Another Taj Mahal (between Tokyo and Yokohama)
https://www.kaspersky.com/blog/taj-mahal-apt/26370/
https://securelist.com/project-tajmahal/90240/

DACL Permissions Overwrite Privilege Escalation (CVE-2019-0841)
https://krbtgt.pw/dacl-permissions-overwrite-privilege-escalation-cve-2019-0841/

Analysis of a targeted attack exploiting the WinRAR CVE-2018-20250 vulnerability
https://www.microsoft.com/security/blog/2019/04/10/analysis-of-a-targeted-attack-exploiting-the-winrar-cve-2018-20250-vulnerability/

Sextortion profits decline despite higher volume, new techniques
https://blog.talosintelligence.com/2019/04/sextortion-update.html

Microsoft: Hackers compromised support agent’s credentials to access customer email accounts
https://techcrunch.com/2019/04/13/microsoft-support-agent-email-hack/

Adblock Plus filter lists may execute arbitrary code in web pages
https://armin.dev/blog/2019/04/adblock-plus-code-injection/

Reverse-engineering Broadcom wireless chipsets
https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html

Facebook says it ‘unintentionally uploaded’ 1.5 million people’s email contacts without their consent
https://www.businessinsider.sg/facebook-uploaded-1-5-million-users-email-contacts-without-permission-2019-4
https://blog.avast.com/facebook-imports-info-without-user-consent-avast

DNS Hijacking Abuses Trust In Core Internet Service
https://blog.talosintelligence.com/2019/04/seaturtle.html

New INPIVX Service May Change the Ransomware Game
https://www.bleepingcomputer.com/news/security/new-inpivx-service-may-change-the-ransomware-game/

DNSpionage brings out the Karkoff
https://blog.talosintelligence.com/2019/04/dnspionage-brings-out-karkoff.html

Operation ShadowHammer: a high-profile supply chain attack
https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/

Active Exploitation of Confluence Vulnerability CVE-2019-3396 Dropping Gandcrab Ransomware
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware
https://www.cybereason.com/blog/threat-actor-ta505-targets-financial-enterprises-using-lolbins-and-a-new-backdoor-malware

Emotet Adds New Evasion Technique and Uses Connected Devices as Proxy C&C Servers
https://blog.trendmicro.com/trendlabs-security-intelligence/emotet-adds-new-evasion-technique-and-uses-connected-devices-as-proxy-cc-servers/

The Economy of Credential Stuffing Attacks
https://www.recordedfuture.com/credential-stuffing-attacks/
https://go.recordedfuture.com/hubfs/reports/cta-2019-0425.pdf

Tech Support Scam Employs New Trick by Using Iframe to Freeze Browsers
https://blog.trendmicro.com/trendlabs-security-intelligence/tech-support-scam-employs-new-trick-by-using-iframe-to-freeze-browsers/

Buhtrap backdoor and ransomware distributed via major advertising platform
https://www.welivesecurity.com/2019/04/30/buhtrap-backdoor-ransomware-advertising-platform/

P2P Weakness Exposes Millions of IoT Devices
https://krebsonsecurity.com/2019/04/p2p-weakness-exposes-millions-of-iot-devices/

Not all Roads Lead to Magento: All Payment Platforms are Targets for Magecart
https://www.riskiq.com/blog/labs/magecart-beyond-magento/