Karakurt rises from its lair
https://www.accenture.com/us-en/blogs/cyber-defense/karakurt-threat-mitigation

Avast Finds Backdoor on US Government Commission Network
https://decoded.avast.io/threatintel/avast-finds-backdoor-on-us-government-commission-network/

TinyNuke Banking Malware Targets French Entities
https://www.proofpoint.com/us/blog/threat-insight/tinynuke-banking-malware-targets-french-entities

A closer look at Qakbot’s latest building blocks (and how to knock them down)
https://www.microsoft.com/security/blog/2021/12/09/a-closer-look-at-qakbots-latest-building-blocks-and-how-to-knock-them-down/

Phishing Campaign Targeting Korean to Deliver Agent Tesla New Variant
https://www.fortinet.com/blog/threat-research/phishing-campaign-targeting-korean-to-deliver-agent-tesla-new-variant

Bugs in billions of WiFi, Bluetooth chips allow password, data theft
https://www.bleepingcomputer.com/news/security/bugs-in-billions-of-wifi-bluetooth-chips-allow-password-data-theft/
https://arxiv.org/pdf/2112.05719.pdf

Also covered here, https://youtu.be/AKUHgwwPi3I

Driver-Based Attacks: Past and Present
https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/

Espionage Campaign Targets Telecoms Organizations across Middle East and Asia
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/espionage-campaign-telecoms-asia-middle-east

Catching malware red-handed: Behavioral threat fingerprinting
https://blog.avast.com/behavioral-threat-fingerprinting-avast

Owowa: the add-on that turns your OWA into a credential stealer and remote access panel
https://securelist.com/owowa-credential-stealer-and-remote-access/105219/

Magecart Skimmers Are Alive and Well – Constant Vigilance Is Required
https://www.akamai.com/blog/security/magecart-skimmers-are-alive-and-well-constant-vigilance-is-required

Log4j Vulnerability: Attackers Shift Focus From LDAP to RMI
https://blogs.juniper.net/en-us/threat-research/log4j-vulnerability-attackers-shift-focus-from-ldap-to-rmi

Large-scale phishing study shows who bites the bait more often
https://www.bleepingcomputer.com/news/security/large-scale-phishing-study-shows-who-bites-the-bait-more-often/
http://arxiv.org/pdf/2112.07498.pdf

A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html

DarkWatchman: A new evolution in fileless techniques.
https://www.prevailion.com/darkwatchman-new-fileness-techniques/

How does your location affect your online privacy?
https://blog.avast.com/location-and-online-privacy-avast

Phorpiex botnet returns with new tricks making it harder to disrupt
https://www.bleepingcomputer.com/news/security/phorpiex-botnet-returns-with-new-tricks-making-it-harder-to-disrupt/

Understanding the Impact of Apache Log4j Vulnerability
https://security.googleblog.com/2021/12/understanding-impact-of-apache-log4j.html

Countering disinformation requires a more coordinated approach.
https://blog.avast.com/countering-disinformation-report-avast