Multiple vulnerabilities have been discovered in LibreOffice and OpenOffice that could be exploited by malicious actors to modify documents to make them appear to be digitally signed by a trusted source.

Details: https://thehackernews.com/2021/10/digital-signature-spoofing-flaws.html

// Microsoft Patch Tuesday
// October 2021 Edition

Update your Windows PCs right away to patch 4 new 0-day vulnerabilities that are currently being exploited in the wild.

Read details: https://thehackernews.com/2021/10/update-your-windows-pcs-immediately-to.html

A critical vulnerability in OpenSea, the world's largest non-fungible token (NFT) marketplace, could have allowed hackers to drain cryptocurrency funds from users' wallets.

Read: https://thehackernews.com/2021/10/critical-flaw-in-opensea-could-have-let.html

Researchers have identified a large number of endpoints associated with the Prometheus event monitoring solution, deployed at originations, that are publicly accessible, allowing unauthenticated users to access sensitive information.

https://thehackernews.com/2021/10/experts-warn-of-unprotected-prometheus.html

After a thorough examination of 80 million samples, Google's VirusTotal releases its first "Ransomware Activity Report," which provides a comprehensive snapshot of ransomware attacks.

Read: https://thehackernews.com/2021/10/virustotal-releases-ransomware-report.html

Multiple security vulnerabilities have been disclosed in softphone software from Linphone and MicroSIP that could be exploited by unauthenticated remote attackers.

Read details: https://thehackernews.com/2021/10/critical-remote-hacking-flaws-disclosed.html

Google's TAG team is tracking 270 government-backed hacker groups from more than 50 countries.

Read: https://thehackernews.com/2021/10/google-were-tracking-270-state.html

United States Cybersecurity Infrastructure and Security Agency (CISA) has issued a warning about cyber threats aimed against wastewater and water systems.

Read Details: https://thehackernews.com/2021/10/cisa-issues-warning-on-cyber-threats.html

AllBlock ad-blocking plugin for Chrome and Opera browsers caught injecting advertisements into Google search results pages.

Read: https://thehackernews.com/2021/10/ad-blocking-chrome-extension-caught.html

Hackers behind Trickbot are expanding the distribution channels for malware.

Read: https://thehackernews.com/2021/10/attackers-behind-trickbot-expanding.html

Chinese hackers demonstrated new exploits for never-before-seen critical vulnerabilities in Windows 10, iOS 15, Google Chrome, Apple Safari, Microsoft Exchange Server and Ubuntu 20 at the Tianfu Cup 2021.

Read: https://thehackernews.com/2021/10/windows-10-linux-ios-chrome-and-many.html

Cybersecurity experts warn of an increase in Lyceum hacker group activities in Tunisia.

Read: https://thehackernews.com/2021/10/cybersecurity-experts-warn-of-rise-in.html

A new variant of the FlawedGrace malware, KiXtart Loader and MirrorBlast Loader is spreading via mass email campaigns targeting a variety of industries, with one of the region-specific operations targeting Germany and Austria in particular.

https://thehackernews.com/2021/10/a-new-variant-of-flawedgrace-spreading.html

A new sandbox escape bug (CVE-2021-41556) in the Squirrel engine could allow attackers to execute arbitrary code and hack games and cloud services.

https://thehackernews.com/2021/10/squirrel-engine-bug-could-let-attackers.html

Microsoft has released a new advisory warning of a vulnerability in Surface Pro 3 convertible laptops that could be exploited by an attacker to introduce malicious devices into corporate networks and bypass the device attestation mechanism.

https://thehackernews.com/2021/10/microsoft-warns-of-new-security-flaw.html

LightBasin ( aka UNC1945), a highly sophisticated hacking group, has been identified as behind a series of attacks on the telecommunications sector using custom tools aimed at gathering very specific information.

Read: https://thehackernews.com/2021/10/lightbasin-hackers-breach-at-least-13.html

Researchers have discovered a new vulnerability (CVE-2021-0186) in Intel processors, dubbed 'SmashEx,' that could allow attackers to access to sensitive information stored in SGX enclaves and even execute arbitrary code on vulnerable systems.

https://thehackernews.com/2021/10/researchers-break-intel-sgx-with-new.html

Two Eastern European nationals have been sentenced in the U.S. for offering "bulletproof #hosting" services to cybercriminals, which hackers used to distribute #malware and attack financial institutions across the country.

Read: https://thehackernews.com/2021/10/two-eastern-europeans-sentenced-for.html

Watch Out!

Google warns that hackers have been hijacking accounts of high-profile YouTube creators with malware that steals browser cookies for session hijacking, a technique that can effectively circumvent 2-factor authentication.

Details: https://thehackernews.com/2021/10/hackers-stealing-browser-cookies-to.html

U.S. government has announced new regulations banning the sale of hacking software and #surveillance equipment to Russia, China and other authoritarian regimes.

Read details: https://thehackernews.com/2021/10/us-government-bans-sale-of-hacking.html

A newly discovered vulnerability in that never-ending trial version of the popular WinRAR software could allow attackers to execute arbitrary code on target systems.

Read: https://thehackernews.com/2021/10/bug-in-free-winrar-software-could-let.html