Two critical flaws — CVSS score 10 — affect several models of Dell Wyse Thin Client devices, allowing attackers to remotely run malicious code and access arbitrary files.

Details: https://thehackernews.com/2020/12/two-critical-flaws-cvss-score-10-affect.html

CVE-2020-29491
CVE-2020-29492

Microsoft finds additional malware in #SolarWinds software, suggesting that a second hacker group may have also breached the IT company.



Read details: https://thehackernews.com/2020/12/a-second-hacker-group-may-have-also.html

International law enforcement agencies take down cybercriminals' favorite Bulletproof VPN service that was used to facilitate ransomware, web-skimming, spear-phishing, and account takeover attacks.

Read: https://thehackernews.com/2020/12/cybercriminals-favorite-bulletproof-vpn.html

A new set of critical vulnerabilities in the low-level Treck TCP/IP software library affect millions of IoT devices, allowing remote attackers to run arbitrary commands and mount denial-of-service (DoS) attacks.

Read details: https://thehackernews.com/2020/12/new-critical-flaws-in-treck-tcpip-stack.html

The FBI and Interpol have allegedly seized servers belonging to Joker's Stash, a notorious fraud bazaar known for selling compromised payment card data in underground forums.

Read: https://thehackernews.com/2020/12/law-enforcement-seizes-jokers-stash.html

North Korean Lazarus hacking group targets pharmaceutical companies and government ministries in an attempt to steal the ongoing #COVID19 vaccine research to speed up their country's vaccine development by any means available.



Read more: https://thehackernews.com/2020/12/north-korean-hackers-trying-to-steal.html

Google hackers disclose exploit for an UNPATCHED Windows vulnerability (CVE-2020-0986) that was exploited as 0-day in the wild, for which Microsoft issued an incomplete patch and then failed to patch it again under the 90-day deadline.

Read — https://thehackernews.com/2020/12/google-discloses-poorly-patched-now.html

🔥 WARNING — Hackers are abusing a weakness in Citrix NetScaler devices to launch amplified 🚀 DDoS attacks against several targets.

Read details ➤ https://thehackernews.com/2020/12/citrix-adc-ddos-attack.html

Affected Citrix customers can temporarily disable DTLS to stop the attack.

Microsoft warns of hackers attempting to target Azure cloud customers via 3rd-party partners/resellers.

https://thehackernews.com/2020/12/microsoft-warns-crowdstrike-of-hackers.html

CrowdStrike & CISA released 2 tools to help users review excessive permissions & detect compromised accounts/apps in AD or Office 365 environments.

🎄🎅🎁 Merry Christmas ! Wishing everyone a safe and happy holiday season.

In a nationwide cyber crackdown, UK police arrest 21 customers of the now-defunct 'WeLeakInfo' website who allegedly bought breached personal data for criminal activities.

Read more: https://thehackernews.com/2020/12/police-arrest-21-weleakinfo-customers.html

IMPORTANT: Patch it ASAP!

A newly spotted SolarWinds Orion API authentication bypass flaw allows remote attackers to execute commands and was likely also exploited as 0-day to install the 2nd backdoor 'SUPERNOVA.'

Details: https://thehackernews.com/2020/12/a-new-solarwinds-flaw-likely-had-let.html

Watch Out! Hackers are distributing a new credential stealer malware written in AutoHotkey (AHK) scripting language that aims to steal passwords from customers of financial institutions in the US and Canada, as well as for India's ICICI Bank.

https://thehackernews.com/2020/12/autohotkey-based-password-stealer.html

A security vulnerability in #Google Docs could have let attackers get screenshots of your documents saved in the clouds, exposing private information.

Read details: https://thehackernews.com/2020/12/a-google-docs-bug-could-have-allowed.html

WARNING: A Secret Hard-Coded Backdoor Account Found in Some Zyxel Firewall, VPN Products

Read details: https://thehackernews.com/2021/01/secret-backdoor-account-found-in.html

Ticketmaster to pay $10 million fine for illegally accessing computer systems of a competitor repeatedly in an attempt to "cut [its rival] off at the knees."



Read: https://thehackernews.com/2021/01/ticketmaster-to-pay-10-million-fine-for.html

🔥 BREAKING: British court has rejected the U.S. government's request to extradite Wikileaks founder Julian Assange on charges pertaining to illegally obtaining & sharing classified material related to national security.

https://thehackernews.com/2021/01/british-court-rejects-us-request-to.html

Google's Own Speech-to-Text API Can Help Attackers Easily Bypass Google reCAPTCHA Security Plugin — With 97% Accuracy.

Read Details: https://thehackernews.com/2021/01/google-speech-to-text-api-can-help.html

Cyberattacks targeting healthcare organizations have spiked by 45% since November 2020 as COVID19 cases continue to increase globally.

Read: https://thehackernews.com/2021/01/healthcare-industry-witnessed-45-spike.html

WATCH OUT!!!

A widespread Electron and Golang-based cross-platform RAT malware is targeting cryptocurrency users with 'undetected' trojanized apps for Windows, Linux, and macOS systems.

Details: https://thehackernews.com/2021/01/warning-cross-platform-electrorat.html