A 12-year-old vulnerability (CVE-2021-4034) has been discovered in the Polkit utility that could allow unprivileged attackers to gain root access to targeted Linux systems.

Details: https://thehackernews.com/2022/01/12-year-old-polkit-flaw-lets.html

Google abandons FLoC, its controversial plan to replace 3rd-party cookies, in favor of a new Privacy Sandbox proposal called "Topics API" that categorizes users' browsing habits into about 350 topics for online ads.

Read details: https://thehackernews.com/2022/01/google-drops-floc-and-introduces-topics.html

Researchers link an initial access broker (tracked as "Prophet Spider") to recent Log4Shell attacks on unpatched VMware Horizon servers.

Read details: https://thehackernews.com/2022/01/initial-access-broker-involved-in.html

Apple releases iOS 15.3 and macOS Monterey 12.2 with a fix for Safari's privacy-defeating bug as well as a patch for an actively exploited zero-day vulnerability.

Read details: https://thehackernews.com/2022/01/apple-releases-ios-and-ipados-updates.html

Hackers have been spotted using a new evasion technique for spreading the AsyncRAT Trojan as part of a sophisticated malware campaign.

https://thehackernews.com/2022/01/hackers-using-new-evasive-technique-to.html

Researchers warn of widespread malware campaigns spreading FluBot and TeaBot trojans to Android devices.

Read: https://thehackernews.com/2022/01/widespread-flubot-and-teabot-malware.html

Hackers compromise hundreds of WordPress websites to distribute Chaes banking trojan that hijacks victims' Chrome browsers with malicious extensions.

https://thehackernews.com/2022/01/chaes-banking-trojan-hijacks-chrome.html

QNAP warns of DeadBolt ransomware targeting Internet-facing network-attached storage (NAS) appliances and routers.

Read: https://thehackernews.com/2022/01/qnap-warns-of-deadbolt-ransomware.html

Microsoft fended off a record-breaking DDoS attack that hit Azure customers at a peak of 3.47 terabits per second, and two others that topped 2.4 terabits per second.

Read details: https://thehackernews.com/2022/01/microsoft-mitigated-record-breaking-347.html

North Korean hackers are back with a stealthier version of their KONNI RAT malware.

Read details: https://thehackernews.com/2022/01/north-korean-hackers-return-with.html

North Korean hackers from the Lazarus group are using Windows Update Service to infect computers with malware and GitHub as a command-and-control server.

Read details: https://thehackernews.com/2022/01/north-korean-hackers-using-windows.html

Microsoft warns of a large-scale, multi-stage phishing campaign that uses stolen credentials to register rouge devices on a victim's network to further propagate spam emails and increase the infection pool.

Read details: https://thehackernews.com/2022/01/hackers-using-device-registration-trick.html

DeepDotWeb news site operator has been sentenced to 8 years in prison for money laundering and advertising illegal darknet marketplaces.

Details: https://thehackernews.com/2022/01/deepdotweb-news-site-operator-sentenced.html

Apple pays a $100,500 bug bounty to a hacker who found a way to remotely hack the MacBook's webcam.

Read details: https://thehackernews.com/2022/01/apple-pays-100500-bounty-to-hacker-who.html

Researchers have found a way to use natural silk fibers from domesticated silkworms as a Physical Unclonable Function (PUF) to generate secure and unique identifiers for strong authentication (e.g., cryptographic keys).

Read details: https://thehackernews.com/2022/01/researchers-use-natural-silk-fibers-to.html

German court rules that websites embedding fonts from Google servers violate GDPR, and must pay €100 in damages for passing a user's personal data — i.e. IP address — to Google without consent.

Read details: https://thehackernews.com/2022/01/german-court-rules-websites-embedding.html

Researchers have demonstrated a new type of fingerprinting technique — DrawnApart — that exploits a machine's graphics processing unit (GPU) as a means to track users across the Internet.

Read details: https://thehackernews.com/2022/01/your-graphics-card-fingerprint-can-be.html

🔥 A newly discovered vulnerability (CVE-2021-44142 / CVSS 9.9) affecting all versions of Samba could allow remote attackers to execute arbitrary code with root privileges on affected installations.

Details: https://thehackernews.com/2022/01/new-samba-bug-allows-remote-attackers.html

Researchers have uncovered details of a new malware campaign targeting private companies and government entities in Turkey with malicious PDFs, XLS files, and Windows executables.

Read details: https://thehackernews.com/2022/01/researchers-uncover-new-iranian-hacking.html

Ukraine continues to face cyber-espionage attacks from Russian hackers.

https://thehackernews.com/2022/02/ukraine-continues-to-face-cyber.html