Hacker group 'Earth Lusca' has been observed attacking high-value targets in government and the private sector worldwide as part of an espionage campaign and an attempt to gain financial gain.

Read: https://thehackernews.com/2022/01/earth-lusca-hackers-aimed-at-high-value.html

Europol shuts down VPNLab, a secure VPN service that was used by a number of cybercriminals to distribute ransomware and facilitate other online crimes.

Details: https://thehackernews.com/2022/01/europol-shuts-down-vpnlab.html

Cybersecurity researchers have disclosed details of a bug in Box's multi-factor authentication (MFA) mechanism that could be abused to completely sidestep SMS-based login verification.

Read: https://thehackernews.com/2022/01/researchers-bypass-sms-based-multi.html

A malware distribution campaign is spreading DDoS IRC bot disguised as adult games through Korean #WebHard platforms.

Read details: https://thehackernews.com/2022/01/ddos-irc-bot-malware-spreading-through.html

Ukraine says recent coordinated cyberattacks on select government systems are part of a larger wave of malicious activity aimed at sabotaging the country's critical infrastructure.

Read: https://thehackernews.com/2022/01/ukraine-recent-cyber-attacks-part-of.html

Financially motivated hacking group FIN8 has resurfaced with a never-before-seen ransomware called "White Rabbit," which has been used in recent attacks.

Read details: https://thehackernews.com/2022/01/fin8-hackers-spotted-using-new-white.html

Russian hackers are heavily leveraging malicious Traffic Direction System (TSD) to spread several malware families, including Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish.

Read details: https://thehackernews.com/2022/01/russian-hackers-heavily-using-malicious.html

Microsoft has detected hackers exploiting a new zero-day vulnerability (CVE-2021-35247) in SolarWinds Serv-U software related to Log4j attacks.

Read: https://thehackernews.com/2022/01/microsoft-hackers-exploiting-new.html

Serv-U version 15.3 has been released to patch the issue.

Researchers warn of a new #malware specializes in gaining access to cryptocurrency wallets (Exodus, Ethereum, Bitcoin, Litecoin wallets) by exfiltrating content, passwords stored in the browser, and passphrases captured from the clipboard.

https://thehackernews.com/2022/01/new-bhunt-password-stealer-malware.html

Researchers reveal details about recent cyberattacks carried out by the Donot Hacking Team against government and military entities in South Asia.

https://thehackernews.com/2022/01/donot-hacking-team-targeting-government.html

An INTERPOL-led operation has led to the arrest of 11 members of a Nigerian cybercrime gang linked to Business Email Compromise (BEC) attacks targeting more than 50,000 victims in recent years.

Read: https://thehackernews.com/2022/01/interpol-busted-11-members-of-nigerian.html

Cisco has released a security patch for a critical vulnerability (CVE-2022-20649) affecting RCM for Cisco StarOS that could be weaponized by an unauthenticated remote attacker to execute arbitrary code & take over vulnerable machines.

Details: https://thehackernews.com/2022/01/cisco-issues-patch-for-critical-rce.html

U.S. has imposed sanctions on 4 current and former Ukrainian government officials for their involvement in a Russian-directed campaign to destabilize Ukraine.

Read details: https://thehackernews.com/2022/01/us-sanctions-4-ukrainians-for-working.html

Chinese APT41 hackers spotted using a previously undocumented "MoonBounce" firmware implant to maintain stealthy persistence during targeted cyber espionage campaigns.

Read details: https://thehackernews.com/2022/01/chinese-hackers-spotted-using-new-uefi.html

Researchers disclose two critical vulnerabilities in Control Web Panel—previously known as CentOS Web—that could be exploited as part of an exploit chain to achieve pre-authenticated RCE on affected Linux servers.

https://thehackernews.com/2022/01/critical-bugs-in-control-web-panel.html

Yet another supply-chain attack...

Hackers implanted a secret backdoor into nearly 40 themes and 53 plugins for WordPress websites developed by AccessPress.

Details: https://thehackernews.com/2022/01/hackers-planted-secret-backdoor-in.html

Cyberespionage group Molerats uses legitimate cloud services like Google Drive and Dropbox to host malware payloads, run C&C, and exfiltrate data from targets in the Middle East.

Read: https://thehackernews.com/2022/01/molerats-hackers-hiding-new-espionage.html

Latest analysis of the WhisperGate wiper malware, which attacked dozens of Ukrainian agencies earlier this month, has revealed "strategic similarities" with the NotPetya attack that hit the country in 2017.

Read: https://thehackernews.com/2022/01/experts-find-strategic-similarities-bw.html

A new high-severity vulnerability (CVE-2022-21658) in Rust programming could allow an attacker to trick a privileged program into deleting files and directories that he or she could not otherwise access or delete.

Read: https://thehackernews.com/2022/01/high-severity-rust-programming-bug.html

A new Emotet malware campaign has been observed using "unconventional" IP address formats for the first time in a bid to sidestep detection by security solutions.

Read details: https://thehackernews.com/2022/01/emotet-now-using-unconventional-ip.html

Hackers are creating fraudulent crypto tokens to trick victims into buying the tokens, and then abusing misconfigurations in smart contracts to steal funds as part of the rug pull scam.

Read details: https://thehackernews.com/2022/01/hackers-creating-fraudulent-crypto.html