Emergency Apple iOS 15.0.2 update fixes zero-day used in attacks

Apple has released iOS 15.0.2 and iPadOS 15.0.2 to fix a zero-day vulnerability that is actively exploited in the wild in attacks targeting Phones and iPads. [...]

https://www.bleepingcomputer.com/news/security/emergency-apple-ios-1502-update-fixes-zero-day-used-in-attacks/

GitHub revokes duplicate SSH auth keys linked to library bug

GitHub has revoked weak SSH authentication keys generated using a library that incorrectly created duplicate RSA keypairs. [...]

https://www.bleepingcomputer.com/news/security/github-revokes-duplicate-ssh-auth-keys-linked-to-library-bug/

Brother printers may not work in Windows 11 if connected via USB

Brother is warning that many of their printers may no longer work or display errors when using a USB connection in Windows 11. [...]

https://www.bleepingcomputer.com/news/microsoft/brother-printers-may-not-work-in-windows-11-if-connected-via-usb/

NSA warns of wildcard certificate risks, provides mitigations

The U.S. National Security Agency (NSA) is warning of the dangers stemming from the use of broadly-scoped certificates to authenticate multiple servers in an organization. These include a recently disclosed ALPACA technique that could be used for various traffic redirect attacks. [...]

https://www.bleepingcomputer.com/news/security/nsa-warns-of-wildcard-certificate-risks-provides-mitigations/

Photo editor Android app STILL sitting on Google Play store is malware

An Android app sitting on the Google Play store touts itself to be a photo editor app. But, it contains code that steals the user's Facebook credentials to potentially run ad campaigns on the user's behalf, with their payment information. The app has scored over 5K installs, with similar spyware apps having 500K+ installs. [...]

https://www.bleepingcomputer.com/news/security/photo-editor-android-app-still-sitting-on-google-play-store-is-malware/

Microsoft: Azure customer hit by record DDoS attack in August

Microsoft has mitigated a record 2.4 Tbps (terabytes per second) Distributed Denial-of-Service (DDoS) attack targeting an European Azure customer during the last week of August. [...]

https://www.bleepingcomputer.com/news/security/microsoft-azure-customer-hit-by-record-ddos-attack-in-august/

Olympus US systems hit by cyberattack over the weekend

Olympus, a leading medical technology company, was forced to take down IT systems in the Americas (U.S., Canada and Latin America) following a cyberattack that hit its network Sunday, on October 10, 2021. [...]

https://www.bleepingcomputer.com/news/security/olympus-us-systems-hit-by-cyberattack-over-the-weekend/

Microsoft revokes insecure SSH keys for Azure DevOps customers

Microsoft revoked insecure SSH keys some Azure DevOps have generated using a GitKraken git GUI client version impacted by an underlying issue found in one of its dependencies. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-revokes-insecure-ssh-keys-for-azure-devops-customers/

SnapMC hackers skip file encryption and just steal your files

A new actor tracked as SnapMC has emerged in the cybercrime space, performing the typical data-stealing extortion that underpins ransomware operations, but without doing any file encryption.  [...]

https://www.bleepingcomputer.com/news/security/snapmc-hackers-skip-file-encryption-and-just-steal-your-files/

Study reveals Android phones constantly snoop on their users

A new study by a team of university researchers in the UK has unveiled a host of privacy issues that arise from using Android smartphones.  [...]

https://www.bleepingcomputer.com/news/security/study-reveals-android-phones-constantly-snoop-on-their-users/

Cyberattack shuts down Ecuador's largest bank, Banco Pichincha

Ecuador's largest private bank Banco Pichincha has suffered a cyberattack that disrupted operations and taken the ATM and online banking portal offline. [...]

https://www.bleepingcomputer.com/news/security/cyberattack-shuts-down-ecuadors-largest-bank-banco-pichincha/

FreakOut botnet now attacks vulnerable video DVR devices

A new update to the FreakOut (aka Necro, N3Cr0m0rPh) Python botnet has added a recently published PoC exploit for Visual Tools DVR in its arsenal to further aid in breaching systems. [...]

https://www.bleepingcomputer.com/news/security/freakout-botnet-now-attacks-vulnerable-video-dvr-devices/

Phishing campaign uses math symbols to evade detection

Phishing actors are now using mathematical symbols on impersonated company logos to evade detection from anti-phishing systems. [...]

https://www.bleepingcomputer.com/review/security/phishing-campaign-uses-math-symbols-to-evade-detection/

Microsoft October 2021 Patch Tuesday fixes 4 zero-days, 71 flaws

Today is Microsoft's October 2021 Patch Tuesday, and with it comes fixes for four zero-day vulnerabilities and a total of 74 flaws. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2021-patch-tuesday-fixes-4-zero-days-71-flaws/

Windows 10 updates KB5006670 & KB5006667 released

The October 2021 Patch update is now rolling out and Microsoft has published cumulative updates KB5006670 and KB5005566 for recent versions of Windows 10. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-updates-kb5006670-and-kb5006667-released/

PyPI removes 'mitmproxy2' over code execution concerns

The PyPI repository has removed a Python package called 'mitmproxy2' that was an identical copy of the official "mitmproxy" library, but with an "artificially introduced" code execution vulnerability. The 'mitmproxy' Python package is a free and open-source interactive HTTPS proxy [...]

https://www.bleepingcomputer.com/news/security/pypi-removes-mitmproxy2-over-code-execution-concerns/

Chinese hackers use Windows zero-day to attack defense, IT firms

A Chinese-speaking hacking group exploited a zero-day vulnerability in the Windows Win32k kernel driver to deploy a previously unknown remote access trojan (RAT). [...]

https://www.bleepingcomputer.com/news/security/chinese-hackers-use-windows-zero-day-to-attack-defense-it-firms/

Windows 11 KB5006674 update released with compatibility fixes

Microsoft has released the Windows 11 KB5006674 cumulative update, marking it as the first update for the new operating system since it has been released to the public channel. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5006674-update-released-with-compatibility-fixes/

Dutch police send warning letters to DDoS booter customers

Dutch authorities gave a final warning to more than a dozen customers of a distributed denial-of-service (DDoS) website, letting them know that continued cyber offenses lead to prosecution. [...]

https://www.bleepingcomputer.com/news/security/dutch-police-send-warning-letters-to-ddos-booter-customers/

OVH hosting provider goes down during planned maintenance

OVH, the largest hosting provider in Europe and the third-largest in the world, went down earlier today following what looks like routing configuration issues during a planned maintenance. [...]

https://www.bleepingcomputer.com/news/technology/ovh-hosting-provider-goes-down-during-planned-maintenance/

Russia and China left out of global anti-ransomware meetings

The White House National Security Council facilitates virtual meetings this week with senior officials and ministers from more than 30 countries in a virtual international counter-ransomware event to rally allies in the fight against the ransomware threat. [...]

https://www.bleepingcomputer.com/news/security/russia-and-china-left-out-of-global-anti-ransomware-meetings/