Google has released an update for the Chrome browser to patch a new, actively exploited zero-day vulnerability (CVE-2022-4135) that resides in the GPU component.

Read: https://thehackernews.com/2022/11/update-chrome-browser-now-to-patch-new.html

Researchers warn of new "RansomBoggs" ransomware attacks targeting organizations in Ukraine and linked to the Russia-based Sandworm nation-state hacking group.

Read:https://thehackernews.com/2022/11/russia-based-ransomboggs-ransomware.html

U.S. regulators have imposed a ban on Chinese telecommunications and video surveillance equipment from Huawei, ZTE, Hytera, Hikvision, and Dahua, classifying them as "unacceptable" threats to national security.

Read: https://thehackernews.com/2022/11/us-bans-chinese-telecom-equipment-and.html

Elon Musk has confirmed that #Twitter 2.0 - The Everything App - will bring end-to-end #encryption (E2EE) for direct messages and long-form tweets to the platform.

Read: https://thehackernews.com/2022/11/elon-musk-confirms-twitter-20-will.html

Over a dozen new vulnerabilities have been discovered in the firmware of Lanner's Baseboard Management Controller (BMC) that could leave OT and IoT networks vulnerable to remote attacks.

Read: https://thehackernews.com/2022/11/over-dozen-new-bmc-firmware-flaws.html

Researchers have reported a cross-tenant vulnerability in Amazon Web Services (AWS) that exploits #AWS AppSync and allows an attacker to infiltrate a victim organization and access resources in those accounts.

Read: https://thehackernews.com/2022/11/researchers-detail-appsync-cross-tenant.html

CISA has added a critical vulnerability affecting Oracle Fusion Middleware to the Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation.

Read: https://thehackernews.com/2022/11/cisa-warns-of-actively-exploited.html

Ireland's data regulator has fined Facebook €265 million ($277 million) for failing to protect the personal data of more than half a billion users of its social media platform.

Read: https://thehackernews.com/2022/11/irish-regulator-fines-facebook-277.html

Researchers have reported a new vulnerability (CVE-2022-4020) in Acer laptops that could be potentially weaponized to disable UEFI Secure Boot protection.

Read: https://thehackernews.com/2022/11/new-flaw-in-acer-laptops-could-let.html

A hacking group with suspected ties to China has been linked to a series of cyber espionage attacks in the Philippines, mainly using USB devices as the initial infection vector.

Read: https://thehackernews.com/2022/11/chinese-cyber-espionage-hackers-using.html

Researchers have disclosed details of three new security vulnerabilities affecting Operational Technology (OT) products from CODESYS and Festo.

Read: https://thehackernews.com/2022/11/3-new-vulnerabilities-affect-ot.html

Australian government has passed a new bill that significantly increases penalties (up to $50 million) for companies affected by serious or repeated data breaches.

Read: https://thehackernews.com/2022/11/australia-passes-bill-to-fine-companies.html

French data protection watchdog has fined the country's largest electricity provider Electricité de France (EDF) €600,000 for using insecure MD5 hash algorithm to store its customers' passwords.

Read: https://thehackernews.com/2022/11/french-electricity-provider-fined-for.html

A malicious Android app distributed through the Google Play Store secretly collected users' text messages in order to create accounts on various platforms, including Facebook, Google, and WhatsApp.

https://thehackernews.com/2022/11/this-malicious-app-abused-hacked.html

An "unexpected behavior" in the npm command line interface could allow malicious NPM libraries to bypass security checks and hide vulnerabilities.

Read: https://thehackernews.com/2022/11/researchers-find-way-malicious-npm.html

North Korea-linked ScarCruft APT hackers have been spotted using a previously undocumented backdoor called "Dolphin" to spy on targets in its southern counterpart.

Read: https://thehackernews.com/2022/12/north-korea-hackers-using-new-dolphin.html

LastPass password management service has been hit by another security incident in which attackers gained access to some of its customers' data.

Read: https://thehackernews.com/2022/12/lastpass-suffers-another-security.html

Researchers 'accidentally' crash the KMSDBot cryptocurrency mining botnet while sending commands to the bot to test its functionality and attack signatures.

Read: https://thehackernews.com/2022/12/researchers-accidentally-crashed.html

Over 300,000 Android users have fallen victim to dozens of Google Play Store apps that contain the Schoolyard Bully Trojan and steal users' Facebook credentials.

Read: https://thehackernews.com/2022/12/schoolyard-bully-trojan-apps-stole.html

Hackers behind the devastating cyberattack on Australian insurer Medibank have posted another dump of the stolen data on the dark web after the company refused to pay a ransom.

Read: https://thehackernews.com/2022/12/hackers-leak-another-set-of-medibank.html

Google accuses a Barcelona-based surveillanceware vendor named Variston IT of planting #spyware on targeted devices by exploiting zero-day vulnerabilities in Google Chrome, Mozilla Firefox and Windows.

Details: https://thehackernews.com/2022/12/google-accuses-spanish-spyware-vendor.html