A previously undocumented malware packer named DTPacker has been observed distributing multiple RATs and information stealers such as Agent Tesla, Ave Maria, AsyncRAT, and FormBook.

Read details: https://thehackernews.com/2022/01/hackers-using-new-malware-packer.htm

Android banking malware BRATA has been updated with new features that grants it the ability to track device locations and even perform a factory reset in an apparent bid to cover up fraudulent wire transfers.

Read: https://thehackernews.com/2022/01/mobile-banking-trojan-brata-gains-new.html

Researchers discover that TrickBot malware now uses new techniques to evade web injection attacks.

Read: https://thehackernews.com/2022/01/trickbot-malware-using-new-techniques.html

Researchers uncover a new espionage campaign in which attackers are exploiting a critical MSHTML vulnerability to target high-level government officials and defense industry figures in West Asia.

Read details: https://thehackernews.com/2022/01/hackers-exploited-mshtml-flaw-to-spy-on.html

A 12-year-old vulnerability (CVE-2021-4034) has been discovered in the Polkit utility that could allow unprivileged attackers to gain root access to targeted Linux systems.

Details: https://thehackernews.com/2022/01/12-year-old-polkit-flaw-lets.html

Google abandons FLoC, its controversial plan to replace 3rd-party cookies, in favor of a new Privacy Sandbox proposal called "Topics API" that categorizes users' browsing habits into about 350 topics for online ads.

Read details: https://thehackernews.com/2022/01/google-drops-floc-and-introduces-topics.html

Researchers link an initial access broker (tracked as "Prophet Spider") to recent Log4Shell attacks on unpatched VMware Horizon servers.

Read details: https://thehackernews.com/2022/01/initial-access-broker-involved-in.html

Apple releases iOS 15.3 and macOS Monterey 12.2 with a fix for Safari's privacy-defeating bug as well as a patch for an actively exploited zero-day vulnerability.

Read details: https://thehackernews.com/2022/01/apple-releases-ios-and-ipados-updates.html

Hackers have been spotted using a new evasion technique for spreading the AsyncRAT Trojan as part of a sophisticated malware campaign.

https://thehackernews.com/2022/01/hackers-using-new-evasive-technique-to.html

Researchers warn of widespread malware campaigns spreading FluBot and TeaBot trojans to Android devices.

Read: https://thehackernews.com/2022/01/widespread-flubot-and-teabot-malware.html

Hackers compromise hundreds of WordPress websites to distribute Chaes banking trojan that hijacks victims' Chrome browsers with malicious extensions.

https://thehackernews.com/2022/01/chaes-banking-trojan-hijacks-chrome.html

QNAP warns of DeadBolt ransomware targeting Internet-facing network-attached storage (NAS) appliances and routers.

Read: https://thehackernews.com/2022/01/qnap-warns-of-deadbolt-ransomware.html

Microsoft fended off a record-breaking DDoS attack that hit Azure customers at a peak of 3.47 terabits per second, and two others that topped 2.4 terabits per second.

Read details: https://thehackernews.com/2022/01/microsoft-mitigated-record-breaking-347.html

North Korean hackers are back with a stealthier version of their KONNI RAT malware.

Read details: https://thehackernews.com/2022/01/north-korean-hackers-return-with.html

North Korean hackers from the Lazarus group are using Windows Update Service to infect computers with malware and GitHub as a command-and-control server.

Read details: https://thehackernews.com/2022/01/north-korean-hackers-using-windows.html

Microsoft warns of a large-scale, multi-stage phishing campaign that uses stolen credentials to register rouge devices on a victim's network to further propagate spam emails and increase the infection pool.

Read details: https://thehackernews.com/2022/01/hackers-using-device-registration-trick.html

DeepDotWeb news site operator has been sentenced to 8 years in prison for money laundering and advertising illegal darknet marketplaces.

Details: https://thehackernews.com/2022/01/deepdotweb-news-site-operator-sentenced.html

Apple pays a $100,500 bug bounty to a hacker who found a way to remotely hack the MacBook's webcam.

Read details: https://thehackernews.com/2022/01/apple-pays-100500-bounty-to-hacker-who.html

Researchers have found a way to use natural silk fibers from domesticated silkworms as a Physical Unclonable Function (PUF) to generate secure and unique identifiers for strong authentication (e.g., cryptographic keys).

Read details: https://thehackernews.com/2022/01/researchers-use-natural-silk-fibers-to.html

German court rules that websites embedding fonts from Google servers violate GDPR, and must pay €100 in damages for passing a user's personal data — i.e. IP address — to Google without consent.

Read details: https://thehackernews.com/2022/01/german-court-rules-websites-embedding.html