Recently Apple developers have released security updates, fixing three 0-day bugs in their porducts at once. Apple says, all of these problems could already have been exploited by hackers, which is obvious as the 0day Vulnerabilities before becoming public are exploited in the black market. 

All bugs affect the Webkit browser engine at the heart of the Browser Sadari. WebKit works in most of the company's products as a built-in component (including iPadOS, tvOS, and watchOS) that is used to display web content when there is no need to load a full browser.

They have provided fixes with with macOS Big Sur 11.3.1 ,   iOS 12.5.3 ,   iOS 14.5.1, iPadOS 14.5.1,  and   watchOS 7.4.1 , and the above 0-day vulnerabilities were assigned CVE-2021-30663, CVE- 2021-30665 and CVE-2021-30666. It is also worth noting that iOS 12.5.3 includes an additional patch for the CVE-2021-30661 bug. This is considered to be a new bug that was fixed a week earlier. 

Apple does not disclose the details of the vulnerabilities, as well as the information on the possible attacks done using those bugs. 

 The developers of the Composer PHP package manager have fixed a critical vulnerability that could be used to execute arbitrary commands and equip each PHP package with a backdoor, leading to attacks on the supply chain. The vulnerability received the identifier CVE-2021-29472 and was discovered on April 22, 2021 by researchers from SonarSource. Less than 12 hours later, a fix for this bug was submitted.

"The command injection vulnerability in HgDriver / HgDownloader has been fixed, and other VCS drivers and loaders have been hardened," the  Composer developers report in the  release notes  for versions 2.0.13 and 1.10.22 posted on Wednesday. "As far as we know, the vulnerability was not exploited by hackers."

According to SonarSource, the vulnerability is related to the way the download URLs of the source packages are handled, which could potentially trigger a remote command injection.

"A vulnerability in a central component that serves over 100,000,000 package metadata requests per month has a huge impact, as such a vulnerability can be exploited to steal developer credentials or redirect package downloads to third-party servers that provide dependencies with backdoors," they note at SonarSource.

The world has seen many ups and down, but The people of the world has not even in their dream would have taught that most of the google applications like Gmail, Google Meet, Google Contact, Blogger, Google Play and many other . 

https://www.google.com/appsstatus#hl=en&v=status 

1. Google Calander Server Down
2. Blogger Website Server Down
3. Google Play Down
4. Google Photos Down
5. Google Meet Down
6. Gmail Down
7. Google Contact Down

Google server was showing Server Error 500. In many of its services like Gmail, Google Calendar ,Google Drive, Google Docs, Google Sheets, Google Slides, Google Sites, Google Groups,Hangouts, Google Chat, Google Meet, Google Vault, Google Forms, Google Cloud, Search, Google Keep, Google Tasks, and  Google Voice. 

Google Calendar Down

Blogger Website Down

Check Point experts have arranged a Global Threat Index report for April this year. They note that few coronavirus-related spam crusades (COVID-19) are circulating another, changed variant of the Agent Tesla Trojan. Altogether, he assaulted around 3% of associations around the world. 

Agent Tesla is an advanced RAT, that is, a remote access trojan known to information security experts since 2014. The malicious program is written in .Net and is able to track and collect input from the victim’s keyboard, from the clipboard, take screenshots and retrieve credentials related to various programs installed on the victim’s computer (including Google Chrome, Mozilla Firefox and Microsoft Outlook). Malware can disable antivirus solutions and processes that try to analyse it and interfere with its operation. 

Specialists state that the new form of Agent Tesla has been adjusted to take Wi-Fi passwords. Additionally, the trojan can extricate email certifications from an Outlook customer. 

In April 2020, Agent Tesla was often seen in several malicious campaigns related to COVID-19. Such spam mailings try to interest the victim in allegedly important pandemic information, so that they download malicious files. 

One of these campaigns was purportedly sent by the World Health Organisation with the following topics: URGENT INFORMATION LETTER: FIRST HUMAN COVID19 VACCINETEST / RESULT UPDATE –– “URGENT NOTIFICATION: FIRST TEST OF VACCINE FROM COVID-19 FOR RESEARCH AND RESEARCH.” This once again emphasises that hackers use the latest developments in the world and the fear of the population to increase the effectiveness of their attacks. 

“The spam campaigns with Agent Tesla that we watched throughout April show how well cybercriminals fit into the information agenda and how quietly they trick unsuspecting victims,” says Vasily Diaghilev, head of Check Point Software Technologies in Russia and the CIS. - In Russia, Emotet, RigEK, XMRig were in the top three — criminals are focused on organising phishing attacks to steal users' personal and corporate data. Therefore, it is very important for any organisation to regularly train its employees, regularly informing them of the latest tools and methods of criminals. Now this is especially true, since most of the companies transferred their employees to the remote mode. ” 

This month, Dridex broker influenced 4% of associations around the world, while XMRig and Agent Tesla influenced 4% and 3%, individually. Subsequently, the TOP-3 of the most dynamic malware in April 2020 is as per the following: 

Dridex is a banking Trojan that infects Windows. It is distributed through spam mailings and exploit kits that use web-based agents to intercept personal data, as well as information about users' bank cards. 

XMRig is open source software, first discovered in May 2017. Used for mining cryptocurrency Monero; 

Agent Tesla - Advanced Remote Access Trojan (RAT). AgentTesla has been infecting computers since 2014, acting as a keylogger and password stealer. 

The list of the most active malware in Russia, as usual, differs from the world, it includes: 

Emotet  is an advanced self-propagating modular trojan. It was once an ordinary banker, but recently it has been used to spread malware and campaigns. New functionality allows you to send phishing emails containing malicious attachments or links. 

RigEK  –– a set of exploits, contains exploits for Internet Explorer, Flash, Java and Silverlight. The infection begins by redirecting the victim to a landing page containing a Java script that then looks for vulnerabilities and tries to exploit the problem. 

XMRig  is open source software, first discovered in May 2017. Used for mining cryptocurrency Monero.

“Seeing Cray under attack is very unusual, so I believe that the computing infrastructure around it has been attacked. Obviously, most users do not sit at a terminal connected directly to the supercomputer, so when remote access means fail, supercomputers become just an expensive piece of metal and silicon.

It seems that someone managed in an unknown way to get a reliable shell on the access node. Assuming this happened, setting it all up again will be a real headache. ”