⚠️ IMPORTANT

A set ("5Ghoul") of new major security flaws in 📡 5G mobile network modems impact 714 smartphones models from all major brands—including Apple, Samsung, Google, Xiaomi, OnePlus and more.

Details on 5Ghoul here: https://thehackernews.com/2023/12/new-5g-modems-flaws-affect-ios-devices.html

🔒💻 Experts unveil new evasion tactics of GuLoader malware, a sophisticated shellcode-based downloader for dangerous payloads.

Learn more ➡️ https://thehackernews.com/2023/12/researchers-unveal-guloader-malwares.html

🛡️ 🔒 New Spectre-based side-channel attack SLAM threatens Intel, AMD, and Arm CPUs, potentially leaking sensitive data from kernel memory.

Learn more about SLAM attack : https://thehackernews.com/2023/12/slam-attack-new-spectre-based.html

New process injection technique called "PoolParty" discovered, enabling undetected code execution on Windows systems by bypassing top EDR systems.

Learn more: https://thehackernews.com/2023/12/new-poolparty-process-injection.html

🚨 Beware of Malicious Loan Apps!

18 deceptive Android loan apps on Google Play Store, downloaded 12M+ times. They offer high-interest loans and collect your personal info for blackmail.

Read details here: https://thehackernews.com/2023/12/spyloan-scandal-18-malicious-loan-apps.html

Ever wondered why Social Engineering works so well?

Discover the "Psychology of Social Engineering" in our upcoming WEBINAR. Dive deep into a hacker's mind with expert Tim Chase.!

Don't miss out. Register now: https://thehackernews.com/2023/12/webinar-psychology-of-social.html

Your first 100 days as a vCISO are crucial. Learn how to succeed with our 5-step action plan. Explore vCISO goals, pitfalls to avoid, and key activities for each phase.

Read: https://thehackernews.com/2023/12/playbook-your-first-100-days-as-vciso-5.html

Lazarus Group's new campaign, Operation Blacksmith, utilizes Log4j exploits to deploy Remote Access Trojans (RATs), including NineRAT and DLRAT.

🔗 Read the full article: https://thehackernews.com/2023/12/lazarus-group-using-log4j-exploits-to.html

🚨 Tactical overlaps discovered between APT Sandman and China-based threat cluster using KEYPLUG backdoor.

Find details in this article: https://thehackernews.com/2023/12/researchers-unmask-sandman-apts-hidden.html

⚠️ Urgent Update: Apache warns of a critical RCE flaw in Struts 2 web app framework (CVE-2023-50164) that could lead to remote code execution.

Find details here: https://thehackernews.com/2023/12/new-critical-rce-vulnerability.html

Upgrade to patched versions now to prevent potential breaches.

🔒 Apple released patches for multiple vulnerabilities in iOS, iPadOS, macOS, tvOS, watchOS, and Safari—and also backported fixes for two recently disclosed zero-day vulnerabilities to older devices.

Get details here: https://thehackernews.com/2023/12/apple-releases-security-updates-to.html

Alert: New malware campaign spreading MrAnon Stealer, a Python-based malware, via fake hotel booking PDFs.

Learn more: https://thehackernews.com/2023/12/new-mranon-stealer-targeting-german-it.html

It steals credentials, system info, browser sessions, and cryptocurrency extensions.

🕵️‍♂️ 2023 has witnessed 11 high-profile attacks in just 13 months, all exploiting non-human access.

Find out why non-human identities are the new perimeter: https://thehackernews.com/2023/12/non-human-access-is-path-of-least.html

APT28, a Russian threat actor, is using Israel-Hamas war-related lures to distribute the HeadLace backdoor. This targeted campaign affects 13 nations globally.

Read: https://thehackernews.com/2023/12/russian-apt28-hackers-targeting-13.html

Hacking incidents in healthcare have tripled from 2018 to 2022. To defend against cyberthreats, organizations should adopt an attacker's mindset, focusing on asset inventory and monitoring.

Learn how attackers operate in the digital age: https://thehackernews.com/2023/12/unveiling-cyber-threats-to-healthcare.html

🛡️ Microsoft's final Patch Tuesday of 2023 is here, addressing 33 software flaws.

This release includes 4 Critical and 29 Important fixes, making it one of the lightest in recent years.

Read: https://thehackernews.com/2023/12/microsofts-final-2023-patch-tuesday-33.html

🚨 Ukraine's largest telecom operator, 📡 Kyivstar, hit by a cyberattack, disrupting mobile and internet services.

Read more about this here: https://thehackernews.com/2023/12/major-cyber-attack-paralyzes-kyivstar.html

Microsoft warns that adversaries are using OAuth apps for cryptocurrency mining and phishing attacks, enabling them to maintain access even after losing your account.

Details here: https://thehackernews.com/2023/12/microsoft-warns-of-hackers-exploiting.html

Protect yourself with multi-factor authentication and regular audits.

🕵️‍♂️ Identifying malware families and decrypting HTTPS traffic are key to cyber investigations.

Learn how a MITM proxy can help analysts intercept and decode malicious communication.

Click to read more: https://thehackernews.com/2023/12/how-to-analyze-malwares-network-traffic.html

⚡️ Google boosts Android security with Clang sanitizers.

Meet "IntSan" and "BoundSan," designed to catch vulnerabilities in the cellular baseband.

Learn how these tools work: https://thehackernews.com/2023/12/google-using-clang-sanitizers-to.html