Microsoft describes the "distinct building blocks" of the decade-old but still widely used banking malware Qakbot to proactively and effectively detect and block the threat.

Read details: https://thehackernews.com/2021/12/microsoft-details-building-blocks-of.html

Researchers warn of the rise of Karakurt, a new hacking group focused on data theft and extortion.

Read details: https://thehackernews.com/2021/12/karakurt-new-emerging-data-theft-and.html

⚡ALERT — Update your Google Chrome web browser for Windows, Mac, and Linux immediately to patch a new zero-day vulnerability — 17th this year — discovered in the wild along with 4 others.

Read details: https://thehackernews.com/2021/12/update-google-chrome-to-patch-new-zero.html

Apple has released a new iOS update for iPhones to patch several critical security issues, including an exploit chain for a recently demonstrated remote jailbreak attack.

Read details: https://thehackernews.com/2021/12/latest-apple-ios-update-patches-remote.html

A ransomware affiliate has been arrested in Romania, and in Ukraine, 51 people have been arrested for selling stolen personal data of 300 million users.

Read details: https://thehackernews.com/2021/12/ransomware-affiliate-arrested-in.html

Hackers have begun exploiting the latest Log4j vulnerability to infect Windows computers with the Khonsari ransomware.

Read details: https://thehackernews.com/2021/12/hackers-exploit-log4j-vulnerability-to.html

URGENT: Apache Foundation has issued a new patch (CVE-2021-45046) for Log4j utility after the previous patch for the recently disclosed Log4Shell exploit (CVE-2021-44228) was deemed incomplete in certain non-default configurations.

Details: https://thehackernews.com/2021/12/second-log4j-vulnerability-cve-2021.html

Time to update your windows for the last time this year (probably!).

Microsoft releases latest Windows security updates to patch several newly discovered flaws, including a new 0-day that attackers are exploiting to spread the Emotet malware.

https://thehackernews.com/2021/12/microsoft-issues-windows-update-to.html

Researchers discovered a new malicious module for IIS servers — dubbed Owowa — that attackers are using to steal users' Microsoft Exchange credentials and gain remote code execution ability on the underlying servers.

Details: https://thehackernews.com/2021/12/hackers-using-malicious-iis-server.html

Facebook today expanded its Bug Bounty program to reward researchers for reporting bugs that could allow attackers to bypass data scraping restrictions and also for scraped databases that are available online.

Details: https://thehackernews.com/2021/12/facebook-to-pay-hackers-for-reporting.html

Attackers have started exploiting the 2nd Log4J vulnerability (CVE-2021-45046), while a third vulnerability has already been reported and its technical details are expected to be published soon.

Details + PoC for 3rd: https://thehackernews.com/2021/12/hackers-begin-exploiting-second-log4j.html

A new fileless malware targeting Russian businesses has been spotted using the Windows OS registry as both persistent and temporary storage to evade detection.

Read details: https://thehackernews.com/2021/12/new-fileless-malware-uses-windows.html

Researchers uncover coexistence attacks on Broadcom, Cypress & Silicon Labs chips installed in billions of devices that could allow Bluetooth chips to directly extract network passwords and manipulate Wi-Fi traffic.

Details: https://thehackernews.com/2021/12/researchers-uncover-new-coexistence.html

A new variant of the Phorpiex botnet malware has been discovered in the wild, targeting cryptocurrency transactions.

Read details: https://thehackernews.com/2021/12/new-phorpiex-botnet-variant-steals-half.html

Attackers behind it have already stolen nearly half a MILLION US dollars from victims.

Kaspersky researchers uncover a mass-scale spyware campaign spreading a new botnet, dubbed "PseudoManuscrypt," that has already infected over 35,000 computers this year alone.

Read details: https://thehackernews.com/2021/12/new-pseudomanuscrypt-malware-infected.html

Facebook has banned hundreds of accounts linked to 7 "cyber mercenary" companies that spied on nearly 50,000 users—including journalists, dissidents, families of political dissidents and human rights activists.

Read: https://thehackernews.com/2021/12/facebook-bans-7-cyber-mercenaries.html

Apache Issues 3rd patch update -- version 2.17.0 -- to fix a new high-severity Log4j vulnerability (CVE-2021-45105).

Read: https://thehackernews.com/2021/12/apache-issues-3rd-patch-to-fix-new-high.html

⚡Researchers discover an entirely new ATTACK VECTOR that could allow hackers to exploit critical Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection.

Read details: https://thehackernews.com/2021/12/new-local-attack-vector-expands-attack.html

Researchers have discovered a new application in the Google Play Store that contains Joker malware and has been downloaded by over 500,000 Android users.

https://thehackernews.com/2021/12/over-500000-android-users-downloaded.html

Researchers discover new vulnerabilities in the "handover procedure" of 2G, 3G, 4G and 5G mobile networks that could allow attackers to force targeted mobile phones to connect to a fake base station and eavesdrop on communications.

Read details: https://thehackernews.com/2021/12/new-mobile-network-vulnerabilities.html

Meta sues hackers behind massive phishing attacks against Facebook, WhatsApp and Instagram users, who are operating more than 39,000 fake webpages to steal their login credentials.

Read details: https://thehackernews.com/2021/12/meta-sues-hackers-behind-facebook.html