Cyber Security weekly hacker news January 4 – 10, 2022

Cyber Security weekly hacker news January 4 – 10, 2022
—— Contents ——
00:00 intro
00:25 PATCHES
00:28 Microsoft rolled out emergency fix for Y2k22 bug in Exchange servers
01:30 VMware fixed CVE-2021-22045 heap-overflow in Workstation, Fusion and ESXi
03:15 ATTACKS, VULNERABILITIES & UPDATES
03:19 NoReboot persistence technique fakes iPhone shutdown
05:42 Uber ignores vulnerability that lets you send any email from Uber.com
07:39 Unauthenticated RCE in H2 Database Console is similar to Log4Shell
11:23 FluBot malware continues to evolve. What’s new in Version 5.0 and beyond?
14:51 Alfer Microsoft, also SonicWall confirmed that its products were affected by Y2K22 bug
16:23 FIN7 group continues to target US companies with BadUSB devices
17:57 How to secure QNAP NAS devices? The vendor’s instructions
21:29 Threat actor targets VMware Horizon servers using Log4Shell exploits, UK NHS warns
24:36 Norton Crypto, the controversial cryptomining feature of Norton 360
26:35 Over 3.7 million accounts were compromised in the FlexBooker data breach
28:21 Night Sky, a new ransomware operation in the threat landscape
30:23 North Korea-linked Konni APT targets Russian diplomatic bodies
33:05 Threat actors stole 1.1 million customer accounts from 17 well-known companies
34:40 Google Docs comment feature abused in phishing campaign
36:37 Threat actors continue to exploit Log4j flaws in their attacks, Microsoft Warns
37:46 UScellular discloses the second data breach in a year
39:23 Attackers abused cloud video platform to inject an e-skimmer into 100 Real Estate sites
41:03 Purple Fox backdoor spreads through fake Telegram App installer
44:00 Hospitality Chain McMenamins discloses data breach after ransomware attack
45:05 Broward Health suffered a data breach that impacted +1.3 million people
46:09 ‘doorLock’ – A persistent denial of service flaw affecting iOS 15.2 – iOS 14.7
47:47 SEGA Europe left AWS S3 bucket unsecured exposing data and infrastructure to attack
48:43 Lapsus$ ransomware gang hits Impresa, Portugal’s largest media conglomerate
49:44 North Korea-linked threat actors stole $1.7 billion from cryptocurrency exchanges
50:46 OTHER SECURITY NEWS
50:52 France hits Google, Facebook with fines over ‘Cookies’ management
52:16 FTC warns legal action against businesses who fail to mitigate Log4J attacks
54:26 THANKS FOR WATCHING