Google discloses flaws in multiple video chat apps—Signal, JioChat, Mocha, Duo, and Facebook Messenger—which could have allowed attackers to initiate a video call and eavesdrop on targets without user consent.

Read details: https://thehackernews.com/2021/01/google-discloses-flaws-in-signal-fb.html

Hackers behind the SolarWinds' cyber-attack also breached cybersecurity firm Malwarebytes and accessed its internal emails.

Read: https://thehackernews.com/2021/01/solarwinds-hackers-also-breached.html

Cybercriminals accidentally exposed thousands of stolen log-in credentials accessible to anyone via Google search—which were compromised during a large-scale phishing campaign that mainly targeted energy and construction companies.

https://thehackernews.com/2021/01/hackers-accidentally-expose-passwords.html

Google discloses flaws in multiple video chat apps—Signal, JioChat, Mocha, Duo, and Facebook Messenger—which could have allowed attackers to initiate a video call and eavesdrop on targets without user consent.

Read details: https://thehackernews.com/2021/01/google-discloses-flaws-in-signal-fb.html

Microsoft uncovers how SolarWinds hackers stayed under the radar for long enough during one of the most sophisticated attacks in recent history.

Read details: https://thehackernews.com/2021/01/heres-how-solarwinds-hackers-stayed.html

MrbMiner cryptocurrency-mining malware that surfaced last year and infected thousands of Microsoft SQL Server (MSSQL) databases has been found linked to a small software development company based in Iran.

Read: https://thehackernews.com/2021/01/mrbminer-crypto-mining-malware-links-to.html

🔥 KindleDrip Attack

Sharing malicious e-Books with Amazon Kindle users could have let attackers execute arbitrary code on Kindle devices, hijack accounts, and make unauthorized purchases.

Read: https://thehackernews.com/2021/01/sharing-ebook-with-your-kindle-could.html

EXCLUSIVE: Cybersecurity firm SonicWall hacked using zero-day flaws affecting its own VPN product.

https://thehackernews.com/2021/01/exclusive-sonicwall-hacked-using-0-day.html

Since the affected client lets users remotely access a company's internal resources, hackers could compromise other businesses using vulnerable software.

Watch Out! A fully-functional exploit has been released online that anyone can use to target vulnerable enterprises using a critical vulnerability affecting SAP Solution Manager software.

Read details: https://thehackernews.com/2021/01/beware-fully-functional-released-online.html

🔥 Researchers detail a recently disclosed Windows MSRPC Printer Spooler Relay vulnerability that can be exploited remotely to execute code on the attacked machine.

Learn more about NTLM Relay to RCE attack: https://thehackernews.com/2021/01/experts-detail-recent-remotely.html

🔥 BEWARE —A new WORMABLE Android malware is spreading automatically through WhatsApp messages by abusing its quick reply functionality in the notifications.

Read details: https://thehackernews.com/2021/01/beware-new-wormable-android-malware.html

Researchers uncover a new privacy vulnerability in TikTok that could have allowed attackers to access users' profile details and private phone numbers associated with their account.

Details: https://thehackernews.com/2021/01/tiktok-bug-could-have-exposed-users.html

An evolving phishing campaign targets high-ranking company executives across manufacturing, real estate, finance, government, and technological sectors to obtain sensitive information.

Read: https://thehackernews.com/2021/01/targeted-phishing-attacks-target-high.html

iPhone Users, BEWARE!


Hackers have been found actively exploiting 3 zero-day security vulnerabilities—affecting iOS, iPadOS, and tvOS—in the wild.


Read details on THN: https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html


Apple has urged its millions of users to update their devices to install the latest security patches.

Fire Watch Out! A new variant of NAT Slipstreaming attack—a technique to bypass routers and firewalls—now could let remote hackers target any device on an internal network from the Internet.

Read details and watch demo: https://thehackernews.com/2021/01/new-attack-could-let-remote-hackers.html

Researchers release PoC for an unpatched Microsoft Azure Function flaw that could let attackers escalate privileges and escape Docker container to the host.

https://thehackernews.com/2021/01/new-docker-container-escape-bug-affects.html
Company says the bug has no security impact as another defense boundary still protects the host.

The world's most dangerous botnet malware—Emotet—has finally been disrupted through a collective operation by law enforcement agencies from as many as 8 countries.

Read — https://thehackernews.com/2021/01/european-authorities-disrupt-emotet.html
Ukrainian police also arrested 2 individuals involved in the Emotet cyberattacks.

U.S. and Bulgarian authorities took control of the dark web infrastructure used by the NetWalker ransomware cybercrime group to publish data stolen from its victims.

Read: https://thehackernews.com/2021/01/authorities-seize-dark-web-site-linked.html

Italy CERT-AGID warns of a new Android malware family that hijacks targeted devices to steal user credentials for different services and can also record audio and video.

Read Details — https://thehackernews.com/2021/01/italy-cert-warns-of-new-credential.html

Lebanese Cedar APT hacker group—linked to Hezbollah Cyber Unit—broke into telecom, hosting providers, communication, IT, and applications companies worldwide.

Read more: https://thehackernews.com/2021/01/hezbollah-hacker-group-targeted.html

Security experts at Google uncover details of a new security feature that Apple quietly added to iOS 14 as a countermeasure to prevent attacks similar to those recently found to leverage zero-days in the messaging app.



https://thehackernews.com/2021/01/google-uncovers-new-ios-security.html