Hackers behind the devastating cyberattack on Australian insurer Medibank have posted another dump of the stolen data on the dark web after the company refused to pay a ransom.

Read: https://thehackernews.com/2022/12/hackers-leak-another-set-of-medibank.html

Google accuses a Barcelona-based surveillanceware vendor named Variston IT of planting #spyware on targeted devices by exploiting zero-day vulnerabilities in Google Chrome, Mozilla Firefox and Windows.

Details: https://thehackernews.com/2022/12/google-accuses-spanish-spyware-vendor.html

Multiple unpatched vulnerabilities have been discovered in the remote keyboard and mouse apps 'Lazy Mouse,' 'PC Keyboard' and 'Telepad' — installed by more than two million Android users.

Read: https://thehackernews.com/2022/12/watch-out-these-android-keyboard-apps.html

U.S. cybersecurity agency warns of an increasing number of Cuba ransomware attacks that has extorted more than $60 MILLION in ransom payments from over 100 entities across the world.

Read: https://thehackernews.com/2022/12/cuba-ransomware-extorted-over-60.html

Hackers are exploiting a vulnerability in the Redis database application to deploy a new Go-based malware, dubbed "Redigo," that is designed to take control of servers and build botnet networks.

Details: https://thehackernews.com/2022/12/hackers-exploiting-redis-vulnerability.html

CISA warns of several critical vulnerabilities in Mitsubishi Electric GX Works3 engineering software, which is widely used in the ICS environment.

Read: https://thehackernews.com/2022/12/cisa-warns-of-multiple-critical.html

Researchers have uncovered a high-severity security vulnerability in IBM Cloud Databases for PostgreSQL that could be exploited to tamper with internal repositories and execute unauthorized code.

Read: https://thehackernews.com/2022/12/researchers-disclose-supply-chain-flaw.html

Hackers abused compromised platform certificates used by Android smartphone vendors such as Samsung, LG, and MediaTek to sign malicious apps and bypass security checks.

Read: https://thehackernews.com/2022/12/hackers-sign-android-malware-apps-with.html

A new RCE vulnerability [CVE-2022-23093] has been reported in the ping module of the FreeBSD operating system that could be exploited to remotely crash the program or execute malicious code.

Read: https://thehackernews.com/2022/12/critical-ping-vulnerability-allows.html

North Korean Lazarus hackers have been spotted distributing fake cryptocurrency apps to attack users with a new variant of AppleJeus malware.

Read: https://thehackernews.com/2022/12/north-korean-hackers-spread-applejeus.html

Researchers have discovered a security vulnerability in SiriusXM services that allows remote hacking of connected cars from Honda, Nissan, Infiniti and Acura.

Read: https://thehackernews.com/2022/12/siriusxm-vulnerability-lets-hackers.html

New CryWiper malware disguised as ransomware targeting Russian government agencies, including mayor's offices and courts.

Read: https://thehackernews.com/2022/12/russian-courts-targeted-by-new-crywiper.html

Newly discovered supply chain vulnerabilities found in MegaRAC BMC software affect servers from many vendors and could allow remote code execution attacks on vulnerable systems.

Read: https://thehackernews.com/2022/12/new-bmc-supply-chain-vulnerabilities.html

A version of an open-source ransomware toolkit called "Cryptonite" has been observed in the wild with wiper capabilities due to its "weak architecture and poor programming."

Read: https://thehackernews.com/2022/12/open-source-ransomware-toolkit.html

SIM swapping hackers are launching an extremely persistent intrusion campaign against telecom and BPO companies.

Read: https://thehackernews.com/2022/12/telcom-and-bpo-companies-under-attack.html

China-linked APT group "BackdoorDiplomacy" has been spotted launching sophisticated cyber attacks against telecom companies in the Middle East.

Read: https://thehackernews.com/2022/12/chinese-hackers-target-middle-east.html

Iranian state-sponsored hackers targeting key figures in activism, journalism, and politics with sophisticated social engineering and credential phishing attacks.

Read: https://thehackernews.com/2022/12/iranian-state-hackers-targeting-key.html

Researchers have discovered a novel Go-based botnet called "Zerobot" in the wild that exploits nearly two dozen vulnerabilities in IoT devices and other software to rapidly expand its network.

Read: https://thehackernews.com/2022/12/new-go-based-zerobot-botnet-exploiting.html

Microsoft issues warning to cryptocurrency industry of targeted cyberattacks by North Korea's Lazarus hacker group.

Read: https://thehackernews.com/2022/12/microsoft-alerts-cryptocurrency.html

A China-linked nation-state hacking group is using decoys related to the ongoing Russian-Ukrainian war to attack facilities in Europe and the Asia-Pacific region.

Read: https://thehackernews.com/2022/12/chinese-hackers-using-russo-ukrainian.html

Russia state-sponsored #hacking group has been linked to cyberattacks on U.S. military weapons and hardware supplier Global Ordnance.

Read: https://thehackernews.com/2022/12/russian-hackers-spotted-targeting-us.html