Hackers are creating fraudulent crypto tokens to trick victims into buying the tokens, and then abusing misconfigurations in smart contracts to steal funds as part of the rug pull scam.

Read details: https://thehackernews.com/2022/01/hackers-creating-fraudulent-crypto.html

A previously undocumented malware packer named DTPacker has been observed distributing multiple RATs and information stealers such as Agent Tesla, Ave Maria, AsyncRAT, and FormBook.

Read details: https://thehackernews.com/2022/01/hackers-using-new-malware-packer.htm

Android banking malware BRATA has been updated with new features that grants it the ability to track device locations and even perform a factory reset in an apparent bid to cover up fraudulent wire transfers.

Read: https://thehackernews.com/2022/01/mobile-banking-trojan-brata-gains-new.html

Researchers discover that TrickBot malware now uses new techniques to evade web injection attacks.

Read: https://thehackernews.com/2022/01/trickbot-malware-using-new-techniques.html

Researchers uncover a new espionage campaign in which attackers are exploiting a critical MSHTML vulnerability to target high-level government officials and defense industry figures in West Asia.

Read details: https://thehackernews.com/2022/01/hackers-exploited-mshtml-flaw-to-spy-on.html

A 12-year-old vulnerability (CVE-2021-4034) has been discovered in the Polkit utility that could allow unprivileged attackers to gain root access to targeted Linux systems.

Details: https://thehackernews.com/2022/01/12-year-old-polkit-flaw-lets.html

Google abandons FLoC, its controversial plan to replace 3rd-party cookies, in favor of a new Privacy Sandbox proposal called "Topics API" that categorizes users' browsing habits into about 350 topics for online ads.

Read details: https://thehackernews.com/2022/01/google-drops-floc-and-introduces-topics.html

Researchers link an initial access broker (tracked as "Prophet Spider") to recent Log4Shell attacks on unpatched VMware Horizon servers.

Read details: https://thehackernews.com/2022/01/initial-access-broker-involved-in.html

Apple releases iOS 15.3 and macOS Monterey 12.2 with a fix for Safari's privacy-defeating bug as well as a patch for an actively exploited zero-day vulnerability.

Read details: https://thehackernews.com/2022/01/apple-releases-ios-and-ipados-updates.html

Hackers have been spotted using a new evasion technique for spreading the AsyncRAT Trojan as part of a sophisticated malware campaign.

https://thehackernews.com/2022/01/hackers-using-new-evasive-technique-to.html

Researchers warn of widespread malware campaigns spreading FluBot and TeaBot trojans to Android devices.

Read: https://thehackernews.com/2022/01/widespread-flubot-and-teabot-malware.html

Hackers compromise hundreds of WordPress websites to distribute Chaes banking trojan that hijacks victims' Chrome browsers with malicious extensions.

https://thehackernews.com/2022/01/chaes-banking-trojan-hijacks-chrome.html

QNAP warns of DeadBolt ransomware targeting Internet-facing network-attached storage (NAS) appliances and routers.

Read: https://thehackernews.com/2022/01/qnap-warns-of-deadbolt-ransomware.html

Microsoft fended off a record-breaking DDoS attack that hit Azure customers at a peak of 3.47 terabits per second, and two others that topped 2.4 terabits per second.

Read details: https://thehackernews.com/2022/01/microsoft-mitigated-record-breaking-347.html

North Korean hackers are back with a stealthier version of their KONNI RAT malware.

Read details: https://thehackernews.com/2022/01/north-korean-hackers-return-with.html

North Korean hackers from the Lazarus group are using Windows Update Service to infect computers with malware and GitHub as a command-and-control server.

Read details: https://thehackernews.com/2022/01/north-korean-hackers-using-windows.html

Microsoft warns of a large-scale, multi-stage phishing campaign that uses stolen credentials to register rouge devices on a victim's network to further propagate spam emails and increase the infection pool.

Read details: https://thehackernews.com/2022/01/hackers-using-device-registration-trick.html

DeepDotWeb news site operator has been sentenced to 8 years in prison for money laundering and advertising illegal darknet marketplaces.

Details: https://thehackernews.com/2022/01/deepdotweb-news-site-operator-sentenced.html

Apple pays a $100,500 bug bounty to a hacker who found a way to remotely hack the MacBook's webcam.

Read details: https://thehackernews.com/2022/01/apple-pays-100500-bounty-to-hacker-who.html

Researchers have found a way to use natural silk fibers from domesticated silkworms as a Physical Unclonable Function (PUF) to generate secure and unique identifiers for strong authentication (e.g., cryptographic keys).

Read details: https://thehackernews.com/2022/01/researchers-use-natural-silk-fibers-to.html

German court rules that websites embedding fonts from Google servers violate GDPR, and must pay €100 in damages for passing a user's personal data — i.e. IP address — to Google without consent.

Read details: https://thehackernews.com/2022/01/german-court-rules-websites-embedding.html