🕵️‍♂️ Identifying malware families and decrypting HTTPS traffic are key to cyber investigations.

Learn how a MITM proxy can help analysts intercept and decode malicious communication.

Click to read more: https://thehackernews.com/2023/12/how-to-analyze-malwares-network-traffic.html

⚡️ Google boosts Android security with Clang sanitizers.

Meet "IntSan" and "BoundSan," designed to catch vulnerabilities in the cellular baseband.

Learn how these tools work: https://thehackernews.com/2023/12/google-using-clang-sanitizers-to.html

🚨 Alert: Don't fall for fake subscription notices.

BazaCall phishing attacks are evolving; scammers are now using #Google Forms to appear more credible.

Learn more: https://thehackernews.com/2023/12/bazacall-phishing-scammers-now.html

Microsoft takes down cybercriminal group Storm-1152, responsible for distributing 750 million fraudulent Microsoft accounts and tools.

Find details here: https://thehackernews.com/2023/12/microsoft-takes-legal-action-to-crack.html

🚨 A new hacker group, GambleForce, is behind a string of SQL injection attacks across Asia-Pacific. Learn how they use basic techniques to steal sensitive data.

Read more: https://thehackernews.com/2023/12/new-hacker-group-gambleforce-tageting.html

Iranian state-sponsored group OilRig deployed three new malware downloader (ODAgent, OilCheck, and OilBooster) in 2022 to maintain access to Israeli organizations.

Learn more: https://thehackernews.com/2023/12/iranian-state-sponsored-oilrig-group.html

⚠️ Warning: Russian SVR-linked APT29 targets unpatched JetBrains TeamCity servers using CVE-2023-42793, a vulnerability enabling remote code execution by unauthenticated attackers.

Details 👉 https://thehackernews.com/2023/12/russian-svr-linked-apt29-targets.html

🤖 Manual vs. automated network penetration testing: Which is better?

Find out the pros and cons of each method: https://thehackernews.com/2023/12/reimagining-network-pentesting-with.html

🚨Cybersecurity alert! 116 malicious packages discovered on PyPI repository, posing a threat to Windows and Linux systems.

Learn more: https://thehackernews.com/2023/12/116-malware-packages-found-on-pypi.html

These packages aim to compromise hosts with backdoors for remote control and data theft.

💻 Gaza Cyber Gang, a pro-Hamas threat actor, is using an updated backdoor malware called Pierogi++ to target Palestinian entities. Be cautious of suspicious documents in your inbox.

Read: https://thehackernews.com/2023/12/new-pierogi-malware-by-gaza-cyber-gang.html

🌐 A novel malware named NKAbuse has surfaced, utilizing blockchain technology for DDoS attacks. This decentralized protocol enables attackers to communicate and evade detection.

Learn more: https://thehackernews.com/2023/12/new-nkabuse-malware-exploits-nkn.html

🍪 Say goodbye to third-party cookies!

Starting Jan 4, 2024, 1% of Google Chrome users will get a new test feature called "Tracking Protection" to block third-party cookies by default.

Read: https://thehackernews.com/2023/12/googles-new-tracking-protection-in.html

Multiple security vulnerabilities have been found in the open-source pfSense firewall solution, potentially allowing attackers to execute arbitrary commands.

Read: https://thehackernews.com/2023/12/new-security-vulnerabilities-uncovered.html

Web applications are everywhere in our digital lives, but they're also prime targets for attackers.

Learn about the most common vulnerabilities and how to secure your apps.

Read: https://thehackernews.com/2023/12/bug-or-feature-hidden-web-application.html

Crypto hardware wallet maker Ledger faces a major software breach, resulting in the theft of $600,000+ worth of virtual assets.

Read details here: https://thehackernews.com/2023/12/crypto-hardware-wallet-ledgers-supply.html

A new powerful botnet, KV-botnet, is using compromised firewalls and routers (such as Cisco, DrayTek, Fortinet, and NETGEAR) to conduct covert data transfers.

Learn more about this: https://thehackernews.com/2023/12/new-kv-botnet-targeting-cisco-draytek.html

⚠️ Microsoft warns of "Storm-0539," a growing threat orchestrating gift card fraud via email and SMS phishing attacks during the holidays.

Learn more: https://thehackernews.com/2023/12/microsoft-warns-of-storm-0539-rising.html

Stay vigilant, don't become a victim.

China's MIIT unveils a color-coded system to tackle data security incidents:

🔴 especially significant
🟠 significant
🟡 large
🔵 general

Understand the criteria used for classification: https://thehackernews.com/2023/12/chinas-miit-introduces-color-coded.html

⚠️ Attention: MongoDB, the database software company, has disclosed a security breach with unauthorized access to corporate systems, potentially compromising customer account information.

Learn more: https://thehackernews.com/2023/12/mongodb-suffers-security-breach.html

CISA warns of severe risks from threat actors exploiting default passwords on internet-exposed systems.

Manufacturers urged to adopt secure by design principles and use unique setup passwords.

Learn more: https://thehackernews.com/2023/12/cisa-urges-manufacturers-eliminate.html