Nation-state hackers are targeting companies responsible for storing and distributing the COVIDー19 vaccine.

Read more: https://thehackernews.com/2020/12/hackers-targeting-companies-involved-in.html

Payment Card Skimmer Group FakeSecurity Spotted Using Raccoon Info-Stealer Malware to Siphon Off Private Data.

Read details: https://thehackernews.com/2020/12/payment-card-skimmer-group-using.html

Learn how DMARC email protection can stop cybercriminals from sending scam or malicious emails on your organization's behalf.

https://thehackernews.com/2020/12/how-dmarc-can-stop-criminals-sending.html

Researchers unveiled previously undisclosed capabilities of an Android spyware implant developed by a sanctioned Iranian threat actor that could let attackers spy on private chats from popular instant messaging apps, force Wi-Fi connections, and auto-answer calls from specific numbers for purposes of eavesdropping on conversations.

https://thehackernews.com/2020/12/iranian-rana-android-malware-also-spies.html

The National Security Agency (NSA) warns Russian hackers are exploiting recently disclosed VMware vulnerability (CVE-2020-4006) to breach corporate networks.

Read more: https://thehackernews.com/2020/12/nsa-warns-russian-hacker-exploiting.html

Companies and government agencies are advised to patch it as soon as possible.

WARNING: A zero-click wormable RCE vulnerability has been reported in Microsoft Teams software, allowing attackers to compromise a victim's system by merely sending a specially-crafted chat message.

Read: https://thehackernews.com/2020/12/zero-click-wormable-rce-vulnerability.html

Widely used DSR family of D-Link VPN routers found vulnerable to 3 new high-risk vulnerabilities, potentially leaving hundreds of thousands of networks open to remote attacks—even if they’re secured with a strong password.

Read details: https://thehackernews.com/2020/12/warning-critical-remote-hacking-flaws.html

Dec 2020 Patch Tuesday — Microsoft releases Windows Updates to fix a total of 58 newly discovered security vulnerabilities, effectively bringing their CVE total to 1250 for the year.

Details: https://thehackernews.com/2020/12/microsoft-releases-windows-update-dec.html

🔥 FireEye—one of the largest cybersecurity companies—got hacked; the company says state-sponsored hackers stole its arsenal of Red Team penetration testing tools.

Read details: https://thehackernews.com/2020/12/cybersecurity-firm-fireeye-got-hacked.html

Experts disclose 33 new vulnerabilities in widely-used embedded TCP/IP stacks impacting millions of IoT devices from at least 158 vendors—ranging from networking equipment and medical devices to industrial control systems.

https://thehackernews.com/2020/12/amnesia33-critical-tcpip-flaws-affect.html

Russian APT28 hackers spotted leveraging COVID-19 as phishing lures to deliver the Go version of Zebrocy (or Zekapab) malware.

Details: https://thehackernews.com/2020/12/russian-apt28-hackers-using-covid-19-as.html

The U.S. Federal Trade Commission (FTC) and 48 states are suing Facebook for allegedly breaking antitrust laws for illegal monopolization and neutralizing competitors using Instagram and WhatsApp.

https://thehackernews.com/2020/12/48-us-states-and-ftc-are-suing-facebook.html

Multiple critical flaws in a core networking library powering Valve's Steam online gaming platform could have allowed malicious gamers to hijack game servers remotely.

Read details: https://thehackernews.com/2020/12/valves-steam-server-bugs-couldve-let.html

Facebook tracks two hacking groups—APT32 to an IT company in Vietnam and a Bangladesh group to two non-profit organizations in the country—and blocked their malicious activities on its social media platform.

Details: https://thehackernews.com/2020/12/facebook-tracks-apt32-oceanlotus.html

Watch Out!!! Microsoft warns of nasty malware, dubbed "Adrozek," that's targeting all major web browsers—including Google Chrome, Mozilla Firefox, Microsoft Edge, Yandex Browser—to hijack search engine results pages for malicious intent.

https://thehackernews.com/2020/12/watch-out-adrozek-malware-hijacking.html

Mount Locker ransomware—file-encrypting and data-stealing malware behind a series of breaches on corporate networks—has developed new capabilities, including to allow its ransomware-as-a-service affiliates to launch double extortion attacks.

Details: https://thehackernews.com/2020/12/mount-locker-ransomware-offering-double.html

⚠️URGENT⚠️

Hackers exploit a supply-chain backdoor in SolarWinds enterprise monitoring software to breach US Treasury, Commerce Department, other government agencies, and cybersecurity firm FireEye.

Details: https://thehackernews.com/2020/12/us-agencies-and-fireeye-were-hacked.html

Researchers release a huge dataset of 20 million #malware samples, which also contains metadata, labels, and features, aiming to help research for Machine Learning based malware detection.

Learn more about SOREL-20M here: https://thehackernews.com/2020/12/sorel-20m-huge-dataset-of-20-million.html

🔥 AIR-FI: Researcher demonstrates how hackers can exfiltrate data from air-gapped computers via Wi-Fi signals as a covert channel—interestingly, using DDR SDRAM and without requiring Wi-Fi hardware on a targeted system.

Details: https://thehackernews.com/2020/12/exfiltrating-data-from-air-gapped.html

Nearly 18,000 customers of SolarWinds may have installed the backdoored version of the software, including government agencies, the company disclosed in an SEC filing.

Read details: https://thehackernews.com/2020/12/nearly-18000-solarwinds-customers.html