3741

Mobile banking fraud: BRATA strikes again
https://www.cleafy.com/cleafy-labs/mobile-banking-fraud-brata-strikes-again

3742

14 new attacks on web browsers detected
https://news.rub.de/english/press-releases/2021-12-02-it-security-14-new-attacks-web-browsers-detected
https://xsinator.com/
https://xsinator.com/paper.pdf

3743

Is “KAX17” performing de-anonymization Attacks against Tor Users?
https://nusenu.medium.com/is-kax17-performing-de-anonymization-attacks-against-tor-users-42e566defce8

3744

Suspected Russian Activity Targeting Government and Business Entities Around the Globe
https://www.mandiant.com/resources/russian-targeting-gov-business

3745

Protecting people from recent cyberattacks
https://blogs.microsoft.com/on-the-issues/2021/12/06/cyberattacks-nickel-dcu-china/

3746

Windows 10 RCE: The exploit is in the link
https://positive.security/blog/ms-officecmd-rce

3747

Mirai-based Botnet - Moobot Targets Hikvision Vulnerability
https://www.fortinet.com/blog/threat-research/mirai-based-botnet-moobot-targets-hikvision-vulnerability

3748

Disrupting the Glupteba operation
https://blog.google/threat-analysis-group/disrupting-glupteba-operation/

3749

New Cerber ransomware targets Confluence and GitLab servers
https://www.bleepingcomputer.com/news/security/new-cerber-ransomware-targets-confluence-and-gitlab-servers/

3750

Technical Advisory: Zero-day critical vulnerability in Log4j2 exploited in the wild
https://businessinsights.bitdefender.com/technical-advisory-zero-day-critical-vulnerability-in-log4j2-exploited-in-the-wild

3751

The December 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/12/14/the-december-2021-security-update-review

3752

USB Over Ethernet | Multiple Vulnerabilities in AWS and Other Major Cloud Services
https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services/

3753

STOP Ransomware vaccine released to block encryption
https://www.bleepingcomputer.com/news/security/stop-ransomware-vaccine-released-to-block-encryption/
https://github.com/struppigel/STOP-DJVU-Ransomware-Vaccine

3754

It’s important to point out the following:

Vendors have released security updates to address these vulnerabilities.
Some of these are automatically applied while others require customer actions.
At this time, SentinelLabs has not discovered evidence of in-the-wild abuse.
The headline alone isn’t always the best news source and can quite often be misleading.

3755

WooCommerce Credit Card Swiper Injected Into Random Plugin Files
https://blog.sucuri.net/2021/12/woocommerce-credit-card-swiper-injected-into-random-plugin-files.html

3756

ALPHV BlackCat - This year’s most sophisticated ransomware
https://www.bleepingcomputer.com/news/security/alphv-blackcat-this-years-most-sophisticated-ransomware/

3757

MANGA aka Dark Mirai-based Campaign Targets New TP-Link Router RCE Vulnerability
https://www.fortinet.com/blog/threat-research/manga-aka-dark-mirai-based-campaign-targets-new-tp-link-router-rce-vulnerability

3758

Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attacks
https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection

3759

When Honey Bees Become Murder Hornets
https://eclypsium.com/2021/12/09/when-honey-bees-become-murder-hornets/
https://eclypsium.com/wp-content/uploads/2021/12/When_Honey_Bees_Become_Murder_Hornets.pdf

3760

Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation
https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/