Microsoft has issued a warning about the Zerobot Go-based botnet malware, which is constantly evolving and has recently gained some new exploits and capabilities to attack IoT devices and web applications.

Read: https://thehackernews.com/2022/12/zerobot-botnet-emerges-as-growing.html

Researchers have identified two security vulnerabilities in the Ghost blogging platform, one of which allows hackers to gain higher privileges by sending malicious HTTP requests.

Read: https://thehackernews.com/2022/12/two-new-security-flaws-reported-in.html

⚡ A new detailed analysis of FIN7 cybercrime syndicate has revealed its organizational hierarchy and role as a partner in various ransomware attacks, including DarkSide, REvil, and LockBit.

Read details: https://thehackernews.com/2022/12/fin7-cybercrime-syndicate-emerges-as.html

The August 2022 security breach at popular password management service LastPass was worse than originally reported, with hackers obtained a trove of personal data, including encrypted password vaults.

Read: https://thehackernews.com/2022/12/lastpass-admits-to-severe-data-breach.html

French privacy watchdog fines Microsoft Ireland €60 million for placing advertising cookies on users' computers without explicit consent.

Read: https://thehackernews.com/2022/12/france-fines-microsoft-60-million-for.html

Vice Society ransomware group has switched to a new custom payload called 'PolyVice" that uses robust encryption with NTRUEncrypt and ChaCha20-Poly1305.

Read: https://thehackernews.com/2022/12/vice-society-ransomware-attackers-adopt.html

Researchers have uncovered a new phishing campaign targeting the Kavach two-factor authentication solution used by Indian government officials.

Read details: https://thehackernews.com/2022/12/researchers-warn-of-kavach-2fa-phishing.html

FrodoPIR — A new privacy-focused system that allows clients to securely query a database without revealing query information to an untrusted server, making it useful for a range of apps, including safe browsing, breached password checks, and more.

https://thehackernews.com/2022/12/frodopir-new-privacy-focused-database.html

Cybercriminals are distributing info-stealing malware to developers through Python Package Index (PyPI). These malware variants, such as ANGEL and Celestial Stealer, are based on W4SP Stealer.

Read: https://thehackernews.com/2022/12/w4sp-stealer-discovered-in-multiple.html

Alert! PrivateLoader, a pay-per-install malware downloader service, is being used to distribute the information-stealing malware known as RisePro.

Read: https://thehackernews.com/2022/12/privateloader-ppi-service-found.html

GuLoader malware has upped its game, using advanced tactics to bypass security software.

Researchers have uncovered a 3-stage process where VBScript delivers shellcode within itself while performing anti-analysis checks.

Read: https://thehackernews.com/2022/12/guloader-malware-utilizing-new.html

Facebook has reached a settlement of $725 million in a lawsuit over the Cambridge Analytica data leak.

Read: https://thehackernews.com/2022/12/facebook-to-pay-725-million-to-settle.html

Alert! BlueNoroff APT hackers are using new techniques to bypass Windows' Mark of the Web protections, including the use of .ISO and .VHD file formats.

Read: https://thehackernews.com/2022/12/bluenoroff-apt-hackers-using-new-ways.html

Hackers are turning to malicious Excel add-in (.XLL) files as their initial attack vector, in response to Microsoft's decision to block VBA macros by default for Office files downloaded from the Internet .

https://thehackernews.com/2022/12/apt-hackers-turn-to-malicious-excel-add.html

BitKeep, a decentralized multi-chain cryptocurrency wallet, has confirmed a cyberattack that led to the distribution of fraudulent versions of its Android app, resulting in the theft of an estimated $9.9 million worth of digital assets.

https://thehackernews.com/2022/12/bitkeep-confirms-cyber-attack-loses.html

A new malvertising campaign has been discovered that targets people searching for popular #software. This campaign uses Google Ads to spread Trojanized variants that deploy malware, including Raccoon Stealer and Vidar.

Read: https://thehackernews.com/2022/12/new-malvertising-campaign-via-google.html

Thousands of Citrix ADC and Gateway endpoints have not yet been patched for two critical vulnerabilities (CVE-2022-27510 and CVE-2022-27518), leaving several organisations vulnerable to potential cyberattacks.

https://thehackernews.com/2022/12/thousands-of-citrix-servers-still.html

CISA has added two-year-old vulnerabilities in TIBCO Software's JasperReports product to its KEV catalog after discovering evidence of active exploitation by cybercriminals.

Read: https://thehackernews.com/2022/12/cisa-warns-of-active-exploitation-of.html

Google has agreed to pay $29.5 million to settle lawsuits brought by Indiana and Washington, D.C. over its "deceptive" location tracking practices.

Read: https://thehackernews.com/2023/01/google-to-pay-295-million-to-settle.html

A new strain of Linux malware is targeting WordPress sites, taking advantage of vulnerabilities in various plugins and themes to infiltrate and compromise vulnerable systems.

Read: https://thehackernews.com/2023/01/wordpress-security-alert-new-linux.html