Intel adds hardware-enabled ransomware detection to its newly announced 11th generation Core vPro business-class processors.

Read: https://thehackernews.com/2021/01/intel-adds-hardware-enabled-ransomware.html

Cybersecurity researchers took the wraps off an ongoing surveillance campaign — "Operation Spalax" — directed against Colombian government institutions and private companies in the energy and metallurgical industries.

https://thehackernews.com/2021/01/experts-uncover-malware-attacks-against.html

Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin (Winnti or APT41) that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor.

https://thehackernews.com/2021/01/researchers-disclose-undocumented.html

Joker's Stash, the largest #darkweb marketplace notorious for selling compromised payment card data, has announced plans to shut down its operations on February 15, 2021.

https://thehackernews.com/2021/01/jokers-stash-largest-carding.html

Amid severe criticism and backlash, WhatsApp postponed the roll-out of its recently announced controversial data-sharing related Privacy Policy by 3 months to clear up "a lot of misinformation."

Read: https://thehackernews.com/2021/01/whatsapp-delays-controversial-data.html

Apple has finally removed a controversial feature from macOS BigSur that could have allowed malicious apps to bypass content filters, VPNs, and firewall security.

Read details: https://thehackernews.com/2021/01/apple-removes-macos-feature-that.html

Fire A new ongoing cyberattack has been found exploiting recently disclosed Linux vulnerabilities to infect targeted systems with an IRC botnet—dubbed FreakOut—for launching DDoS attacks and mining cryptocurrency.

Read: https://thehackernews.com/2021/01/freakout-ongoing-botnet-attack.html

A set of severe vulnerabilities affect popular DNSMasq DNS Forwarding software—potentially allowing an adversary to mount DNS cache poisoning attacks and remotely execute malicious code.

Read: https://thehackernews.com/2021/01/a-set-of-severe-flaws-affect-popular.html

Google discloses flaws in multiple video chat apps—Signal, JioChat, Mocha, Duo, and Facebook Messenger—which could have allowed attackers to initiate a video call and eavesdrop on targets without user consent.

Read details: https://thehackernews.com/2021/01/google-discloses-flaws-in-signal-fb.html

Hackers behind the SolarWinds' cyber-attack also breached cybersecurity firm Malwarebytes and accessed its internal emails.

Read: https://thehackernews.com/2021/01/solarwinds-hackers-also-breached.html

Cybercriminals accidentally exposed thousands of stolen log-in credentials accessible to anyone via Google search—which were compromised during a large-scale phishing campaign that mainly targeted energy and construction companies.

https://thehackernews.com/2021/01/hackers-accidentally-expose-passwords.html

Google discloses flaws in multiple video chat apps—Signal, JioChat, Mocha, Duo, and Facebook Messenger—which could have allowed attackers to initiate a video call and eavesdrop on targets without user consent.

Read details: https://thehackernews.com/2021/01/google-discloses-flaws-in-signal-fb.html

Microsoft uncovers how SolarWinds hackers stayed under the radar for long enough during one of the most sophisticated attacks in recent history.

Read details: https://thehackernews.com/2021/01/heres-how-solarwinds-hackers-stayed.html

MrbMiner cryptocurrency-mining malware that surfaced last year and infected thousands of Microsoft SQL Server (MSSQL) databases has been found linked to a small software development company based in Iran.

Read: https://thehackernews.com/2021/01/mrbminer-crypto-mining-malware-links-to.html

🔥 KindleDrip Attack

Sharing malicious e-Books with Amazon Kindle users could have let attackers execute arbitrary code on Kindle devices, hijack accounts, and make unauthorized purchases.

Read: https://thehackernews.com/2021/01/sharing-ebook-with-your-kindle-could.html

EXCLUSIVE: Cybersecurity firm SonicWall hacked using zero-day flaws affecting its own VPN product.

https://thehackernews.com/2021/01/exclusive-sonicwall-hacked-using-0-day.html

Since the affected client lets users remotely access a company's internal resources, hackers could compromise other businesses using vulnerable software.

Watch Out! A fully-functional exploit has been released online that anyone can use to target vulnerable enterprises using a critical vulnerability affecting SAP Solution Manager software.

Read details: https://thehackernews.com/2021/01/beware-fully-functional-released-online.html

🔥 Researchers detail a recently disclosed Windows MSRPC Printer Spooler Relay vulnerability that can be exploited remotely to execute code on the attacked machine.

Learn more about NTLM Relay to RCE attack: https://thehackernews.com/2021/01/experts-detail-recent-remotely.html

🔥 BEWARE —A new WORMABLE Android malware is spreading automatically through WhatsApp messages by abusing its quick reply functionality in the notifications.

Read details: https://thehackernews.com/2021/01/beware-new-wormable-android-malware.html

Researchers uncover a new privacy vulnerability in TikTok that could have allowed attackers to access users' profile details and private phone numbers associated with their account.

Details: https://thehackernews.com/2021/01/tiktok-bug-could-have-exposed-users.html