Russian hackers are heavily leveraging malicious Traffic Direction System (TSD) to spread several malware families, including Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish.

Read details: https://thehackernews.com/2022/01/russian-hackers-heavily-using-malicious.html

Microsoft has detected hackers exploiting a new zero-day vulnerability (CVE-2021-35247) in SolarWinds Serv-U software related to Log4j attacks.

Read: https://thehackernews.com/2022/01/microsoft-hackers-exploiting-new.html

Serv-U version 15.3 has been released to patch the issue.

Researchers warn of a new #malware specializes in gaining access to cryptocurrency wallets (Exodus, Ethereum, Bitcoin, Litecoin wallets) by exfiltrating content, passwords stored in the browser, and passphrases captured from the clipboard.

https://thehackernews.com/2022/01/new-bhunt-password-stealer-malware.html

Researchers reveal details about recent cyberattacks carried out by the Donot Hacking Team against government and military entities in South Asia.

https://thehackernews.com/2022/01/donot-hacking-team-targeting-government.html

An INTERPOL-led operation has led to the arrest of 11 members of a Nigerian cybercrime gang linked to Business Email Compromise (BEC) attacks targeting more than 50,000 victims in recent years.

Read: https://thehackernews.com/2022/01/interpol-busted-11-members-of-nigerian.html

Cisco has released a security patch for a critical vulnerability (CVE-2022-20649) affecting RCM for Cisco StarOS that could be weaponized by an unauthenticated remote attacker to execute arbitrary code & take over vulnerable machines.

Details: https://thehackernews.com/2022/01/cisco-issues-patch-for-critical-rce.html

U.S. has imposed sanctions on 4 current and former Ukrainian government officials for their involvement in a Russian-directed campaign to destabilize Ukraine.

Read details: https://thehackernews.com/2022/01/us-sanctions-4-ukrainians-for-working.html

Chinese APT41 hackers spotted using a previously undocumented "MoonBounce" firmware implant to maintain stealthy persistence during targeted cyber espionage campaigns.

Read details: https://thehackernews.com/2022/01/chinese-hackers-spotted-using-new-uefi.html

Researchers disclose two critical vulnerabilities in Control Web Panel—previously known as CentOS Web—that could be exploited as part of an exploit chain to achieve pre-authenticated RCE on affected Linux servers.

https://thehackernews.com/2022/01/critical-bugs-in-control-web-panel.html

Yet another supply-chain attack...

Hackers implanted a secret backdoor into nearly 40 themes and 53 plugins for WordPress websites developed by AccessPress.

Details: https://thehackernews.com/2022/01/hackers-planted-secret-backdoor-in.html

Cyberespionage group Molerats uses legitimate cloud services like Google Drive and Dropbox to host malware payloads, run C&C, and exfiltrate data from targets in the Middle East.

Read: https://thehackernews.com/2022/01/molerats-hackers-hiding-new-espionage.html

Latest analysis of the WhisperGate wiper malware, which attacked dozens of Ukrainian agencies earlier this month, has revealed "strategic similarities" with the NotPetya attack that hit the country in 2017.

Read: https://thehackernews.com/2022/01/experts-find-strategic-similarities-bw.html

A new high-severity vulnerability (CVE-2022-21658) in Rust programming could allow an attacker to trick a privileged program into deleting files and directories that he or she could not otherwise access or delete.

Read: https://thehackernews.com/2022/01/high-severity-rust-programming-bug.html

A new Emotet malware campaign has been observed using "unconventional" IP address formats for the first time in a bid to sidestep detection by security solutions.

Read details: https://thehackernews.com/2022/01/emotet-now-using-unconventional-ip.html

Hackers are creating fraudulent crypto tokens to trick victims into buying the tokens, and then abusing misconfigurations in smart contracts to steal funds as part of the rug pull scam.

Read details: https://thehackernews.com/2022/01/hackers-creating-fraudulent-crypto.html

A previously undocumented malware packer named DTPacker has been observed distributing multiple RATs and information stealers such as Agent Tesla, Ave Maria, AsyncRAT, and FormBook.

Read details: https://thehackernews.com/2022/01/hackers-using-new-malware-packer.htm

Android banking malware BRATA has been updated with new features that grants it the ability to track device locations and even perform a factory reset in an apparent bid to cover up fraudulent wire transfers.

Read: https://thehackernews.com/2022/01/mobile-banking-trojan-brata-gains-new.html

Researchers discover that TrickBot malware now uses new techniques to evade web injection attacks.

Read: https://thehackernews.com/2022/01/trickbot-malware-using-new-techniques.html

Researchers uncover a new espionage campaign in which attackers are exploiting a critical MSHTML vulnerability to target high-level government officials and defense industry figures in West Asia.

Read details: https://thehackernews.com/2022/01/hackers-exploited-mshtml-flaw-to-spy-on.html

A 12-year-old vulnerability (CVE-2021-4034) has been discovered in the Polkit utility that could allow unprivileged attackers to gain root access to targeted Linux systems.

Details: https://thehackernews.com/2022/01/12-year-old-polkit-flaw-lets.html