Iranian hackers unleash data-wiping attack on diamond industries in South Africa, Israel, and Hong Kong via supply-chain attack on Israeli software firm.

Read: https://thehackernews.com/2022/12/iranian-hackers-strike-diamond-industry.htm

Google warns that North Korean hackers exploited an Internet Explorer zero-day vulnerability to target South Korean users by capitalizing on the recent Itaewon Halloween crowd crush to trick users into downloading malware.

https://thehackernews.com/2022/12/google-warns-of-internet-explorer-zero.html

Apple announces a raft of new security measures, including:

✅ New Advanced Data Protection setting
✅ iMessage contact key verification
✅ End-to-end encrypted data backups in iCloud
✅ Support for hardware security keys for Apple ID

https://thehackernews.com/2022/12/apple-boosts-security-with-new-imessage.html

Researchers have discovered a new method for exfiltrating data from air-gapped computers that abuses the dynamic power consumption of modern computers to generate radio waves.

Read: https://thehackernews.com/2022/12/covid-bit-new-covert-channel-to.html

Iran-linked MuddyWater hackers on the prowl again, using compromised corporate email accounts to launch spear-phishing attacks on countries in the Middle East and Central and West Asia with updated attack tactics.

Read: https://thehackernews.com/2022/12/muddywater-hackers-target-asian-and.html

Researchers have discovered a new hybrid malware campaign that targets both Android and Windows operating systems, allowing it to expand its pool of victims.

Read: https://thehackernews.com/2022/12/researchers-uncover-darknet-service.html

Iranian nation-state hackers are using a new malware dubbed "Drokbk" that uses GitHub as a "dead drop resolver" to hide its communication with attackers, receive commands and exfiltrate stolen data.

Read: https://thehackernews.com/2022/12/researchers-uncover-new-drokbk-malware.html

Researchers have reported an increase in TrueBot malware infections, involving a new variant that abuses the Netwrix Auditor vulnerability and the Raspberry Robin worm to attack Mexico, Brazil, and the United States.

Read: https://thehackernews.com/2022/12/new-truebot-malware-variant-leveraging.html

Cisco warns of an unpatched, high-severity vulnerability (CVE-2022-20968) affecting IP Phone 7800 and 8800 series IP phones, for which a public proof-of-concept exploit is available.

Read: https://thehackernews.com/2022/12/cisco-warns-of-high-severity-unpatched.html

Researchers describe a new attack method that can bypass web application firewalls (WAFs) and infiltrate systems.

Read: https://thehackernews.com/2022/12/researchers-detail-new-attack-method-to.html

The method worked successfully against WAFs from vendors such as AWS, Cloudflare, F5, Imperva, and Palo Alto Networks

Hack-for-hire group Evilnum uses new Janicab malware variant to attack travel, legal and financial entities.

Read: https://thehackernews.com/2022/12/hack-for-hire-group-targets-travel-and.html

Cryptocurrency mining attacks against Linux systems are leveraging the open-source CHAOS remote access trojan to gain unauthorized access to the infected systems and mine cryptocurrencies.

Read: https://thehackernews.com/2022/12/cryptocurrency-mining-campaign-hits.html

U.S. Department of Health and Human Services (HHS) has issued a warning about ongoing ransomware attacks targeting healthcare entities in the country.

Read: https://thehackernews.com/2022/12/royal-ransomware-threat-takes-aim-at-us.html

Say goodbye to passwords!

Google is rolling out passkeys support to its stable version of Chrome web browser for Windows, Android and macOS.

Read: https://thehackernews.com/2022/12/google-adds-passkey-support-to-chrome.html

Stay secure and logged in with this next-generation login standard

Stay ahead of the curve and protect your business with the latest cybersecurity news and insights.

Follow our LinkedIn page and join our community for the most relevant and timely cybersecurity news and information.

https://www.linkedin.com/company/thehackernews/

Researchers have discovered new vulnerabilities in popular endpoint detection and response (EDR) and antivirus solutions (AV) that can be weaponized against users to carry out wiping attacks.

Read details: https://thehackernews.com/2022/12/researchers-demonstrate-how-edr-and.html

Urgent: Fortinet has issued emergency patches for a severe pre-auth RCE vulnerability (CVE-2022-42475) affecting its FortiOS SSL-VPN product that is being actively exploited in the wild.

Read: https://thehackernews.com/2022/12/fortinet-warns-of-active-exploitation.html

Ugh, not again! Multiple malware campaigns discovered targeting Python and JavaScript developers via the official PyPI and npm repositories.

Read: https://thehackernews.com/2022/12/malware-strains-targeting-python-and.html

Cybersecurity researchers have unveiled the inner workings of a devastating new ransomware known as Azov, designed to corrupt data and inflict "impeccable damage" on compromised systems.

Read: https://thehackernews.com/2022/12/cybersecurity-experts-uncover-inner.html

This severe vulnerability affecting the Amazon ECR Public Gallery may have opened the repositories to potential "deep #software supply chain" attacks.

Read: https://thehackernews.com/2022/12/serious-attacks-could-have-been-staged.html

Google launches open source availability of OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about various projects.

Read: https://thehackernews.com/2022/12/google-launches-largest-distributed.html