Researchers report two vulnerabilities in Samsung's Galaxy Store app that could be exploited to secretly install malicious apps or redirect users to fake landing pages on the Internet.

Read details: https://thehackernews.com/2023/01/samsung-galaxy-store-app-found.html

Over the next few months, millions of people around the world will have access to end-to-end encrypted chats on Facebook Messenger, as well as access to new additional features.

Read details: https://thehackernews.com/2023/01/facebook-introduces-new-features-for.html

Apple has released updates for a security vulnerability in Webkit that affects older iPhone & iPad devices.

Read: https://thehackernews.com/2023/01/apple-issues-updates-for-older-devices.html

This vulnerability is currently being exploited, so it is important to update your device immediately.

Cybercriminals are always evolving their tactics, and the Emotet operation is no exception.

Emotet malware now using new tactics to fly under the radar and act as a conduit for other dangerous malware like Bumblebee and IcedID.

Read: https://thehackernews.com/2023/01/emotet-malware-makes-comeback-with-new.html

FBI has confirmed that the North Korean state-sponsored hacking group known as Lazarus Group and APT38 are responsible for the theft of $100 million in cryptocurrency assets from Harmony Horizon Bridge.

Details: https://thehackernews.com/2023/01/fbi-says-north-korean-hackers-behind.html

Chinese-speaking actor behind DragonSpark attacks targeting organizations in East Asia using Golang malware and unusual techniques to evade detection.

Read details: https://thehackernews.com/2023/01/chinese-hackers-utilize-golang-malware.html

VMware releases patch for 4 vulnerabilities in vRealize Log Insight, including 2 critical flaws (CVE-2022-31706 and CVE-2022-31704) that could lead to remote code execution attacks.

Read details: https://thehackernews.com/2023/01/vmware-releases-patches-for-critical.html

LastPass’ parent company GoTo (formerly LogMeIn) has experienced a data breach in which cybercriminals stole customers' encrypted backups and an encryption key used to secure data for some customers.

Read: https://thehackernews.com/2023/01/lastpass-parent-company-goto-suffers.html

North Korean group APT38 is targeting cryptocurrency holders by using credential harvesting as a new weapon in its quest for crypto riches.

Read details: https://thehackernews.com/2023/01/north-korean-hackers-turn-to-credential.html

Warning: A massive malware campaign has infected more than 4,500 WordPress websites and is redirecting their visitors to sketchy ad pages.

Read: https://thehackernews.com/2023/01/over-4500-wordpress-sites-hacked-to.html

Keep your website secure and always be cautious of suspicious links.

ALERT: Two federal agencies in the U.S. have fallen victim to a widespread malicious campaign using RMM software for phishing scams.

Read details: https://thehackernews.com/2023/01/us-federal-agencies-fall-victim-to.html

New research has uncovered connections between the operations of Moses Staff and Abraham's Ax, two politically motivated hacktivist groups.

Read details: https://thehackernews.com/2023/01/researchers-uncover-connection-bw-moses.html

Researchers have released proof-of-concept exploit code for a high-severity security vulnerability (CVE-2022-34689) in the Windows CryptoAPI, which was discovered by the NSA and NCSC.

Read details: https://thehackernews.com/2023/01/researchers-release-poc-exploit-for.html

Researchers have identified a new Python-based malware that uses WebSockets for both command and control communication and data exfiltration.

Read details: https://thehackernews.com/2023/01/pyration-new-python-based-rat-utilizes.html

Google shuts down pro-Chinese influence operation DRAGONBRIDGE, with over 50,000 instances of activity dismantled in 2022.

Read: https://thehackernews.com/2023/01/google-takes-down-50000-instances-of.html

🔥 Victory against cybercrime!

International law enforcement agencies have taken down the infrastructure behind the HIVE ransomware-as-a-service operation in a joint effort across 13 countries.

Details: https://thehackernews.com/2023/01/hive-ransomware-infrastructure-seized.html

U.K.'s cybersecurity agency has issued a warning about cyberattacks by Russian & Iranian state-sponsored hacker groups targeting key sectors, including defense, government organizations & even academia, journalists, think tanks and activists.

https://thehackernews.com/2023/01/british-cyber-agency-warns-of-russian.html

PlugX just got sneakier!

Cybersecurity researchers uncover a new variant that infects attached USB media devices to spread the malware to other systems.

Read details: https://thehackernews.com/2023/01/researchers-discover-new-plugx-malware.html

Cybersecurity researchers have uncovered the true identity of the threat actor behind the Golden Chickens malware-as-a-service.

Read details: https://thehackernews.com/2023/01/experts-uncover-identity-of-mastermind.html

Ukraine is under attack from a new Golang-based data wiper malware called "SwiftSlicer." The attackers have been identified as Sandworm, a known nation-state group with ties to the Russian military.

Read: https://thehackernews.com/2023/01/ukraine-hit-with-new-golang-based.html

The Internet Systems Consortium (ISC) has released security patches for multiple new vulnerabilities in the BIND DNS software suite that could lead to a DoS condition and system failures.

Read: https://thehackernews.com/2023/01/isc-releases-security-patches-for-new.html