GitHub is making its secret scanning service available for free to all public repositories and also plans to require 2-factor authentication for "distinct groups of users."

Read: https://thehackernews.com/2022/12/github-announces-free-secret-scanning.html

U.S. cybersecurity agency CISA has added two critical vulnerabilities in Veeam Backup & Replication software to its list of known exploited vulnerabilities, as they are actively being exploited in attacks.

Details: https://thehackernews.com/2022/12/cisa-alert-veeam-backup-and-replication.html

NIST has formally retired the widely used 27-year-old SHA-1 cryptographic algorithm, bringing cryptographic security into the modern age.

Read: https://thehackernews.com/2022/12/goodbye-sha-1-nist-retires-27-year-old.html

Microsoft has identified a cross-platform botnet malware that is targeting private Minecraft servers with DDoS attacks.

Details: https://thehackernews.com/2022/12/minecraft-servers-under-attack.html

Chinese MirrorFace APT hacker group has been blamed for a malicious campaign aimed at Japanese political entities.

Read: https://thehackernews.com/2022/12/researchers-uncover-mirrorface-cyber.html

A former Twitter employee has been sentenced to three and a half years in prison for spying on data about certain individuals and passing it on to the Saudi government.

Read: https://thehackernews.com/2022/12/ex-twitter-employee-gets-35-years-jail.html

Researchers have uncovered a new cyberattack campaign targeting Ukrainian government entities via trojanized Windows 10 operating system installers to perform post-exploitation activities.

Read: https://thehackernews.com/2022/12/trojanized-windows-10-installer-used-in.html

Multiple high-severity vulnerabilities [CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, CVE-2022-45141] have been discovered in Samba software that could potentially allow hackers to gain control of the affected systems.

Read: https://thehackernews.com/2022/12/samba-issues-security-updates-to-patch.html

🔥 Gmail just got a whole lot more secure with Google's new Client-Side Encryption!

With the new feature, emails are encrypted on your end before they are sent, providing an extra layer of protection against cyberattacks and surveillance.

https://thehackernews.com/2022/12/gmail-encryption.html

#privacy #tech

Facebook has taken steps to disrupt accounts and infrastructure operated by spyware vendors from a number of countries, including the United States, China, Russia, Israel, and India, targeting individuals in about 200 countries.

Read: https://thehackernews.com/2022/12/facebook-cracks-down-on-spyware-vendors.html

Agenda ransomware joins the growing list of malware strains written in cross-platform Rust programming language.

Read: https://thehackernews.com/2022/12/new-agenda-ransomware-variant-written.html

Despite Google's efforts to disrupt the blockchain-based Glupteba botnet in the past, the operators resurfaced in June 2022 with a new and more sophisticated malware campaign.

Read: https://thehackernews.com/2022/12/glupteba-botnet-continues-to-thrive.html

A malicious PyPI package pretending to be an SDK for SentinelOne has been discovered, leading to a data theft campaign called SentinelSneak.

Read details: https://thehackernews.com/2022/12/researchers-discover-malicious-pypi.html

New findings suggest that the KmsdBot botnet is potentially acting as a DDoS-for-hire service for cybercriminals.

READ: https://thehackernews.com/2022/12/kmsdbot-botnet-suspected-of-being-used.html

Epic Games, the creator of the popular game Fortnite, has been fined $275 million by FTC for violating children's privacy laws.

READ: https://thehackernews.com/2022/12/ftc-fines-fortnite-maker-epic-games-275.html

It has also been ordered to refund $245 million to customers who were tricked into making accidental purchases.

Microsoft discloses details of a recently reported Gatekeeper bypass vulnerability [CVE-2022-42821] in Apple macOS that could allow attackers to bypass security measures and run malicious applications.

Read details: https://thehackernews.com/2022/12/microsoft-details-gatekeeper-bypass.html

CERT-UA warns of a cyber attack targeting users of the DELTA military system via a compromised email account at the Ministry of Defense, infecting them with information stealing malware.

Read: https://thehackernews.com/2022/12/ukraines-delta-military-system-users.html

Ransomware attackers are using a new exploit called "OWASSRF" to bypass Microsoft's security measures for the Exchange ProxyNotShell remote code execution #vulnerability.

Read: https://thehackernews.com/2022/12/ransomware-hackers-using-new-way-to.html

Researchers warn against the GodFather Android banking trojan that's targeting users of over 400 banking and cryptocurrency apps in 16 countries.

Read: https://thehackernews.com/2022/12/godfather-android-banking-trojan.html

Okta, a renowned provider of identity and access management solutions, recently discovered that some of its source code repositories on GitHub had been compromised earlier in the month.

Read: https://thehackernews.com/2022/12/hackers-breach-oktas-github.html