4021

I use a USB connected mic. If I’m that paranoid and don’t think turning off the mike is actually turning off the mike, simply unplug the usb line from the mic.

4022

I think people need to start looking at internet of things tools, smart TVs, devices, etc. that use voice commands. As they are awaiting (read listening) for your commands.

4023

Old Gremlins, new methods
https://blog.group-ib.com/oldgremlin_comeback

4024

Zloader 2: The Silent Night
https://decoded.avast.io/vladimirmartyanov/zloader-the-silent-night/

4025

Threat Spotlight: “Haskers Gang” Introduces New ZingoStealer
https://blog.talosintelligence.com/2022/04/haskers-gang-zingostealer.html

4026

How to recover files encrypted by Yanlouwang
https://securelist.com/how-to-recover-files-encrypted-by-yanlouwang/106332/

4027

Newly found zero-click iPhone exploit used in NSO spyware attacks
https://www.bleepingcomputer.com/news/security/newly-found-zero-click-iphone-exploit-used-in-nso-spyware-attacks/
https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/
https://citizenlab.ca/2022/04/uk-government-officials-targeted-pegasus/

4028

Your iOS app may still be covertly tracking you, despite what Apple says
https://arstechnica.com/information-technology/2022/04/a-year-after-apple-enforces-app-tracking-policy-covert-ios-tracking-remains/
https://arxiv.org/pdf/2204.03556.pdf

4029

Emotet botnet switches to 64-bit modules, increases activity
https://www.bleepingcomputer.com/news/security/emotet-botnet-switches-to-64-bit-modules-increases-activity/

4030

New BotenaGo Variant Discovered by Nozomi Networks Labs
https://www.nozominetworks.com/blog/new-botenago-variant-discovered-by-nozomi-networks-labs/
https://www.virustotal.com/gui/file/fdbd955959a8f42450af5ac2bf93efba180f4cbae64dd4dd852f65c2e2057f56?nocache=1

4031

Social Networks Most Likely to be Imitated by Criminal Groups, with LinkedIn Now Accounting for Half of all Phishing Attempts Worldwide
https://blog.checkpoint.com/2022/04/19/social-networks-most-likely-to-be-imitated-by-criminal-groups-with-linkedin-now-accounting-for-half-of-all-phishing-attempts-worldwide/

4032

Warez users fell for Certishell
https://decoded.avast.io/danielbenes/warez-users-fell-for-certishell/

4033

Pwn2Own Miami 2022 Results
https://www.zerodayinitiative.com/blog/2022/4/14/pwn2own-miami-2022-results

4034

When “secure” isn’t secure at all: High‑impact UEFI vulnerabilities discovered in Lenovo consumer laptops
https://www.welivesecurity.com/2022/04/19/when-secure-isnt-secure-uefi-vulnerabilities-lenovo-consumer-laptops/

4035

Real-time voice concealment algorithm blocks microphone spying
https://www.bleepingcomputer.com/news/security/real-time-voice-concealment-algorithm-blocks-microphone-spying/
https://www.engineering.columbia.edu/news/block-smartphone-microphone-speech-recognition-spying
https://arxiv.org/pdf/2112.07076.pdf

4036

CVE-2022-21449: Psychic Signatures in Java
https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/

4037

Shuckworm: Espionage Group Continues Intense Campaign Against Ukraine
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-intense-campaign-ukraine

4038

Russia’s War in Ukraine Has Complicated the Means Through Which Cybercriminals Launder Funds. Here’s How They’re Adapting
https://www.flashpoint-intel.com/blog/russias-ukraine-war-is-complicating-cybercriminal-money-laundering/

4039

Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code
https://krebsonsecurity.com/2022/04/leaked-chats-show-lapsus-stole-t-mobile-source-code/

4040

Zero Tolerance: More Zero-Days Exploited in 2021 Than Ever Before
https://www.mandiant.com/resources/zero-days-exploited-2021