This severe vulnerability affecting the Amazon ECR Public Gallery may have opened the repositories to potential "deep #software supply chain" attacks.

Read: https://thehackernews.com/2022/12/serious-attacks-could-have-been-staged.html

Google launches open source availability of OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about various projects.

Read: https://thehackernews.com/2022/12/google-launches-largest-distributed.html

⚡ Zero-day vulnerability alert!

Apple has released security updates to patch a new "actively exploited" 0-day code execution vulnerability.

Make sure to update your iOS, iPadOS, macOS, tvOS, and Safari to keep your devices secure.

https://thehackernews.com/2022/12/new-actively-exploited-zero-day.html

Warning: Hackers are exploiting a new critical zero-day RCE vulnerability (CVE-2022-27518) in Citrix ADC & Gateway to gain control of affected systems.

https://thehackernews.com/2022/12/hackers-actively-exploiting-citrix-adc.html

It is important that users apply latest security patches immediately to protect against this threat.

⚡ Stay protected against new vulnerabilities and zero-day attacks by ensuring your devices are up to date with the latest December 2022 Patch Tuesday security updates from Microsoft, Adobe, Apple, Cisco and other major vendors.

https://thehackernews.com/2022/12/december-2022-patch-tuesday-get-latest.html

Researchers reveal attackers use legitimate Microsoft-signed drivers in ransomware and malware campaigns against various companies

Read: https://thehackernews.com/2022/12/ransomware-attackers-use-microsoft.html

New Go-Based "GoTrim" Botnet Threatens WordPress Sites: Protect Your Admin Account Now!

Details: https://thehackernews.com/2022/12/new-gotrim-botnet-attempting-to-break.html

FBI has charged 6 individuals and seized 48 domains linked to DDoS-for-hire service platforms.

Read: https://thehackernews.com/2022/12/fbi-charges-6-seizes-48-domains-linked.html

Have you heard about how attackers can use SVG files to secretly sneak QBot malware onto Windows systems?

Read this report for more details: https://thehackernews.com/2022/12/hacking-using-svg-files-to-smuggle-qbot.html

Open source repositories under attack: hackers flood NuGet, NPM, and PyPi with over 144,000 malicious packages

Details: https://thehackernews.com/2022/12/hackers-bombard-open-source.html

MoneyMonger!

Be on alert for a new Android malware campaign using money-lending apps to blackmail victims with stolen personal information.

Read: https://thehackernews.com/2022/12/android-malware-campaign-leverages.html

Windows users, beware!

Microsoft has reclassified SPNEGO Extended Negotiation Security vulnerability as CRITICAL because it can be exploited to perform RCE attacks via Windows app protocols that use authentication, such as HTTP, SMB, and RDP.

https://thehackernews.com/2022/12/microsoft-reclassifies-spnego-extended.html

GitHub is making its secret scanning service available for free to all public repositories and also plans to require 2-factor authentication for "distinct groups of users."

Read: https://thehackernews.com/2022/12/github-announces-free-secret-scanning.html

U.S. cybersecurity agency CISA has added two critical vulnerabilities in Veeam Backup & Replication software to its list of known exploited vulnerabilities, as they are actively being exploited in attacks.

Details: https://thehackernews.com/2022/12/cisa-alert-veeam-backup-and-replication.html

NIST has formally retired the widely used 27-year-old SHA-1 cryptographic algorithm, bringing cryptographic security into the modern age.

Read: https://thehackernews.com/2022/12/goodbye-sha-1-nist-retires-27-year-old.html

Microsoft has identified a cross-platform botnet malware that is targeting private Minecraft servers with DDoS attacks.

Details: https://thehackernews.com/2022/12/minecraft-servers-under-attack.html

Chinese MirrorFace APT hacker group has been blamed for a malicious campaign aimed at Japanese political entities.

Read: https://thehackernews.com/2022/12/researchers-uncover-mirrorface-cyber.html

A former Twitter employee has been sentenced to three and a half years in prison for spying on data about certain individuals and passing it on to the Saudi government.

Read: https://thehackernews.com/2022/12/ex-twitter-employee-gets-35-years-jail.html

Researchers have uncovered a new cyberattack campaign targeting Ukrainian government entities via trojanized Windows 10 operating system installers to perform post-exploitation activities.

Read: https://thehackernews.com/2022/12/trojanized-windows-10-installer-used-in.html

Multiple high-severity vulnerabilities [CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, CVE-2022-45141] have been discovered in Samba software that could potentially allow hackers to gain control of the affected systems.

Read: https://thehackernews.com/2022/12/samba-issues-security-updates-to-patch.html