U.K. National Health Service (NHS) has warned that attackers are actively exploiting Log4Shell vulnerabilities in unpatched VMware Horizon servers to drop malicious web shells and establish persistence on affected networks for follow-on attacks.

Detail: https://thehackernews.com/2022/01/nhs-warns-of-hackers-targeting-log4j.html

Facebook has launched a new “Privacy Center” to educate users about five common privacy topics — sharing, security, data collection, data use and ads.

Read: https://thehackernews.com/2022/01/facebook-launches-privacy-center-to.html

BADNEWS! 'Patchwork' APT group fell victim to its own spying malware, revealing the tactics, procedures, and techniques used by an Indian hacker group.

Read details: https://thehackernews.com/2022/01/badnews-patchwork-apt-hackers-score-own.html

Researchers have found links between an emerging DDoS botnet named "Abcbot" and the Xanthe cryptocurrency-mining malware attacks.

Read: https://thehackernews.com/2022/01/abcbot-botnet-linked-to-operators-of.html

Europol ordered to delete a vast trove of personal data the agency obtained on individuals with no proven ties to criminal activity.

Read details: https://thehackernews.com/2022/01/europol-ordered-to-delete-data-of.html

Microsoft has revealed details of a new macOS "powerdir" vulnerability (CVE-2021-30970) that could allow attackers to gain access to user data.

Read details: https://thehackernews.com/2022/01/microsoft-details-macos-bug-that-could.html

Moxie Marlinspike, founder of the popular encrypted instant messaging service Signal, has announced that he is stepping down as CEO and WhatsApp co-founder Brian Acton will serve as interim CEO.

Read details: https://thehackernews.com/2022/01/signal-ceo-resigns-whatsapp-co-founder.html

A new high-severity KCodes NetUSB #vulnerability affects millions of routers from various manufacturers.

Details: https://thehackernews.com/2022/01/new-kcodes-netusb-bug-affect-millions.html

First Microsoft Patch Tuesday update of 2022 fixes 96 new vulnerabilities, including a critical "wormable" Windows RCE vulnerability (CVE-2022-21907) in the HTTP Protocol Stack.

Read details: https://thehackernews.com/2022/01/first-patch-tuesday-of-2022-brings-fix.html

U.S. cybersecurity and intelligence agencies published a joint advisory on how to detect, respond to, and mitigate cyberattacks on critical infrastructure orchestrated by Russian state-backed actors.

Details: https://thehackernews.com/2022/01/fbi-nsa-and-cisa-warns-of-russian.html

A new espionage malware called SysJoker has been discovered and is targeting users on Windows, macOS and Linux users.

Read details: https://thehackernews.com/2022/01/new-sysjoker-espionage-malware.html

Apple releases the latest iOS and iPadOS 15.2.1 updates to patch a vulnerability found in HomeKit that allows DoS attacks.

Details: https://thehackernews.com/2022/01/apple-releases-iphone-and-ipad-updates.html

Iranian nation-state hackers exploiting the Log4j vulnerability to deploy a new PowerShell-based framework—dubbed "CharmPower"—designed to establish persistence, gather information, and execute commands.

Read details — https://thehackernews.com/2022/01/iranian-hackers-exploit-log4j.html

Researchers have decoded the mechanism by which the versatile Qakbot banking trojan handles the insertion of encrypted configuration data into the Windows Registry.

Read: https://thehackernews.com/2022/01/researchers-decrypted-qakbot-banking.html

GootLoader malware campaign now targets employees of law and accounting firms, indicating the adversary is expanding its focus to other high-value targets.

Details: https://thehackernews.com/2022/01/gootloader-hackers-targeting-employees.html

Cisco releases patch for a new critical vulnerability (CVE-2022-20658 / CVSS 9.6) affecting the Unified CCMP and Unified CCDM that could be weaponized to create rogue Administrator accounts by sending a crafted HTTP request.

Details: https://thehackernews.com/2022/01/cisco-releases-patch-for-critical-bug.html

Ukrainian police have arrested 5 people—including a married couple—linked to a gang that orchestrated ransomware attacks on more than 50 companies in Europe and the United States.

Read details: https://thehackernews.com/2022/01/husband-wife-arrested-in-ukraine-for.html

A British hacker has been sentenced to more than two years in prison for illegally hacking into the phones and computers of a number of victims, including women and children, to spy on them and amass a collection of indecent images.

https://thehackernews.com/2022/01/uk-hacker-jailed-for-spying-on-children.html

North Korean hackers have stolen millions of dollars worth of digital assets from small & medium-sized companies worldwide working with cryptocurrencies and smart contracts, DeFi, Blockchain, and FinTech.

Details: https://thehackernews.com/2022/01/north-korean-hackers-stole-millions.html

A "massive" coordinated cyberattack has taken down several Ukrainian government websites on Friday morning—amid heightened tensions with Russia.

Read: https://thehackernews.com/2022/01/massive-cyber-attack-knocks-down.html

🔥 Russian authorities have arrested members of the REvil ransomware gang responsible for several high-profile cyberattacks — and seized 426 million rubles in cash, $600,000 + €500,000 in cryptocurrency, computers and 20 luxury cars.

Details: https://thehackernews.com/2022/01/russia-arrests-revil-ransomware-gang.html