Researchers have discovered a novel Go-based botnet called "Zerobot" in the wild that exploits nearly two dozen vulnerabilities in IoT devices and other software to rapidly expand its network.

Read: https://thehackernews.com/2022/12/new-go-based-zerobot-botnet-exploiting.html

Microsoft issues warning to cryptocurrency industry of targeted cyberattacks by North Korea's Lazarus hacker group.

Read: https://thehackernews.com/2022/12/microsoft-alerts-cryptocurrency.html

A China-linked nation-state hacking group is using decoys related to the ongoing Russian-Ukrainian war to attack facilities in Europe and the Asia-Pacific region.

Read: https://thehackernews.com/2022/12/chinese-hackers-using-russo-ukrainian.html

Russia state-sponsored #hacking group has been linked to cyberattacks on U.S. military weapons and hardware supplier Global Ordnance.

Read: https://thehackernews.com/2022/12/russian-hackers-spotted-targeting-us.html

Cybercrime group "Vice Society" disproportionately targeted educational institutions, surpassing other ransomware families such as LockBit, BlackCat, BianLian, and Hive with 33 victims in 2022.

Read: https://thehackernews.com/2022/12/vice-society-ransomware-attackers.html

Iranian hackers unleash data-wiping attack on diamond industries in South Africa, Israel, and Hong Kong via supply-chain attack on Israeli software firm.

Read: https://thehackernews.com/2022/12/iranian-hackers-strike-diamond-industry.htm

Google warns that North Korean hackers exploited an Internet Explorer zero-day vulnerability to target South Korean users by capitalizing on the recent Itaewon Halloween crowd crush to trick users into downloading malware.

https://thehackernews.com/2022/12/google-warns-of-internet-explorer-zero.html

Apple announces a raft of new security measures, including:

✅ New Advanced Data Protection setting
✅ iMessage contact key verification
✅ End-to-end encrypted data backups in iCloud
✅ Support for hardware security keys for Apple ID

https://thehackernews.com/2022/12/apple-boosts-security-with-new-imessage.html

Researchers have discovered a new method for exfiltrating data from air-gapped computers that abuses the dynamic power consumption of modern computers to generate radio waves.

Read: https://thehackernews.com/2022/12/covid-bit-new-covert-channel-to.html

Iran-linked MuddyWater hackers on the prowl again, using compromised corporate email accounts to launch spear-phishing attacks on countries in the Middle East and Central and West Asia with updated attack tactics.

Read: https://thehackernews.com/2022/12/muddywater-hackers-target-asian-and.html

Researchers have discovered a new hybrid malware campaign that targets both Android and Windows operating systems, allowing it to expand its pool of victims.

Read: https://thehackernews.com/2022/12/researchers-uncover-darknet-service.html

Iranian nation-state hackers are using a new malware dubbed "Drokbk" that uses GitHub as a "dead drop resolver" to hide its communication with attackers, receive commands and exfiltrate stolen data.

Read: https://thehackernews.com/2022/12/researchers-uncover-new-drokbk-malware.html

Researchers have reported an increase in TrueBot malware infections, involving a new variant that abuses the Netwrix Auditor vulnerability and the Raspberry Robin worm to attack Mexico, Brazil, and the United States.

Read: https://thehackernews.com/2022/12/new-truebot-malware-variant-leveraging.html

Cisco warns of an unpatched, high-severity vulnerability (CVE-2022-20968) affecting IP Phone 7800 and 8800 series IP phones, for which a public proof-of-concept exploit is available.

Read: https://thehackernews.com/2022/12/cisco-warns-of-high-severity-unpatched.html

Researchers describe a new attack method that can bypass web application firewalls (WAFs) and infiltrate systems.

Read: https://thehackernews.com/2022/12/researchers-detail-new-attack-method-to.html

The method worked successfully against WAFs from vendors such as AWS, Cloudflare, F5, Imperva, and Palo Alto Networks

Hack-for-hire group Evilnum uses new Janicab malware variant to attack travel, legal and financial entities.

Read: https://thehackernews.com/2022/12/hack-for-hire-group-targets-travel-and.html

Cryptocurrency mining attacks against Linux systems are leveraging the open-source CHAOS remote access trojan to gain unauthorized access to the infected systems and mine cryptocurrencies.

Read: https://thehackernews.com/2022/12/cryptocurrency-mining-campaign-hits.html

U.S. Department of Health and Human Services (HHS) has issued a warning about ongoing ransomware attacks targeting healthcare entities in the country.

Read: https://thehackernews.com/2022/12/royal-ransomware-threat-takes-aim-at-us.html

Say goodbye to passwords!

Google is rolling out passkeys support to its stable version of Chrome web browser for Windows, Android and macOS.

Read: https://thehackernews.com/2022/12/google-adds-passkey-support-to-chrome.html

Stay secure and logged in with this next-generation login standard

Stay ahead of the curve and protect your business with the latest cybersecurity news and insights.

Follow our LinkedIn page and join our community for the most relevant and timely cybersecurity news and information.

https://www.linkedin.com/company/thehackernews/

Researchers have discovered new vulnerabilities in popular endpoint detection and response (EDR) and antivirus solutions (AV) that can be weaponized against users to carry out wiping attacks.

Read details: https://thehackernews.com/2022/12/researchers-demonstrate-how-edr-and.html