Meta is expanded the scope of its Facebook Protect security program to include human rights defenders, activists, journalists and government officials who are more likely to be targeted by malicious actors on social media.

Details: https://thehackernews.com/2021/12/meta-expands-facebook-protect-program.html

The FBI and CISA are warning about active exploitation of a recently disclosed critical RCE #vulnerability in Zoho's ManageEngine ServiceDesk Plus in order to deploy web shells and perform a variety of malicious activities.

Details: https://thehackernews.com/2021/12/cisa-warns-of-actively-exploited.html

⚡A new Linux malware infection has been discovered that steals payment data from e-commerce websites and hides in a legitimate NGINX process on the compromised servers.

Read details: https://thehackernews.com/2021/12/new-payment-data-sealing-malware-hides.html

A new group of hackers known as "Magnat" is using malvertising campaigns to spread new malware families with information stealers, backdoors, and malicious Google Chrome extensions.

Read details: https://thehackernews.com/2021/12/new-malvertising-campaigns-spreading.html

Researchers uncover new strategies and tools used by Pakistani SideCopy APT hackers to target the Indian and Afghan governments.

Read details: https://thehackernews.com/2021/12/researchers-detail-how-pakistani.html

Zoho is warning its customers about another critical authentication bypass vulnerability (CVE-2021-44515) that is being actively exploited and affects ManageEngine Desktop Central MSP software.

Read details: https://thehackernews.com/2021/12/warning-yet-another-zoho-manageengine.html

XS -Leaks!!!

14 new types of cross-site data leakage attacks have been discovered against a number of modern web browsers, including Tor Browser, Mozilla Firefox, Google Chrome, Microsoft Edge, Apple Safari and Opera.

Read details: https://thehackernews.com/2021/12/14-new-xs-leaks-cross-site-leaks.html

Hackers stole more than $180 million worth of cryptocurrency tokens from Bitmart Exchange using compromised privacy keys.

Details: https://thehackernews.com/2021/12/hackers-steal-200-million-worth-of.html

Researchers warn of malicious KMSPico Windows Activators circulating the internet and aiming to steal cryptocurrency wallet credentials.

Read details: https://thehackernews.com/2021/12/malicious-kmspico-windows-activator.html

Latest Firefox 95 version includes a new sandboxing technology called RLBox that protects the browser from untrusted code and other security vulnerabilities.

Details: https://thehackernews.com/2021/12/latest-firefox-95-includes-rlbox.html

With the help of a court order, Microsoft has successfully seized 42 domain names used by a Chinese hacking group to launch cyberespionage attacks against organizations in the US and 28 other countries.

Read details: https://thehackernews.com/2021/12/microsoft-seizes-42-malicious-web.html

The Russian hacking group that attacked SolarWinds last year is targeting businesses and government entities worldwide.

Read details: https://thehackernews.com/2021/12/solarwinds-hackers-targeting-government.html

A number of vulnerabilities reported in Eltima SDK made several Cloud services vulnerable to privilege escalation attacks.

Read: https://thehackernews.com/2021/12/eltima-sdk-contain-multiple.html

QNAP has released a new advisory warning its customers about a new cryptocurrency mining malware targeting NAS devices and advising them to take preventative measures as soon as possible.

Read details — https://thehackernews.com/2021/12/warning-yet-another-bitcoin-mining.html

Trickbot botnet infected over 140,000 computers worldwide within months of helping the Emotet malware get back into action.

Read details: https://thehackernews.com/2021/12/140000-reasons-why-emotet-is.html

Google disrupts a sophisticated blockchain-based botnet — dubbed Glupteba — that affected more than 1 MILLION computers around the world, and sues two Russian hackers believed to be behind the attack.

Read details: https://thehackernews.com/2021/12/google-disrupts-blockchain-based.html

SonicWall urges customers to immediately patch/update their SMA 100 series appliances to the latest version in order to prevent exploitation of newly discovered multiple critical & high-severity security vulnerabilities.

Details: https://thehackernews.com/2021/12/sonicwall-urges-customers-to.html

A number of malicious NPM javascript packages in the open-source repository have been caught hijacking Discord servers.

Read: https://thehackernews.com/2021/12/over-dozen-malicious-npm-packages.html

Researchers have discovered at least 300,000 IP addresses associated with vulnerable MikroTik network devices that can be hacked remotely using previously known critical vulnerabilities.

Read details: https://thehackernews.com/2021/12/over-300000-mikrotik-devices-found.html

Russian government has blocked Tor privacy service as part of its latest move towards censorship.

Read details: https://thehackernews.com/2021/12/russia-blocks-tor-privacy-service-in.html

ALERT! In a massive ongoing cyber attack, nearly 1.6 million WordPress websites were hit with 13.7 million malicious requests from over 16,000 different IP addresses.

Read details: https://thehackernews.com/2021/12/16-million-wordpress-sites-under.html