A new Zloader banking trojan campaign is now exploiting the Microsoft Signature Verification system to evade detection and steal cookies, passwords and other sensitive data.

Read details - https://thehackernews.com/2022/01/new-zloader-banking-malware-campaign.html

It already has over 2,000 victims in 111 countries.

Cybersecurity researchers have uncovered an organized financial-theft operation in which a discrete hacking group — codenamed "Elephant Beetle" — penetrates transaction processing systems and steals money.

Read details: https://thehackernews.com/2022/01/researchers-uncover-hacker-group-behind.html

Malware attackers could use this new "NoReboot" trick to secretly spy on users by faking an iPhone shutdown, making it impossible to physically determine whether or not an iPhone is powered off.

Read details: https://thehackernews.com/2022/01/new-trick-could-let-malware-fake-iphone.html

North Korean cyberespionage group 'Konni' has been linked to a series of targeted attacks on the Ministry of Foreign Affairs of the Russian Federation, using New Year's Eve decoys to compromise Windows systems with malware.

Read details: https://thehackernews.com/2022/01/north-korean-hackers-start-new-year.html

French data protection watchdog has fined Facebook and Google 150 million and 60 million euros, respectively, for violating EU privacy laws by not giving their users an easy option to opt-out of cookie tracking technology.

Read details: https://thehackernews.com/2022/01/france-fines-google-facebook-210.html

Researchers have found a new Log4Shell-like critical RCE vulnerability (CVE-2021-42392) in the H2 Database Console, an in-memory, open-source, and widely used embedded database system.

Read details: https://thehackernews.com/2022/01/log4shell-like-critical-rce-flaw.html

U.K. National Health Service (NHS) has warned that attackers are actively exploiting Log4Shell vulnerabilities in unpatched VMware Horizon servers to drop malicious web shells and establish persistence on affected networks for follow-on attacks.

Detail: https://thehackernews.com/2022/01/nhs-warns-of-hackers-targeting-log4j.html

Facebook has launched a new “Privacy Center” to educate users about five common privacy topics — sharing, security, data collection, data use and ads.

Read: https://thehackernews.com/2022/01/facebook-launches-privacy-center-to.html

BADNEWS! 'Patchwork' APT group fell victim to its own spying malware, revealing the tactics, procedures, and techniques used by an Indian hacker group.

Read details: https://thehackernews.com/2022/01/badnews-patchwork-apt-hackers-score-own.html

Researchers have found links between an emerging DDoS botnet named "Abcbot" and the Xanthe cryptocurrency-mining malware attacks.

Read: https://thehackernews.com/2022/01/abcbot-botnet-linked-to-operators-of.html

Europol ordered to delete a vast trove of personal data the agency obtained on individuals with no proven ties to criminal activity.

Read details: https://thehackernews.com/2022/01/europol-ordered-to-delete-data-of.html

Microsoft has revealed details of a new macOS "powerdir" vulnerability (CVE-2021-30970) that could allow attackers to gain access to user data.

Read details: https://thehackernews.com/2022/01/microsoft-details-macos-bug-that-could.html

Moxie Marlinspike, founder of the popular encrypted instant messaging service Signal, has announced that he is stepping down as CEO and WhatsApp co-founder Brian Acton will serve as interim CEO.

Read details: https://thehackernews.com/2022/01/signal-ceo-resigns-whatsapp-co-founder.html

A new high-severity KCodes NetUSB #vulnerability affects millions of routers from various manufacturers.

Details: https://thehackernews.com/2022/01/new-kcodes-netusb-bug-affect-millions.html

First Microsoft Patch Tuesday update of 2022 fixes 96 new vulnerabilities, including a critical "wormable" Windows RCE vulnerability (CVE-2022-21907) in the HTTP Protocol Stack.

Read details: https://thehackernews.com/2022/01/first-patch-tuesday-of-2022-brings-fix.html

U.S. cybersecurity and intelligence agencies published a joint advisory on how to detect, respond to, and mitigate cyberattacks on critical infrastructure orchestrated by Russian state-backed actors.

Details: https://thehackernews.com/2022/01/fbi-nsa-and-cisa-warns-of-russian.html

A new espionage malware called SysJoker has been discovered and is targeting users on Windows, macOS and Linux users.

Read details: https://thehackernews.com/2022/01/new-sysjoker-espionage-malware.html

Apple releases the latest iOS and iPadOS 15.2.1 updates to patch a vulnerability found in HomeKit that allows DoS attacks.

Details: https://thehackernews.com/2022/01/apple-releases-iphone-and-ipad-updates.html

Iranian nation-state hackers exploiting the Log4j vulnerability to deploy a new PowerShell-based framework—dubbed "CharmPower"—designed to establish persistence, gather information, and execute commands.

Read details — https://thehackernews.com/2022/01/iranian-hackers-exploit-log4j.html

Researchers have decoded the mechanism by which the versatile Qakbot banking trojan handles the insertion of encrypted configuration data into the Windows Registry.

Read: https://thehackernews.com/2022/01/researchers-decrypted-qakbot-banking.html

GootLoader malware campaign now targets employees of law and accounting firms, indicating the adversary is expanding its focus to other high-value targets.

Details: https://thehackernews.com/2022/01/gootloader-hackers-targeting-employees.html