🔥 Gmail just got a whole lot more secure with Google's new Client-Side Encryption!

With the new feature, emails are encrypted on your end before they are sent, providing an extra layer of protection against cyberattacks and surveillance.

https://thehackernews.com/2022/12/gmail-encryption.html

#privacy #tech

Facebook has taken steps to disrupt accounts and infrastructure operated by spyware vendors from a number of countries, including the United States, China, Russia, Israel, and India, targeting individuals in about 200 countries.

Read: https://thehackernews.com/2022/12/facebook-cracks-down-on-spyware-vendors.html

Agenda ransomware joins the growing list of malware strains written in cross-platform Rust programming language.

Read: https://thehackernews.com/2022/12/new-agenda-ransomware-variant-written.html

Despite Google's efforts to disrupt the blockchain-based Glupteba botnet in the past, the operators resurfaced in June 2022 with a new and more sophisticated malware campaign.

Read: https://thehackernews.com/2022/12/glupteba-botnet-continues-to-thrive.html

A malicious PyPI package pretending to be an SDK for SentinelOne has been discovered, leading to a data theft campaign called SentinelSneak.

Read details: https://thehackernews.com/2022/12/researchers-discover-malicious-pypi.html

New findings suggest that the KmsdBot botnet is potentially acting as a DDoS-for-hire service for cybercriminals.

READ: https://thehackernews.com/2022/12/kmsdbot-botnet-suspected-of-being-used.html

Epic Games, the creator of the popular game Fortnite, has been fined $275 million by FTC for violating children's privacy laws.

READ: https://thehackernews.com/2022/12/ftc-fines-fortnite-maker-epic-games-275.html

It has also been ordered to refund $245 million to customers who were tricked into making accidental purchases.

Microsoft discloses details of a recently reported Gatekeeper bypass vulnerability [CVE-2022-42821] in Apple macOS that could allow attackers to bypass security measures and run malicious applications.

Read details: https://thehackernews.com/2022/12/microsoft-details-gatekeeper-bypass.html

CERT-UA warns of a cyber attack targeting users of the DELTA military system via a compromised email account at the Ministry of Defense, infecting them with information stealing malware.

Read: https://thehackernews.com/2022/12/ukraines-delta-military-system-users.html

Ransomware attackers are using a new exploit called "OWASSRF" to bypass Microsoft's security measures for the Exchange ProxyNotShell remote code execution #vulnerability.

Read: https://thehackernews.com/2022/12/ransomware-hackers-using-new-way-to.html

Researchers warn against the GodFather Android banking trojan that's targeting users of over 400 banking and cryptocurrency apps in 16 countries.

Read: https://thehackernews.com/2022/12/godfather-android-banking-trojan.html

Okta, a renowned provider of identity and access management solutions, recently discovered that some of its source code repositories on GitHub had been compromised earlier in the month.

Read: https://thehackernews.com/2022/12/hackers-breach-oktas-github.html

Microsoft has issued a warning about the Zerobot Go-based botnet malware, which is constantly evolving and has recently gained some new exploits and capabilities to attack IoT devices and web applications.

Read: https://thehackernews.com/2022/12/zerobot-botnet-emerges-as-growing.html

Researchers have identified two security vulnerabilities in the Ghost blogging platform, one of which allows hackers to gain higher privileges by sending malicious HTTP requests.

Read: https://thehackernews.com/2022/12/two-new-security-flaws-reported-in.html

⚡ A new detailed analysis of FIN7 cybercrime syndicate has revealed its organizational hierarchy and role as a partner in various ransomware attacks, including DarkSide, REvil, and LockBit.

Read details: https://thehackernews.com/2022/12/fin7-cybercrime-syndicate-emerges-as.html

The August 2022 security breach at popular password management service LastPass was worse than originally reported, with hackers obtained a trove of personal data, including encrypted password vaults.

Read: https://thehackernews.com/2022/12/lastpass-admits-to-severe-data-breach.html

French privacy watchdog fines Microsoft Ireland €60 million for placing advertising cookies on users' computers without explicit consent.

Read: https://thehackernews.com/2022/12/france-fines-microsoft-60-million-for.html

Vice Society ransomware group has switched to a new custom payload called 'PolyVice" that uses robust encryption with NTRUEncrypt and ChaCha20-Poly1305.

Read: https://thehackernews.com/2022/12/vice-society-ransomware-attackers-adopt.html

Researchers have uncovered a new phishing campaign targeting the Kavach two-factor authentication solution used by Indian government officials.

Read details: https://thehackernews.com/2022/12/researchers-warn-of-kavach-2fa-phishing.html

FrodoPIR — A new privacy-focused system that allows clients to securely query a database without revealing query information to an untrusted server, making it useful for a range of apps, including safe browsing, breached password checks, and more.

https://thehackernews.com/2022/12/frodopir-new-privacy-focused-database.html