A security vulnerability in #Google Docs could have let attackers get screenshots of your documents saved in the clouds, exposing private information.

Read details: https://thehackernews.com/2020/12/a-google-docs-bug-could-have-allowed.html

WARNING: A Secret Hard-Coded Backdoor Account Found in Some Zyxel Firewall, VPN Products

Read details: https://thehackernews.com/2021/01/secret-backdoor-account-found-in.html

Ticketmaster to pay $10 million fine for illegally accessing computer systems of a competitor repeatedly in an attempt to "cut [its rival] off at the knees."



Read: https://thehackernews.com/2021/01/ticketmaster-to-pay-10-million-fine-for.html

🔥 BREAKING: British court has rejected the U.S. government's request to extradite Wikileaks founder Julian Assange on charges pertaining to illegally obtaining & sharing classified material related to national security.

https://thehackernews.com/2021/01/british-court-rejects-us-request-to.html

Google's Own Speech-to-Text API Can Help Attackers Easily Bypass Google reCAPTCHA Security Plugin — With 97% Accuracy.

Read Details: https://thehackernews.com/2021/01/google-speech-to-text-api-can-help.html

Cyberattacks targeting healthcare organizations have spiked by 45% since November 2020 as COVID19 cases continue to increase globally.

Read: https://thehackernews.com/2021/01/healthcare-industry-witnessed-45-spike.html

WATCH OUT!!!

A widespread Electron and Golang-based cross-platform RAT malware is targeting cryptocurrency users with 'undetected' trojanized apps for Windows, Linux, and macOS systems.

Details: https://thehackernews.com/2021/01/warning-cross-platform-electrorat.html

In a joint statement, FBI, CISA, NSA officially blamed the Russian government for orchestrating the massive SolarWinds supply chain cyberattack.

https://thehackernews.com/2021/01/fbi-cisa-nsa-officially-blames-russia.html

WhatsApp updated its Privacy Policy and Terms of Services, making data-sharing with Facebook mandatory for all.

IMPORTANT — You must accept it before February 8; otherwise, your account will be DELETED.

Details: https://thehackernews.com/2021/01/whatsapp-will-delete-your-account-if.html

U.S. Department of Justice admits its Microsoft Office 365 email server was also compromised as part of the SolarWinds supply chain attack.

Read details: https://thehackernews.com/2021/01/solarwinds-hackers-also-accessed-us.html

ALERT: A North Korean hacking group is targeting the South Korean government with a new spear-phishing campaign deploying RokRat Trojan.

Read: https://thehackernews.com/2021/01/alert-north-korean-hackers-targeting.html

🔥 A new side-channel attack (CVE-2021-3011) could let hackers extract your secret 2-factor authentication encryption keys from Google Titan, or other FIDO-enabled hardware security keys, and clone them for unauthorized access.

Read details — https://thehackernews.com/2021/01/new-attack-could-let-hackers-clone-your.html

Russian hacker 'Andrei Tyurin' gets 12-years of prison for the massive J.P. Morgan Chase hack & stealing a trove of personal information from several other financial institutions, brokerage firms, and financial news publishers.

Read: https://thehackernews.com/2021/01/russian-hacker-gets-12-years-prison-for.html

Researchers find several similarities and code overlap between the Sunburst backdoor and a previously identified Turla group's Kazuar malware.

Read details: https://thehackernews.com/2021/01/researchers-find-links-between-sunburst.html

The U.S. government has also officially blamed Russian hackers for SolarWinds cyberattack.

—— Unveiled ——

Researchers finally discovered how SUNBURST backdoor was inserted into the SolarWinds software.

Hackers used a 3rd malware strain, dubbed 'SUNSPOT,' that was deployed into the Orion platform's build environment.

Read details: https://thehackernews.com/2021/01/unveiled-sunspot-malware-was-used-to.html

Cybersecurity experts sound alarm on a new Android spyware sold on hacking forums—marketed by a 25-year-old #Indian vendor.

https://thehackernews.com/2021/01/experts-sound-alarm-on-new-android.html

It can exfiltrate photos, locations, contacts & messages from popular apps such as Facebook, Instagram, WhatsApp, Telegram.

Warning — Researchers took the wraps off a new spyware operation targeting users in Pakistan that leverages trojanized versions of legitimate Android apps to carry out covert surveillance and espionage.

Read: https://thehackernews.com/2021/01/warning-5-new-trojanized-android-apps.html

~~ Patch Tuesday, Jan 2021 ~~

Microsoft releases Windows updates to patch a total of 83 newly discovered security flaws, including an actively exploited zero-day RCE vulnerability affecting Defender (CVE-2021-1647) application.

https://thehackernews.com/2021/01/microsoft-issues-patches-for-defender.html

⚠️ WARNING : "A sophisticated threat actor" compromised the digital certificate 'Mimecast' provided to certain customers to connect its products securely with cloud-based #Microsoft 365 Exchange.

Read details here: https://thehackernews.com/2021/01/hackers-steal-mimecast-certificate-used.html

In a Europol-led operation, authorities have taken down—DarkMarket—the world's largest illegal marketplace on the dark web, specialized in the sales of drugs, counterfeit money, stolen credit card data, anonymous SIM cards, and off-the-shelf malware.

https://thehackernews.com/2021/01/authorities-take-down-worlds-largest.html