service Accounts Challenge: Can't See or Secure Them Until It's Too Late Here's a hard question to answer: 'How many service accounts do you have in your environment?'. A harder one is: 'Do you know what these accounts are doing?'. And the hardest is probably: 'If any of your service account was compromised and used to access resources would you be able to detect and stop that in real-time?'.  Since most identity and security teams would provide a negative ... Read More

Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit It's the second Tuesday of the month, and Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the wild. Seven of the 97 bugs are rated Critical and 90 are rated Important in severity. Interestingly, 45 of the shortcomings are remote code execution flaws, followed by ... Read More

North Korean Hackers Uncovered as Mastermind in 3CX Supply Chain Attack Enterprise communications service provider 3CX confirmed that the supply chain attack targeting its desktop application for Windows and macOS was the handiwork of a threat actor with North Korean nexus. The findings are the result of an interim assessment conducted by Google-owned Mandiant, whose services were enlisted after the intrusion came to light late last month. The threat ... Read More

Newly Discovered "By-Design" Flaw in Microsoft Azure Could Expose Storage Accounts to Hackers A "by-design flaw" uncovered in Microsoft Azure could be exploited by attackers to gain access to storage accounts, move laterally in the environment, and even execute remote code. "It is possible to abuse and leverage Microsoft Storage Accounts by manipulating Azure Functions to steal access-tokens of higher privilege identities, move laterally, potentially access critical business assets, ... Read More

Cybercriminals Turn to Android Loaders on Dark Web to Evade Google Play Security Malicious loader programs capable of trojanizing Android applications are being traded on the criminal underground for up to $20,000 as a way to evade Google Play Store defenses. "The most popular application categories to hide malware and unwanted software include cryptocurrency trackers, financial apps, QR-code scanners, and even dating apps," Kaspersky said in a new report based on ... Read More

[eBook] A Step-by-Step Guide to Cyber Risk Assessment In today's perilous cyber risk landscape, CISOs and CIOs must defend their organizations against relentless cyber threats, including ransomware, phishing, attacks on infrastructure, supply chain breaches, malicious insiders, and much more. Yet at the same time, security leaders are also under tremendous pressure to reduce costs and invest wisely.  One of the most effective ways for CISOs ... Read More

Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers. The sophisticated typosquatting campaign, which was uncovered by JFrog late last month, impersonated legitimate packages to execute PowerShell code designed to retrieve a follow-on ... Read More

Why Account Security Doesn't Stop at Login Online accounts hold significant value for online businesses and their users, making them a prime target for fraud and abuse. Download Now Sponsored