Researchers describe a new attack method that can bypass web application firewalls (WAFs) and infiltrate systems.

Read: https://thehackernews.com/2022/12/researchers-detail-new-attack-method-to.html

The method worked successfully against WAFs from vendors such as AWS, Cloudflare, F5, Imperva, and Palo Alto Networks

Hack-for-hire group Evilnum uses new Janicab malware variant to attack travel, legal and financial entities.

Read: https://thehackernews.com/2022/12/hack-for-hire-group-targets-travel-and.html

Cryptocurrency mining attacks against Linux systems are leveraging the open-source CHAOS remote access trojan to gain unauthorized access to the infected systems and mine cryptocurrencies.

Read: https://thehackernews.com/2022/12/cryptocurrency-mining-campaign-hits.html

U.S. Department of Health and Human Services (HHS) has issued a warning about ongoing ransomware attacks targeting healthcare entities in the country.

Read: https://thehackernews.com/2022/12/royal-ransomware-threat-takes-aim-at-us.html

Say goodbye to passwords!

Google is rolling out passkeys support to its stable version of Chrome web browser for Windows, Android and macOS.

Read: https://thehackernews.com/2022/12/google-adds-passkey-support-to-chrome.html

Stay secure and logged in with this next-generation login standard

Stay ahead of the curve and protect your business with the latest cybersecurity news and insights.

Follow our LinkedIn page and join our community for the most relevant and timely cybersecurity news and information.

https://www.linkedin.com/company/thehackernews/

Researchers have discovered new vulnerabilities in popular endpoint detection and response (EDR) and antivirus solutions (AV) that can be weaponized against users to carry out wiping attacks.

Read details: https://thehackernews.com/2022/12/researchers-demonstrate-how-edr-and.html

Urgent: Fortinet has issued emergency patches for a severe pre-auth RCE vulnerability (CVE-2022-42475) affecting its FortiOS SSL-VPN product that is being actively exploited in the wild.

Read: https://thehackernews.com/2022/12/fortinet-warns-of-active-exploitation.html

Ugh, not again! Multiple malware campaigns discovered targeting Python and JavaScript developers via the official PyPI and npm repositories.

Read: https://thehackernews.com/2022/12/malware-strains-targeting-python-and.html

Cybersecurity researchers have unveiled the inner workings of a devastating new ransomware known as Azov, designed to corrupt data and inflict "impeccable damage" on compromised systems.

Read: https://thehackernews.com/2022/12/cybersecurity-experts-uncover-inner.html

This severe vulnerability affecting the Amazon ECR Public Gallery may have opened the repositories to potential "deep #software supply chain" attacks.

Read: https://thehackernews.com/2022/12/serious-attacks-could-have-been-staged.html

Google launches open source availability of OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about various projects.

Read: https://thehackernews.com/2022/12/google-launches-largest-distributed.html

⚡ Zero-day vulnerability alert!

Apple has released security updates to patch a new "actively exploited" 0-day code execution vulnerability.

Make sure to update your iOS, iPadOS, macOS, tvOS, and Safari to keep your devices secure.

https://thehackernews.com/2022/12/new-actively-exploited-zero-day.html

Warning: Hackers are exploiting a new critical zero-day RCE vulnerability (CVE-2022-27518) in Citrix ADC & Gateway to gain control of affected systems.

https://thehackernews.com/2022/12/hackers-actively-exploiting-citrix-adc.html

It is important that users apply latest security patches immediately to protect against this threat.

⚡ Stay protected against new vulnerabilities and zero-day attacks by ensuring your devices are up to date with the latest December 2022 Patch Tuesday security updates from Microsoft, Adobe, Apple, Cisco and other major vendors.

https://thehackernews.com/2022/12/december-2022-patch-tuesday-get-latest.html

Researchers reveal attackers use legitimate Microsoft-signed drivers in ransomware and malware campaigns against various companies

Read: https://thehackernews.com/2022/12/ransomware-attackers-use-microsoft.html

New Go-Based "GoTrim" Botnet Threatens WordPress Sites: Protect Your Admin Account Now!

Details: https://thehackernews.com/2022/12/new-gotrim-botnet-attempting-to-break.html

FBI has charged 6 individuals and seized 48 domains linked to DDoS-for-hire service platforms.

Read: https://thehackernews.com/2022/12/fbi-charges-6-seizes-48-domains-linked.html

Have you heard about how attackers can use SVG files to secretly sneak QBot malware onto Windows systems?

Read this report for more details: https://thehackernews.com/2022/12/hacking-using-svg-files-to-smuggle-qbot.html

Open source repositories under attack: hackers flood NuGet, NPM, and PyPi with over 144,000 malicious packages

Details: https://thehackernews.com/2022/12/hackers-bombard-open-source.html