Researchers have discovered a security vulnerability in SiriusXM services that allows remote hacking of connected cars from Honda, Nissan, Infiniti and Acura.

Read: https://thehackernews.com/2022/12/siriusxm-vulnerability-lets-hackers.html

New CryWiper malware disguised as ransomware targeting Russian government agencies, including mayor's offices and courts.

Read: https://thehackernews.com/2022/12/russian-courts-targeted-by-new-crywiper.html

Newly discovered supply chain vulnerabilities found in MegaRAC BMC software affect servers from many vendors and could allow remote code execution attacks on vulnerable systems.

Read: https://thehackernews.com/2022/12/new-bmc-supply-chain-vulnerabilities.html

A version of an open-source ransomware toolkit called "Cryptonite" has been observed in the wild with wiper capabilities due to its "weak architecture and poor programming."

Read: https://thehackernews.com/2022/12/open-source-ransomware-toolkit.html

SIM swapping hackers are launching an extremely persistent intrusion campaign against telecom and BPO companies.

Read: https://thehackernews.com/2022/12/telcom-and-bpo-companies-under-attack.html

China-linked APT group "BackdoorDiplomacy" has been spotted launching sophisticated cyber attacks against telecom companies in the Middle East.

Read: https://thehackernews.com/2022/12/chinese-hackers-target-middle-east.html

Iranian state-sponsored hackers targeting key figures in activism, journalism, and politics with sophisticated social engineering and credential phishing attacks.

Read: https://thehackernews.com/2022/12/iranian-state-hackers-targeting-key.html

Researchers have discovered a novel Go-based botnet called "Zerobot" in the wild that exploits nearly two dozen vulnerabilities in IoT devices and other software to rapidly expand its network.

Read: https://thehackernews.com/2022/12/new-go-based-zerobot-botnet-exploiting.html

Microsoft issues warning to cryptocurrency industry of targeted cyberattacks by North Korea's Lazarus hacker group.

Read: https://thehackernews.com/2022/12/microsoft-alerts-cryptocurrency.html

A China-linked nation-state hacking group is using decoys related to the ongoing Russian-Ukrainian war to attack facilities in Europe and the Asia-Pacific region.

Read: https://thehackernews.com/2022/12/chinese-hackers-using-russo-ukrainian.html

Russia state-sponsored #hacking group has been linked to cyberattacks on U.S. military weapons and hardware supplier Global Ordnance.

Read: https://thehackernews.com/2022/12/russian-hackers-spotted-targeting-us.html

Cybercrime group "Vice Society" disproportionately targeted educational institutions, surpassing other ransomware families such as LockBit, BlackCat, BianLian, and Hive with 33 victims in 2022.

Read: https://thehackernews.com/2022/12/vice-society-ransomware-attackers.html

Iranian hackers unleash data-wiping attack on diamond industries in South Africa, Israel, and Hong Kong via supply-chain attack on Israeli software firm.

Read: https://thehackernews.com/2022/12/iranian-hackers-strike-diamond-industry.htm

Google warns that North Korean hackers exploited an Internet Explorer zero-day vulnerability to target South Korean users by capitalizing on the recent Itaewon Halloween crowd crush to trick users into downloading malware.

https://thehackernews.com/2022/12/google-warns-of-internet-explorer-zero.html

Apple announces a raft of new security measures, including:

✅ New Advanced Data Protection setting
✅ iMessage contact key verification
✅ End-to-end encrypted data backups in iCloud
✅ Support for hardware security keys for Apple ID

https://thehackernews.com/2022/12/apple-boosts-security-with-new-imessage.html

Researchers have discovered a new method for exfiltrating data from air-gapped computers that abuses the dynamic power consumption of modern computers to generate radio waves.

Read: https://thehackernews.com/2022/12/covid-bit-new-covert-channel-to.html

Iran-linked MuddyWater hackers on the prowl again, using compromised corporate email accounts to launch spear-phishing attacks on countries in the Middle East and Central and West Asia with updated attack tactics.

Read: https://thehackernews.com/2022/12/muddywater-hackers-target-asian-and.html

Researchers have discovered a new hybrid malware campaign that targets both Android and Windows operating systems, allowing it to expand its pool of victims.

Read: https://thehackernews.com/2022/12/researchers-uncover-darknet-service.html

Iranian nation-state hackers are using a new malware dubbed "Drokbk" that uses GitHub as a "dead drop resolver" to hide its communication with attackers, receive commands and exfiltrate stolen data.

Read: https://thehackernews.com/2022/12/researchers-uncover-new-drokbk-malware.html

Researchers have reported an increase in TrueBot malware infections, involving a new variant that abuses the Netwrix Auditor vulnerability and the Raspberry Robin worm to attack Mexico, Brazil, and the United States.

Read: https://thehackernews.com/2022/12/new-truebot-malware-variant-leveraging.html

Cisco warns of an unpatched, high-severity vulnerability (CVE-2022-20968) affecting IP Phone 7800 and 8800 series IP phones, for which a public proof-of-concept exploit is available.

Read: https://thehackernews.com/2022/12/cisco-warns-of-high-severity-unpatched.html