AQUATIC PANDA APT hackers with links to China are targeting academic institutions with the Log4Shell exploit.

Read details: https://thehackernews.com/2021/12/chinese-apt-hackers-used-log4shell.html

Researchers warn of a new rootkit malware — dubbed 'iLOBleed' — that's attacking HP Enterprise servers in-the-wild and aims to delete data from them.

Read details: https://thehackernews.com/2021/12/new-ilobleed-rootkit-targeting-hp.html

Microsoft releases a fix for the Exchange Y2K22 bug that caused emails to get stuck in queues when a date validation error occurred around the turn of the year.

Read: https://thehackernews.com/2022/01/microsoft-issues-fix-for-exchange-y2k22.html

Researchers demonstrate that electromagnetic signals emanating from IoT devices can be used as a side-channel to detect various forms of malware targeting embedded systems, even when obfuscation is used to prevent analysis.

Read details: https://thehackernews.com/2022/01/detecting-evasive-malware-on-iot.html

Beware! A new malicious campaign has been discovered that infects victims' computers with "Purple Fox" malware using a trojanized installer of the Telegram messaging app.

Read details: https://thehackernews.com/2022/01/beware-of-fake-telegram-messenger-app.html

Researchers reported a bug in Apple's HomeKit software framework — dubbed "doorLock" — that affects the iOS mobile operating system and can cause devices to crash or reboot.

Read details — https://thehackernews.com/2022/01/researchers-detail-new-homekit-doorlock.html

Researchers have developed a scalable technique (SAILFISH) for detecting state-inconsistency flaws in smart contracts, which has led to the discovery of 47 zero-day vulnerabilities in the Ethereum blockchain.

Details: https://thehackernews.com/2022/01/sailfish-system-to-find-state.html

In a recent supply-chain cyberattack, over 100 Real Estate websites were targeted with a web-skimming malware that exploited a cloud video hosting service.

Read details: https://thehackernews.com/2022/01/hackers-target-real-estate-websites.html

A new Zloader banking trojan campaign is now exploiting the Microsoft Signature Verification system to evade detection and steal cookies, passwords and other sensitive data.

Read details - https://thehackernews.com/2022/01/new-zloader-banking-malware-campaign.html

It already has over 2,000 victims in 111 countries.

Cybersecurity researchers have uncovered an organized financial-theft operation in which a discrete hacking group — codenamed "Elephant Beetle" — penetrates transaction processing systems and steals money.

Read details: https://thehackernews.com/2022/01/researchers-uncover-hacker-group-behind.html

Malware attackers could use this new "NoReboot" trick to secretly spy on users by faking an iPhone shutdown, making it impossible to physically determine whether or not an iPhone is powered off.

Read details: https://thehackernews.com/2022/01/new-trick-could-let-malware-fake-iphone.html

North Korean cyberespionage group 'Konni' has been linked to a series of targeted attacks on the Ministry of Foreign Affairs of the Russian Federation, using New Year's Eve decoys to compromise Windows systems with malware.

Read details: https://thehackernews.com/2022/01/north-korean-hackers-start-new-year.html

French data protection watchdog has fined Facebook and Google 150 million and 60 million euros, respectively, for violating EU privacy laws by not giving their users an easy option to opt-out of cookie tracking technology.

Read details: https://thehackernews.com/2022/01/france-fines-google-facebook-210.html

Researchers have found a new Log4Shell-like critical RCE vulnerability (CVE-2021-42392) in the H2 Database Console, an in-memory, open-source, and widely used embedded database system.

Read details: https://thehackernews.com/2022/01/log4shell-like-critical-rce-flaw.html

U.K. National Health Service (NHS) has warned that attackers are actively exploiting Log4Shell vulnerabilities in unpatched VMware Horizon servers to drop malicious web shells and establish persistence on affected networks for follow-on attacks.

Detail: https://thehackernews.com/2022/01/nhs-warns-of-hackers-targeting-log4j.html

Facebook has launched a new “Privacy Center” to educate users about five common privacy topics — sharing, security, data collection, data use and ads.

Read: https://thehackernews.com/2022/01/facebook-launches-privacy-center-to.html

BADNEWS! 'Patchwork' APT group fell victim to its own spying malware, revealing the tactics, procedures, and techniques used by an Indian hacker group.

Read details: https://thehackernews.com/2022/01/badnews-patchwork-apt-hackers-score-own.html

Researchers have found links between an emerging DDoS botnet named "Abcbot" and the Xanthe cryptocurrency-mining malware attacks.

Read: https://thehackernews.com/2022/01/abcbot-botnet-linked-to-operators-of.html

Europol ordered to delete a vast trove of personal data the agency obtained on individuals with no proven ties to criminal activity.

Read details: https://thehackernews.com/2022/01/europol-ordered-to-delete-data-of.html

Microsoft has revealed details of a new macOS "powerdir" vulnerability (CVE-2021-30970) that could allow attackers to gain access to user data.

Read details: https://thehackernews.com/2022/01/microsoft-details-macos-bug-that-could.html