A number of vulnerabilities reported in Eltima SDK made several Cloud services vulnerable to privilege escalation attacks.

Read: https://thehackernews.com/2021/12/eltima-sdk-contain-multiple.html

QNAP has released a new advisory warning its customers about a new cryptocurrency mining malware targeting NAS devices and advising them to take preventative measures as soon as possible.

Read details — https://thehackernews.com/2021/12/warning-yet-another-bitcoin-mining.html

Trickbot botnet infected over 140,000 computers worldwide within months of helping the Emotet malware get back into action.

Read details: https://thehackernews.com/2021/12/140000-reasons-why-emotet-is.html

Google disrupts a sophisticated blockchain-based botnet — dubbed Glupteba — that affected more than 1 MILLION computers around the world, and sues two Russian hackers believed to be behind the attack.

Read details: https://thehackernews.com/2021/12/google-disrupts-blockchain-based.html

SonicWall urges customers to immediately patch/update their SMA 100 series appliances to the latest version in order to prevent exploitation of newly discovered multiple critical & high-severity security vulnerabilities.

Details: https://thehackernews.com/2021/12/sonicwall-urges-customers-to.html

A number of malicious NPM javascript packages in the open-source repository have been caught hijacking Discord servers.

Read: https://thehackernews.com/2021/12/over-dozen-malicious-npm-packages.html

Researchers have discovered at least 300,000 IP addresses associated with vulnerable MikroTik network devices that can be hacked remotely using previously known critical vulnerabilities.

Read details: https://thehackernews.com/2021/12/over-300000-mikrotik-devices-found.html

Russian government has blocked Tor privacy service as part of its latest move towards censorship.

Read details: https://thehackernews.com/2021/12/russia-blocks-tor-privacy-service-in.html

ALERT! In a massive ongoing cyber attack, nearly 1.6 million WordPress websites were hit with 13.7 million malicious requests from over 16,000 different IP addresses.

Read details: https://thehackernews.com/2021/12/16-million-wordpress-sites-under.html

Researchers have spotted a new Rust-based "very sophisticated #ransomware" — dubbed BlackCat — in the wild.

Read details: https://thehackernews.com/2021/12/blackcat-new-rust-based-ransomware.html

Log4Shell / CVE-2021-44228 / CVSS 10

A new highly critical RCE vulnerability in the Java-based Log4J logging library affects a large number of applications and services on the Internet.

Details — https://thehackernews.com/2021/12/extremely-critical-log4j-vulnerability.html

Several hackers are actively weaponizing unpatched servers affected by the recently disclosed "Log4Shell" vulnerability in Apache Log4j to install cryptocurrency miners, Cobalt Strike, and recruit the devices into a botnet.

Details: https://thehackernews.com/2021/12/apache-log4j-vulnerability-log4shell.html

Microsoft describes the "distinct building blocks" of the decade-old but still widely used banking malware Qakbot to proactively and effectively detect and block the threat.

Read details: https://thehackernews.com/2021/12/microsoft-details-building-blocks-of.html

Researchers warn of the rise of Karakurt, a new hacking group focused on data theft and extortion.

Read details: https://thehackernews.com/2021/12/karakurt-new-emerging-data-theft-and.html

⚡ALERT — Update your Google Chrome web browser for Windows, Mac, and Linux immediately to patch a new zero-day vulnerability — 17th this year — discovered in the wild along with 4 others.

Read details: https://thehackernews.com/2021/12/update-google-chrome-to-patch-new-zero.html

Apple has released a new iOS update for iPhones to patch several critical security issues, including an exploit chain for a recently demonstrated remote jailbreak attack.

Read details: https://thehackernews.com/2021/12/latest-apple-ios-update-patches-remote.html

A ransomware affiliate has been arrested in Romania, and in Ukraine, 51 people have been arrested for selling stolen personal data of 300 million users.

Read details: https://thehackernews.com/2021/12/ransomware-affiliate-arrested-in.html

Hackers have begun exploiting the latest Log4j vulnerability to infect Windows computers with the Khonsari ransomware.

Read details: https://thehackernews.com/2021/12/hackers-exploit-log4j-vulnerability-to.html

URGENT: Apache Foundation has issued a new patch (CVE-2021-45046) for Log4j utility after the previous patch for the recently disclosed Log4Shell exploit (CVE-2021-44228) was deemed incomplete in certain non-default configurations.

Details: https://thehackernews.com/2021/12/second-log4j-vulnerability-cve-2021.html

Time to update your windows for the last time this year (probably!).

Microsoft releases latest Windows security updates to patch several newly discovered flaws, including a new 0-day that attackers are exploiting to spread the Emotet malware.

https://thehackernews.com/2021/12/microsoft-issues-windows-update-to.html