In a nationwide cyber crackdown, UK police arrest 21 customers of the now-defunct 'WeLeakInfo' website who allegedly bought breached personal data for criminal activities.

Read more: https://thehackernews.com/2020/12/police-arrest-21-weleakinfo-customers.html

IMPORTANT: Patch it ASAP!

A newly spotted SolarWinds Orion API authentication bypass flaw allows remote attackers to execute commands and was likely also exploited as 0-day to install the 2nd backdoor 'SUPERNOVA.'

Details: https://thehackernews.com/2020/12/a-new-solarwinds-flaw-likely-had-let.html

Watch Out! Hackers are distributing a new credential stealer malware written in AutoHotkey (AHK) scripting language that aims to steal passwords from customers of financial institutions in the US and Canada, as well as for India's ICICI Bank.

https://thehackernews.com/2020/12/autohotkey-based-password-stealer.html

A security vulnerability in #Google Docs could have let attackers get screenshots of your documents saved in the clouds, exposing private information.

Read details: https://thehackernews.com/2020/12/a-google-docs-bug-could-have-allowed.html

WARNING: A Secret Hard-Coded Backdoor Account Found in Some Zyxel Firewall, VPN Products

Read details: https://thehackernews.com/2021/01/secret-backdoor-account-found-in.html

Ticketmaster to pay $10 million fine for illegally accessing computer systems of a competitor repeatedly in an attempt to "cut [its rival] off at the knees."



Read: https://thehackernews.com/2021/01/ticketmaster-to-pay-10-million-fine-for.html

🔥 BREAKING: British court has rejected the U.S. government's request to extradite Wikileaks founder Julian Assange on charges pertaining to illegally obtaining & sharing classified material related to national security.

https://thehackernews.com/2021/01/british-court-rejects-us-request-to.html

Google's Own Speech-to-Text API Can Help Attackers Easily Bypass Google reCAPTCHA Security Plugin — With 97% Accuracy.

Read Details: https://thehackernews.com/2021/01/google-speech-to-text-api-can-help.html

Cyberattacks targeting healthcare organizations have spiked by 45% since November 2020 as COVID19 cases continue to increase globally.

Read: https://thehackernews.com/2021/01/healthcare-industry-witnessed-45-spike.html

WATCH OUT!!!

A widespread Electron and Golang-based cross-platform RAT malware is targeting cryptocurrency users with 'undetected' trojanized apps for Windows, Linux, and macOS systems.

Details: https://thehackernews.com/2021/01/warning-cross-platform-electrorat.html

In a joint statement, FBI, CISA, NSA officially blamed the Russian government for orchestrating the massive SolarWinds supply chain cyberattack.

https://thehackernews.com/2021/01/fbi-cisa-nsa-officially-blames-russia.html

WhatsApp updated its Privacy Policy and Terms of Services, making data-sharing with Facebook mandatory for all.

IMPORTANT — You must accept it before February 8; otherwise, your account will be DELETED.

Details: https://thehackernews.com/2021/01/whatsapp-will-delete-your-account-if.html

U.S. Department of Justice admits its Microsoft Office 365 email server was also compromised as part of the SolarWinds supply chain attack.

Read details: https://thehackernews.com/2021/01/solarwinds-hackers-also-accessed-us.html

ALERT: A North Korean hacking group is targeting the South Korean government with a new spear-phishing campaign deploying RokRat Trojan.

Read: https://thehackernews.com/2021/01/alert-north-korean-hackers-targeting.html

🔥 A new side-channel attack (CVE-2021-3011) could let hackers extract your secret 2-factor authentication encryption keys from Google Titan, or other FIDO-enabled hardware security keys, and clone them for unauthorized access.

Read details — https://thehackernews.com/2021/01/new-attack-could-let-hackers-clone-your.html

Russian hacker 'Andrei Tyurin' gets 12-years of prison for the massive J.P. Morgan Chase hack & stealing a trove of personal information from several other financial institutions, brokerage firms, and financial news publishers.

Read: https://thehackernews.com/2021/01/russian-hacker-gets-12-years-prison-for.html

Researchers find several similarities and code overlap between the Sunburst backdoor and a previously identified Turla group's Kazuar malware.

Read details: https://thehackernews.com/2021/01/researchers-find-links-between-sunburst.html

The U.S. government has also officially blamed Russian hackers for SolarWinds cyberattack.

—— Unveiled ——

Researchers finally discovered how SUNBURST backdoor was inserted into the SolarWinds software.

Hackers used a 3rd malware strain, dubbed 'SUNSPOT,' that was deployed into the Orion platform's build environment.

Read details: https://thehackernews.com/2021/01/unveiled-sunspot-malware-was-used-to.html

Cybersecurity experts sound alarm on a new Android spyware sold on hacking forums—marketed by a 25-year-old #Indian vendor.

https://thehackernews.com/2021/01/experts-sound-alarm-on-new-android.html

It can exfiltrate photos, locations, contacts & messages from popular apps such as Facebook, Instagram, WhatsApp, Telegram.

Warning — Researchers took the wraps off a new spyware operation targeting users in Pakistan that leverages trojanized versions of legitimate Android apps to carry out covert surveillance and espionage.

Read: https://thehackernews.com/2021/01/warning-5-new-trojanized-android-apps.html