Panasonic suffers a data breach following a hack of its network and file servers.

https://thehackernews.com/2021/11/panasonic-suffers-data-breach-after.html

F-secure researchers discover a critical WORMABLE security vulnerability (CVE-2021-39238) in hundreds of different HP Printers.

-🖨️-🖨️-🖨️-🖨️-🖨️-🖨️-🖨️-

Read details: https://thehackernews.com/2021/11/critical-wormable-security-flaw-found.html

⚡IMPORTANT — Updated Twitter Safety policy prohibits users from posting private photos and videos of people without their consent.

Read details: https://thehackernews.com/2021/11/twitter-bans-users-from-posting-private.html

A 22-year-old hacker, sixth member of an international hacking group called "The Community," has been jailed for stealing millions in cryptocurrency through SIM hijacking attacks.

Details: https://thehackernews.com/2021/12/hacker-jailed-for-stealing-millions-of.html

Researchers have observed that several hackers are increasingly using the "RTF Template Injection" method in widespread phishing attacks that enable decoy documents to retrieve malicious content from remote URLs.

Details: https://thehackernews.com/2021/12/hackers-increasingly-using-rtf-template.html

A new botnet malware exploits a previously known unpatched vulnerability in AT&T Network Edge devices to launch DDoS attacks and collect sensitive information about U.S. companies.

Details: https://thehackernews.com/2021/12/new-ewdoor-botnet-targeting-unpatched.html

A critical vulnerability in Mozilla's cross-platform Network Security Services (NSS) cryptographic library potentially affects a number of #software, including email clients & PDF viewers, such as Thunderbird, LibreOffice, Evolution.

Details: https://thehackernews.com/2021/12/critical-bug-in-mozillas-nss-crypto.html

A Russian national has been sentenced to 60 months in prison for providing bulletproof hosting to cybercriminals, who used the platform to spread malware and attack financial institutions and organizations in the U.S. from 2009 to 2015.

Read: https://thehackernews.com/2021/12/russian-man-gets-60-months-jail-for.html

Meta is expanded the scope of its Facebook Protect security program to include human rights defenders, activists, journalists and government officials who are more likely to be targeted by malicious actors on social media.

Details: https://thehackernews.com/2021/12/meta-expands-facebook-protect-program.html

The FBI and CISA are warning about active exploitation of a recently disclosed critical RCE #vulnerability in Zoho's ManageEngine ServiceDesk Plus in order to deploy web shells and perform a variety of malicious activities.

Details: https://thehackernews.com/2021/12/cisa-warns-of-actively-exploited.html

⚡A new Linux malware infection has been discovered that steals payment data from e-commerce websites and hides in a legitimate NGINX process on the compromised servers.

Read details: https://thehackernews.com/2021/12/new-payment-data-sealing-malware-hides.html

A new group of hackers known as "Magnat" is using malvertising campaigns to spread new malware families with information stealers, backdoors, and malicious Google Chrome extensions.

Read details: https://thehackernews.com/2021/12/new-malvertising-campaigns-spreading.html

Researchers uncover new strategies and tools used by Pakistani SideCopy APT hackers to target the Indian and Afghan governments.

Read details: https://thehackernews.com/2021/12/researchers-detail-how-pakistani.html

Zoho is warning its customers about another critical authentication bypass vulnerability (CVE-2021-44515) that is being actively exploited and affects ManageEngine Desktop Central MSP software.

Read details: https://thehackernews.com/2021/12/warning-yet-another-zoho-manageengine.html

XS -Leaks!!!

14 new types of cross-site data leakage attacks have been discovered against a number of modern web browsers, including Tor Browser, Mozilla Firefox, Google Chrome, Microsoft Edge, Apple Safari and Opera.

Read details: https://thehackernews.com/2021/12/14-new-xs-leaks-cross-site-leaks.html

Hackers stole more than $180 million worth of cryptocurrency tokens from Bitmart Exchange using compromised privacy keys.

Details: https://thehackernews.com/2021/12/hackers-steal-200-million-worth-of.html

Researchers warn of malicious KMSPico Windows Activators circulating the internet and aiming to steal cryptocurrency wallet credentials.

Read details: https://thehackernews.com/2021/12/malicious-kmspico-windows-activator.html

Latest Firefox 95 version includes a new sandboxing technology called RLBox that protects the browser from untrusted code and other security vulnerabilities.

Details: https://thehackernews.com/2021/12/latest-firefox-95-includes-rlbox.html

With the help of a court order, Microsoft has successfully seized 42 domain names used by a Chinese hacking group to launch cyberespionage attacks against organizations in the US and 28 other countries.

Read details: https://thehackernews.com/2021/12/microsoft-seizes-42-malicious-web.html

The Russian hacking group that attacked SolarWinds last year is targeting businesses and government entities worldwide.

Read details: https://thehackernews.com/2021/12/solarwinds-hackers-targeting-government.html