VMware has released updates to address two security vulnerabilities (CVE-2021-21980, CVE-2021-22049) in vCenter Server and Cloud Foundation that could be abused by a remote attacker to gain access to sensitive information.

https://thehackernews.com/2021/11/vmware-warns-of-newly-discovered.html

⚠️Warning — Hackers are actively exploiting a new zero-day variant of a recently disclosed privilege escalation vulnerability affecting the Windows Installer software component.

Read details: https://thehackernews.com/2021/11/warning-hackers-exploiting-new-windows.html

A new Iranian hacking group has been discovered exploiting a critical vulnerability in Microsoft Windows' MSHTML platform to target Farsi-speaking victims with PowerShell-based information stealer.

https://thehackernews.com/2021/11/hackers-using-microsoft-mshtml-flaw-to.html

Hackers are using a new JavaScript malware strain as a loader to distribute remote access Trojans (RATs) and information stealers.

Read details: https://thehackernews.com/2021/11/this-new-stealthy-javascript-loader.html

Amid NSO Group scandal, the Israeli government has dramatically reduced the number of countries to which cybersecurity firms may sell offensive hacking and surveillance tools, excluding 65 nations from the export list.

Read: https://thehackernews.com/2021/11/israel-bans-sales-of-hacking-and.html

An APT hacker group targeted biomanufacturing companies with the help of a custom malware loader called "Tardigrade."

Read details: https://thehackernews.com/2021/11/hackers-targeting-biomanufacturing.html

Italian antitrust authority has fined both Apple and Google €10 million each for using "aggressive" data practices and failing to clearly inform consumers about the commercial use of their personal data.

Read details: https://thehackernews.com/2021/11/italys-antitrust-regulator-fines-google.html

In an international operation coordinated by INTERPOL, codenamed HAECHI-II, police arrest more than 1,000 suspected cybercriminals and seize a total of nearly $27 million in illicit funds.

Read: https://thehackernews.com/2021/11/interpol-arrests-over-1000-cyber.html

About 86% of all compromised Google Cloud accounts are used by hackers to mine cryptocurrencies, while other instances are used to install ransomware or stage phishing attacks.

Read details: https://thehackernews.com/2021/11/hackers-using-compromised-google-cloud.html

State-sponsored hacker group ScarCruft is using a new malware called Chinotto for Windows and Android devices to spy on North Korea defectors, journalists and human rights activists.

Read details: https://thehackernews.com/2021/11/new-chinotto-spyware-targets-north.html

⚡ Researchers uncover 4 separate Android banking trojan dropper campaigns that infected more than 300,000 devices via the Google Play Store in 2021.

Read details: https://thehackernews.com/2021/11/4-android-banking-trojan-campaigns.html

WIRTE hacker group targets governments, diplomatic entities, military organizations, law firms, and financial institutions, mostly in the Middle East.

Read details: https://thehackernews.com/2021/11/wirte-hacker-group-targets-government.html

Researcher disclose details of an unpatched vulnerability (CVE-2021-24084) in the Windows OS—known to Microsoft since October 2020—that could allow an attacker to gain unauthorized access to the file system and read arbitrary files.

Details: https://thehackernews.com/2021/11/unpatched-unauthorized-file-read.html

Panasonic suffers a data breach following a hack of its network and file servers.

https://thehackernews.com/2021/11/panasonic-suffers-data-breach-after.html

F-secure researchers discover a critical WORMABLE security vulnerability (CVE-2021-39238) in hundreds of different HP Printers.

-🖨️-🖨️-🖨️-🖨️-🖨️-🖨️-🖨️-

Read details: https://thehackernews.com/2021/11/critical-wormable-security-flaw-found.html

⚡IMPORTANT — Updated Twitter Safety policy prohibits users from posting private photos and videos of people without their consent.

Read details: https://thehackernews.com/2021/11/twitter-bans-users-from-posting-private.html

A 22-year-old hacker, sixth member of an international hacking group called "The Community," has been jailed for stealing millions in cryptocurrency through SIM hijacking attacks.

Details: https://thehackernews.com/2021/12/hacker-jailed-for-stealing-millions-of.html

Researchers have observed that several hackers are increasingly using the "RTF Template Injection" method in widespread phishing attacks that enable decoy documents to retrieve malicious content from remote URLs.

Details: https://thehackernews.com/2021/12/hackers-increasingly-using-rtf-template.html

A new botnet malware exploits a previously known unpatched vulnerability in AT&T Network Edge devices to launch DDoS attacks and collect sensitive information about U.S. companies.

Details: https://thehackernews.com/2021/12/new-ewdoor-botnet-targeting-unpatched.html

A critical vulnerability in Mozilla's cross-platform Network Security Services (NSS) cryptographic library potentially affects a number of #software, including email clients & PDF viewers, such as Thunderbird, LibreOffice, Evolution.

Details: https://thehackernews.com/2021/12/critical-bug-in-mozillas-nss-crypto.html

A Russian national has been sentenced to 60 months in prison for providing bulletproof hosting to cybercriminals, who used the platform to spread malware and attack financial institutions and organizations in the U.S. from 2009 to 2015.

Read: https://thehackernews.com/2021/12/russian-man-gets-60-months-jail-for.html