Apple releases the latest iOS and iPadOS 15.2.1 updates to patch a vulnerability found in HomeKit that allows DoS attacks.

Details: https://thehackernews.com/2022/01/apple-releases-iphone-and-ipad-updates.html

Iranian nation-state hackers exploiting the Log4j vulnerability to deploy a new PowerShell-based framework—dubbed "CharmPower"—designed to establish persistence, gather information, and execute commands.

Read details — https://thehackernews.com/2022/01/iranian-hackers-exploit-log4j.html

Researchers have decoded the mechanism by which the versatile Qakbot banking trojan handles the insertion of encrypted configuration data into the Windows Registry.

Read: https://thehackernews.com/2022/01/researchers-decrypted-qakbot-banking.html

GootLoader malware campaign now targets employees of law and accounting firms, indicating the adversary is expanding its focus to other high-value targets.

Details: https://thehackernews.com/2022/01/gootloader-hackers-targeting-employees.html

Cisco releases patch for a new critical vulnerability (CVE-2022-20658 / CVSS 9.6) affecting the Unified CCMP and Unified CCDM that could be weaponized to create rogue Administrator accounts by sending a crafted HTTP request.

Details: https://thehackernews.com/2022/01/cisco-releases-patch-for-critical-bug.html

Ukrainian police have arrested 5 people—including a married couple—linked to a gang that orchestrated ransomware attacks on more than 50 companies in Europe and the United States.

Read details: https://thehackernews.com/2022/01/husband-wife-arrested-in-ukraine-for.html

A British hacker has been sentenced to more than two years in prison for illegally hacking into the phones and computers of a number of victims, including women and children, to spy on them and amass a collection of indecent images.

https://thehackernews.com/2022/01/uk-hacker-jailed-for-spying-on-children.html

North Korean hackers have stolen millions of dollars worth of digital assets from small & medium-sized companies worldwide working with cryptocurrencies and smart contracts, DeFi, Blockchain, and FinTech.

Details: https://thehackernews.com/2022/01/north-korean-hackers-stole-millions.html

A "massive" coordinated cyberattack has taken down several Ukrainian government websites on Friday morning—amid heightened tensions with Russia.

Read: https://thehackernews.com/2022/01/massive-cyber-attack-knocks-down.html

🔥 Russian authorities have arrested members of the REvil ransomware gang responsible for several high-profile cyberattacks — and seized 426 million rubles in cash, $600,000 + €500,000 in cryptocurrency, computers and 20 luxury cars.

Details: https://thehackernews.com/2022/01/russia-arrests-revil-ransomware-gang.html

A new destructive malware—disguised as ransomware—is now targeting Ukrainian government, non-profit organizations and information technology companies amid brewing geopolitical tensions between the country and Russia.

Details: https://thehackernews.com/2022/01/a-new-destructive-malware-targeting.html

A new unpatched flaw in Apple Safari 15's implementation of the IndexedDB API could be exploited by online trackers to fingerprint users and track their online activities across websites.

Details: https://thehackernews.com/2022/01/new-unpatched-apple-safari-browser-bug.html

UniCC, the largest dark web marketplace for stolen credit and debit cards, is shutting down after earning $358 million in sales.

Read: https://thehackernews.com/2022/01/dark-webs-largest-marketplace-for.html

Zoho releases patch for a new authentication bypass vulnerability (CVE-2021-44757) in ManageEngine Desktop Central and Desktop Central MSP that a remote adversary could exploit to perform unauthorized actions in affected servers.

Read: https://thehackernews.com/2022/01/zoho-releases-patch-for-critical-flaw.html

Google Chrome is limiting websites from directly accessing endpoints on private networks as part of upcoming major security updates to prevent browser-based intrusions.

Details: https://thehackernews.com/2022/01/chrome-limits-websites-access-to.html

Hacker group 'Earth Lusca' has been observed attacking high-value targets in government and the private sector worldwide as part of an espionage campaign and an attempt to gain financial gain.

Read: https://thehackernews.com/2022/01/earth-lusca-hackers-aimed-at-high-value.html

Europol shuts down VPNLab, a secure VPN service that was used by a number of cybercriminals to distribute ransomware and facilitate other online crimes.

Details: https://thehackernews.com/2022/01/europol-shuts-down-vpnlab.html

Cybersecurity researchers have disclosed details of a bug in Box's multi-factor authentication (MFA) mechanism that could be abused to completely sidestep SMS-based login verification.

Read: https://thehackernews.com/2022/01/researchers-bypass-sms-based-multi.html

A malware distribution campaign is spreading DDoS IRC bot disguised as adult games through Korean #WebHard platforms.

Read details: https://thehackernews.com/2022/01/ddos-irc-bot-malware-spreading-through.html

Ukraine says recent coordinated cyberattacks on select government systems are part of a larger wave of malicious activity aimed at sabotaging the country's critical infrastructure.

Read: https://thehackernews.com/2022/01/ukraine-recent-cyber-attacks-part-of.html