Hackers are turning to malicious Excel add-in (.XLL) files as their initial attack vector, in response to Microsoft's decision to block VBA macros by default for Office files downloaded from the Internet .

https://thehackernews.com/2022/12/apt-hackers-turn-to-malicious-excel-add.html

BitKeep, a decentralized multi-chain cryptocurrency wallet, has confirmed a cyberattack that led to the distribution of fraudulent versions of its Android app, resulting in the theft of an estimated $9.9 million worth of digital assets.

https://thehackernews.com/2022/12/bitkeep-confirms-cyber-attack-loses.html

A new malvertising campaign has been discovered that targets people searching for popular #software. This campaign uses Google Ads to spread Trojanized variants that deploy malware, including Raccoon Stealer and Vidar.

Read: https://thehackernews.com/2022/12/new-malvertising-campaign-via-google.html

Thousands of Citrix ADC and Gateway endpoints have not yet been patched for two critical vulnerabilities (CVE-2022-27510 and CVE-2022-27518), leaving several organisations vulnerable to potential cyberattacks.

https://thehackernews.com/2022/12/thousands-of-citrix-servers-still.html

CISA has added two-year-old vulnerabilities in TIBCO Software's JasperReports product to its KEV catalog after discovering evidence of active exploitation by cybercriminals.

Read: https://thehackernews.com/2022/12/cisa-warns-of-active-exploitation-of.html

Google has agreed to pay $29.5 million to settle lawsuits brought by Indiana and Washington, D.C. over its "deceptive" location tracking practices.

Read: https://thehackernews.com/2023/01/google-to-pay-295-million-to-settle.html

A new strain of Linux malware is targeting WordPress sites, taking advantage of vulnerabilities in various plugins and themes to infiltrate and compromise vulnerable systems.

Read: https://thehackernews.com/2023/01/wordpress-security-alert-new-linux.html

PyTorch, a machine learning framework project, fell victim to a supply chain attack between Dec. 25 and Dec.30, 2022, involving a malicious dependency that affected users who downloaded the affected versions.

Read: https://thehackernews.com/2023/01/pytorch-machine-learning-framework.html

Chinese international students in the U.K. have been facing persistent scams for over a year by Chinese-speaking fraudsters belonging to a group called RedZei (also known as RedThief).

Read: https://thehackernews.com/2023/01/redzei-chinese-scammers-targeting.html

Raspberry Robin worm is targeting financial and insurance sectors in Europe, and has evolved its post-exploitation capabilities to resist analysis and collect more data from infected computers.

Read: https://thehackernews.com/2023/01/raspberry-robin-worm-evolves-to-attack.html

Attention: A new malware campaign has been detected using sensitive information stolen from a bank to trick people into downloading a remote access trojan called BitRAT.

Read: https://thehackernews.com/2023/01/hackers-using-stolen-bank-information.html

Synology has released security updates to address a critical RCE vulnerability (CVE-2022-43931) impacting VPN Plus Server that could be exploited to take over affected systems.

Read: https://thehackernews.com/2023/01/synology-releases-patch-for-critical.html

Attention Linux users! There is a new malware that has been created using the Shell Script Compiler (shc) and it is deploying a cryptocurrency miner on infected systems.

Read: https://thehackernews.com/2023/01/new-shc-based-linux-malware-targeting.html

Irish regulators have fined Meta a hefty $414 million for violating data protection laws by forcing Facebook and Instagram users to accept targeted ads.

Read: https://thehackernews.com/2023/01/irish-regulators-fine-facebook-414.html

Fortinet has identified a high-severity flaw in multiple versions of FortiADC.

Zoho also warns of an SQLi vulnerability affecting Access Manager Plus, PAM360 and Password Manager Pro.

Read details: https://thehackernews.com/2023/01/fortinet-and-zoho-urge-customers-to.html

Don't let Vidar malware take control of your device.

This sneaky stealer now uses throwaway accounts on social media platforms to retrieve the address of its C2 servers and steal information from compromised hosts.

Details: https://thehackernews.com/2023/01/the-evolving-tactics-of-vidar-stealer.html

A new feature-rich version of SpyNote Android spyware has been detected targeting financial institutions, including HSBC UK, Deutsche Bank, Kotak Mahindra Bank and Nubank.

Read: https://thehackernews.com/2023/01/spynote-strikes-again-android-spyware.html

Alert: Bluebottle cybercrime group linked to targeted attacks on financial sector in French-speaking African countries.

Read: https://thehackernews.com/2023/01/bluebottle-cybercrime-group-preys-on.html

Symantec reports the group uses living-off-the-land & dual use tools, with no custom malware.

Alert: Financially motivated threat actor "Blind Eagle" has resurfaced with new tools and infection chain targeting organizations in Colombia and Ecuador.

Read: https://thehackernews.com/2023/01/blind-eagle-hackers-return-with-refined.html

Stay connected no matter what!

WhatsApp has announced support for proxy servers on Android and iOS, allowing users to bypass censorship and Internet shutdowns.

Read: https://thehackernews.com/2023/01/whatsapp-introduces-proxy-support-to.html