Interestingly, GO SMS Pro messaging app developers tried quietly fixing publicly disclosed #vulnerability with incomplete patches and yet again failed to protect millions of its users' sensitive data.

Details: https://thehackernews.com/2020/12/incomplete-go-sms-pro-patch-left.html

🔥 Google researcher demonstrates zer0-click Wi-Fi-based "wormable" iOS bug (CVE-2020-9844) that could have let remote attackers gain complete control over targeted iPhones.

https://thehackernews.com/2020/12/google-hacker-details-zero-click.html

⚠️ WARNING: Multiple botnet malware have been found exploiting a critical Oracle WebLogic bug to deploy crypto miners on thousands of unpatched servers, as well as stealing sensitive data.

Read — https://thehackernews.com/2020/12/multiple-botnets-exploiting-critical.html

Researchers today took the wraps off a previously undocumented Russian APT Turla backdoor, dubbed "Crutch," that was deployed against governments, embassies, and military targets from 2015 to early 2020.

Read details: https://thehackernews.com/2020/12/experts-uncover-crutch-russian-malware.html

🔥 ALERT 🔥

Several popular Android apps—including OkCupid, Cisco Teams, Microsoft Edge—haven't yet patched a high-severity in Android's Play Core library, leaving hundreds of millions of users at risk of hacking.

Read details: https://thehackernews.com/2020/12/several-unpatched-popular-android-apps.html

⚠️ WATCH OUT!

Notorious TrickBot computer virus gets a new UEFI/BIOS bootkit functionality to hide and maintain firmware-level persistence on infected machines.

Read details — https://thehackernews.com/2020/12/trickbot-malware-gets-uefibios-bootkit.html

DeathStalker hacker-for-hire group found using a new in-memory Windows malware in operations against targets in Asia, Europe, and the US.

Read more: https://thehackernews.com/2020/12/hackers-for-hire-group-develops-new.html

Nation-state hackers are targeting companies responsible for storing and distributing the COVIDー19 vaccine.

Read more: https://thehackernews.com/2020/12/hackers-targeting-companies-involved-in.html

Payment Card Skimmer Group FakeSecurity Spotted Using Raccoon Info-Stealer Malware to Siphon Off Private Data.

Read details: https://thehackernews.com/2020/12/payment-card-skimmer-group-using.html

Learn how DMARC email protection can stop cybercriminals from sending scam or malicious emails on your organization's behalf.

https://thehackernews.com/2020/12/how-dmarc-can-stop-criminals-sending.html

Researchers unveiled previously undisclosed capabilities of an Android spyware implant developed by a sanctioned Iranian threat actor that could let attackers spy on private chats from popular instant messaging apps, force Wi-Fi connections, and auto-answer calls from specific numbers for purposes of eavesdropping on conversations.

https://thehackernews.com/2020/12/iranian-rana-android-malware-also-spies.html

The National Security Agency (NSA) warns Russian hackers are exploiting recently disclosed VMware vulnerability (CVE-2020-4006) to breach corporate networks.

Read more: https://thehackernews.com/2020/12/nsa-warns-russian-hacker-exploiting.html

Companies and government agencies are advised to patch it as soon as possible.

WARNING: A zero-click wormable RCE vulnerability has been reported in Microsoft Teams software, allowing attackers to compromise a victim's system by merely sending a specially-crafted chat message.

Read: https://thehackernews.com/2020/12/zero-click-wormable-rce-vulnerability.html

Widely used DSR family of D-Link VPN routers found vulnerable to 3 new high-risk vulnerabilities, potentially leaving hundreds of thousands of networks open to remote attacks—even if they’re secured with a strong password.

Read details: https://thehackernews.com/2020/12/warning-critical-remote-hacking-flaws.html

Dec 2020 Patch Tuesday — Microsoft releases Windows Updates to fix a total of 58 newly discovered security vulnerabilities, effectively bringing their CVE total to 1250 for the year.

Details: https://thehackernews.com/2020/12/microsoft-releases-windows-update-dec.html

🔥 FireEye—one of the largest cybersecurity companies—got hacked; the company says state-sponsored hackers stole its arsenal of Red Team penetration testing tools.

Read details: https://thehackernews.com/2020/12/cybersecurity-firm-fireeye-got-hacked.html

Experts disclose 33 new vulnerabilities in widely-used embedded TCP/IP stacks impacting millions of IoT devices from at least 158 vendors—ranging from networking equipment and medical devices to industrial control systems.

https://thehackernews.com/2020/12/amnesia33-critical-tcpip-flaws-affect.html

Russian APT28 hackers spotted leveraging COVID-19 as phishing lures to deliver the Go version of Zebrocy (or Zekapab) malware.

Details: https://thehackernews.com/2020/12/russian-apt28-hackers-using-covid-19-as.html

The U.S. Federal Trade Commission (FTC) and 48 states are suing Facebook for allegedly breaking antitrust laws for illegal monopolization and neutralizing competitors using Instagram and WhatsApp.

https://thehackernews.com/2020/12/48-us-states-and-ftc-are-suing-facebook.html

Multiple critical flaws in a core networking library powering Valve's Steam online gaming platform could have allowed malicious gamers to hijack game servers remotely.

Read details: https://thehackernews.com/2020/12/valves-steam-server-bugs-couldve-let.html

Facebook tracks two hacking groups—APT32 to an IT company in Vietnam and a Bangladesh group to two non-profit organizations in the country—and blocked their malicious activities on its social media platform.

Details: https://thehackernews.com/2020/12/facebook-tracks-apt32-oceanlotus.html