In a joint statement, FBI, CISA, NSA officially blamed the Russian government for orchestrating the massive SolarWinds supply chain cyberattack.

https://thehackernews.com/2021/01/fbi-cisa-nsa-officially-blames-russia.html

WhatsApp updated its Privacy Policy and Terms of Services, making data-sharing with Facebook mandatory for all.

IMPORTANT — You must accept it before February 8; otherwise, your account will be DELETED.

Details: https://thehackernews.com/2021/01/whatsapp-will-delete-your-account-if.html

U.S. Department of Justice admits its Microsoft Office 365 email server was also compromised as part of the SolarWinds supply chain attack.

Read details: https://thehackernews.com/2021/01/solarwinds-hackers-also-accessed-us.html

ALERT: A North Korean hacking group is targeting the South Korean government with a new spear-phishing campaign deploying RokRat Trojan.

Read: https://thehackernews.com/2021/01/alert-north-korean-hackers-targeting.html

🔥 A new side-channel attack (CVE-2021-3011) could let hackers extract your secret 2-factor authentication encryption keys from Google Titan, or other FIDO-enabled hardware security keys, and clone them for unauthorized access.

Read details — https://thehackernews.com/2021/01/new-attack-could-let-hackers-clone-your.html

Russian hacker 'Andrei Tyurin' gets 12-years of prison for the massive J.P. Morgan Chase hack & stealing a trove of personal information from several other financial institutions, brokerage firms, and financial news publishers.

Read: https://thehackernews.com/2021/01/russian-hacker-gets-12-years-prison-for.html

Researchers find several similarities and code overlap between the Sunburst backdoor and a previously identified Turla group's Kazuar malware.

Read details: https://thehackernews.com/2021/01/researchers-find-links-between-sunburst.html

The U.S. government has also officially blamed Russian hackers for SolarWinds cyberattack.

—— Unveiled ——

Researchers finally discovered how SUNBURST backdoor was inserted into the SolarWinds software.

Hackers used a 3rd malware strain, dubbed 'SUNSPOT,' that was deployed into the Orion platform's build environment.

Read details: https://thehackernews.com/2021/01/unveiled-sunspot-malware-was-used-to.html

Cybersecurity experts sound alarm on a new Android spyware sold on hacking forums—marketed by a 25-year-old #Indian vendor.

https://thehackernews.com/2021/01/experts-sound-alarm-on-new-android.html

It can exfiltrate photos, locations, contacts & messages from popular apps such as Facebook, Instagram, WhatsApp, Telegram.

Warning — Researchers took the wraps off a new spyware operation targeting users in Pakistan that leverages trojanized versions of legitimate Android apps to carry out covert surveillance and espionage.

Read: https://thehackernews.com/2021/01/warning-5-new-trojanized-android-apps.html

~~ Patch Tuesday, Jan 2021 ~~

Microsoft releases Windows updates to patch a total of 83 newly discovered security flaws, including an actively exploited zero-day RCE vulnerability affecting Defender (CVE-2021-1647) application.

https://thehackernews.com/2021/01/microsoft-issues-patches-for-defender.html

⚠️ WARNING : "A sophisticated threat actor" compromised the digital certificate 'Mimecast' provided to certain customers to connect its products securely with cloud-based #Microsoft 365 Exchange.

Read details here: https://thehackernews.com/2021/01/hackers-steal-mimecast-certificate-used.html

In a Europol-led operation, authorities have taken down—DarkMarket—the world's largest illegal marketplace on the dark web, specialized in the sales of drugs, counterfeit money, stolen credit card data, anonymous SIM cards, and off-the-shelf malware.

https://thehackernews.com/2021/01/authorities-take-down-worlds-largest.html

Intel adds hardware-enabled ransomware detection to its newly announced 11th generation Core vPro business-class processors.

Read: https://thehackernews.com/2021/01/intel-adds-hardware-enabled-ransomware.html

Cybersecurity researchers took the wraps off an ongoing surveillance campaign — "Operation Spalax" — directed against Colombian government institutions and private companies in the energy and metallurgical industries.

https://thehackernews.com/2021/01/experts-uncover-malware-attacks-against.html

Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin (Winnti or APT41) that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor.

https://thehackernews.com/2021/01/researchers-disclose-undocumented.html

Joker's Stash, the largest #darkweb marketplace notorious for selling compromised payment card data, has announced plans to shut down its operations on February 15, 2021.

https://thehackernews.com/2021/01/jokers-stash-largest-carding.html

Amid severe criticism and backlash, WhatsApp postponed the roll-out of its recently announced controversial data-sharing related Privacy Policy by 3 months to clear up "a lot of misinformation."

Read: https://thehackernews.com/2021/01/whatsapp-delays-controversial-data.html

Apple has finally removed a controversial feature from macOS BigSur that could have allowed malicious apps to bypass content filters, VPNs, and firewall security.

Read details: https://thehackernews.com/2021/01/apple-removes-macos-feature-that.html

Fire A new ongoing cyberattack has been found exploiting recently disclosed Linux vulnerabilities to infect targeted systems with an IRC botnet—dubbed FreakOut—for launching DDoS attacks and mining cryptocurrency.

Read: https://thehackernews.com/2021/01/freakout-ongoing-botnet-attack.html