A new two-factor authentication (2FA) bypass flaw reported in cPanel and WHM—popular web hosting administrative software.

Details: https://thehackernews.com/2020/11/2-factor-authentication-bypass-flaw.html

Interpol arrests 3 Nigerian BEC scammers for compromising over 500,000 government and private sector companies in more than 150 countries.

Read details: https://thehackernews.com/2020/11/interpol-arrest-3-nigerian-bec-scammers.html

A new version of digitally-signed Bandook Trojan spotted in the wild, once again aiming at high-value targets across multiple sectors, including government, financial, energy, food industry, healthcare, education, IT, and legal institutions.

https://thehackernews.com/2020/11/digitally-signed-bandook-malware-once.html

Limited Time DEAL 🔥

Become a White Hat Hacker — Get 10 Top-Rated Courses at 97% OFF

Details: https://thehackernews.com/2020/11/become-white-hat-hacker-get-10-top.html

Indian national gets 20 years in the United States prison for operating fake Call Centers that defrauded U.S. victims out of MILLIONS of dollars.

Read details: https://thehackernews.com/2020/11/indian-national-gets-20-year-jail-in.html

He is also ordered to pay restitution of $8,970,396 to identified victims.

Microsoft spotted nation-state hackers leveraging cryptocurrency miners to stay under the radar and hide their cyber-espionage activities against private and government institutions in #France and Vietnam.

Details: https://thehackernews.com/2020/12/nation-state-hackers-caught-hiding.html

Interestingly, GO SMS Pro messaging app developers tried quietly fixing publicly disclosed #vulnerability with incomplete patches and yet again failed to protect millions of its users' sensitive data.

Details: https://thehackernews.com/2020/12/incomplete-go-sms-pro-patch-left.html

🔥 Google researcher demonstrates zer0-click Wi-Fi-based "wormable" iOS bug (CVE-2020-9844) that could have let remote attackers gain complete control over targeted iPhones.

https://thehackernews.com/2020/12/google-hacker-details-zero-click.html

⚠️ WARNING: Multiple botnet malware have been found exploiting a critical Oracle WebLogic bug to deploy crypto miners on thousands of unpatched servers, as well as stealing sensitive data.

Read — https://thehackernews.com/2020/12/multiple-botnets-exploiting-critical.html

Researchers today took the wraps off a previously undocumented Russian APT Turla backdoor, dubbed "Crutch," that was deployed against governments, embassies, and military targets from 2015 to early 2020.

Read details: https://thehackernews.com/2020/12/experts-uncover-crutch-russian-malware.html

🔥 ALERT 🔥

Several popular Android apps—including OkCupid, Cisco Teams, Microsoft Edge—haven't yet patched a high-severity in Android's Play Core library, leaving hundreds of millions of users at risk of hacking.

Read details: https://thehackernews.com/2020/12/several-unpatched-popular-android-apps.html

⚠️ WATCH OUT!

Notorious TrickBot computer virus gets a new UEFI/BIOS bootkit functionality to hide and maintain firmware-level persistence on infected machines.

Read details — https://thehackernews.com/2020/12/trickbot-malware-gets-uefibios-bootkit.html

DeathStalker hacker-for-hire group found using a new in-memory Windows malware in operations against targets in Asia, Europe, and the US.

Read more: https://thehackernews.com/2020/12/hackers-for-hire-group-develops-new.html

Nation-state hackers are targeting companies responsible for storing and distributing the COVIDー19 vaccine.

Read more: https://thehackernews.com/2020/12/hackers-targeting-companies-involved-in.html

Payment Card Skimmer Group FakeSecurity Spotted Using Raccoon Info-Stealer Malware to Siphon Off Private Data.

Read details: https://thehackernews.com/2020/12/payment-card-skimmer-group-using.html

Learn how DMARC email protection can stop cybercriminals from sending scam or malicious emails on your organization's behalf.

https://thehackernews.com/2020/12/how-dmarc-can-stop-criminals-sending.html

Researchers unveiled previously undisclosed capabilities of an Android spyware implant developed by a sanctioned Iranian threat actor that could let attackers spy on private chats from popular instant messaging apps, force Wi-Fi connections, and auto-answer calls from specific numbers for purposes of eavesdropping on conversations.

https://thehackernews.com/2020/12/iranian-rana-android-malware-also-spies.html

The National Security Agency (NSA) warns Russian hackers are exploiting recently disclosed VMware vulnerability (CVE-2020-4006) to breach corporate networks.

Read more: https://thehackernews.com/2020/12/nsa-warns-russian-hacker-exploiting.html

Companies and government agencies are advised to patch it as soon as possible.

WARNING: A zero-click wormable RCE vulnerability has been reported in Microsoft Teams software, allowing attackers to compromise a victim's system by merely sending a specially-crafted chat message.

Read: https://thehackernews.com/2020/12/zero-click-wormable-rce-vulnerability.html

Widely used DSR family of D-Link VPN routers found vulnerable to 3 new high-risk vulnerabilities, potentially leaving hundreds of thousands of networks open to remote attacks—even if they’re secured with a strong password.

Read details: https://thehackernews.com/2020/12/warning-critical-remote-hacking-flaws.html