Chinese hackers demonstrated new exploits for never-before-seen critical vulnerabilities in Windows 10, iOS 15, Google Chrome, Apple Safari, Microsoft Exchange Server and Ubuntu 20 at the Tianfu Cup 2021.

Read: https://thehackernews.com/2021/10/windows-10-linux-ios-chrome-and-many.html

Cybersecurity experts warn of an increase in Lyceum hacker group activities in Tunisia.

Read: https://thehackernews.com/2021/10/cybersecurity-experts-warn-of-rise-in.html

A new variant of the FlawedGrace malware, KiXtart Loader and MirrorBlast Loader is spreading via mass email campaigns targeting a variety of industries, with one of the region-specific operations targeting Germany and Austria in particular.

https://thehackernews.com/2021/10/a-new-variant-of-flawedgrace-spreading.html

A new sandbox escape bug (CVE-2021-41556) in the Squirrel engine could allow attackers to execute arbitrary code and hack games and cloud services.

https://thehackernews.com/2021/10/squirrel-engine-bug-could-let-attackers.html

Microsoft has released a new advisory warning of a vulnerability in Surface Pro 3 convertible laptops that could be exploited by an attacker to introduce malicious devices into corporate networks and bypass the device attestation mechanism.

https://thehackernews.com/2021/10/microsoft-warns-of-new-security-flaw.html

LightBasin ( aka UNC1945), a highly sophisticated hacking group, has been identified as behind a series of attacks on the telecommunications sector using custom tools aimed at gathering very specific information.

Read: https://thehackernews.com/2021/10/lightbasin-hackers-breach-at-least-13.html

Researchers have discovered a new vulnerability (CVE-2021-0186) in Intel processors, dubbed 'SmashEx,' that could allow attackers to access to sensitive information stored in SGX enclaves and even execute arbitrary code on vulnerable systems.

https://thehackernews.com/2021/10/researchers-break-intel-sgx-with-new.html

Two Eastern European nationals have been sentenced in the U.S. for offering "bulletproof #hosting" services to cybercriminals, which hackers used to distribute #malware and attack financial institutions across the country.

Read: https://thehackernews.com/2021/10/two-eastern-europeans-sentenced-for.html

Watch Out!

Google warns that hackers have been hijacking accounts of high-profile YouTube creators with malware that steals browser cookies for session hijacking, a technique that can effectively circumvent 2-factor authentication.

Details: https://thehackernews.com/2021/10/hackers-stealing-browser-cookies-to.html

U.S. government has announced new regulations banning the sale of hacking software and #surveillance equipment to Russia, China and other authoritarian regimes.

Read details: https://thehackernews.com/2021/10/us-government-bans-sale-of-hacking.html

A newly discovered vulnerability in that never-ending trial version of the popular WinRAR software could allow attackers to execute arbitrary code on target systems.

Read: https://thehackernews.com/2021/10/bug-in-free-winrar-software-could-let.html

Researchers have discovered a new rootkit malware that has a valid digital signature issued by Microsoft and is targeting online gamers in China.

Read details: https://thehackernews.com/2021/10/researchers-discover-microsoft-signed.html

Cybercrime gang FIN7 created a fake cybersecurity company called "Bastion Secure" to recruit IT experts and get them to launch ransomware attacks.

Read details: https://thehackernews.com/2021/10/hackers-set-up-fake-company-to-get-it.html

The hacker group "Lone Wolf" uses political and government-themed malicious domains to target entities in India and Afghanistan with commodity RATs.

Read details: https://thehackernews.com/2021/10/lone-wolf-hacker-group-targeting.html

A popular JavaScript NPM library with over 6 million weekly downloads has been hijacked to publish crypto-mining malware.

Read details: https://thehackernews.com/2021/10/popular-npm-package-hijacked-to-publish.html

In a multiple-country effort, law enforcement agencies 'reportedly' hacked the infrastructure of REvil ransomware group and forced it offline.

Read details: https://thehackernews.com/2021/10/feds-reportedly-hacked-revil-ransomware.html

Microsoft's threat intelligence team has uncovered "a series of large-scale credential phishing campaigns" using a custom phishing kit called "TodayZoo."

Read details: https://thehackernews.com/2021/10/microsoft-warns-of-todayzoo-phishing.html

New York Times journalist Ben Hubbard was repeatedly targeted with Israel-based NSO Groups Pegasus spyware over a three-year period after reporting on Saudi Arabia.

Read details: https://thehackernews.com/2021/10/nyt-journalist-repeatedly-hacked-with.html

Watch Out! Hackers are actively exploiting a critical vulnerability in multiple versions of a time and billing system called BillQuick to deploy ransomware on vulnerable systems.

Read details: https://thehackernews.com/2021/10/hackers-exploited-popular-billquick.html

Microsoft warns of continued supply-chain attacks by hacker group Nobelium, which has compromised 14 downstream customers of several cloud service providers, managed service providers and other IT service companies.

Read: https://thehackernews.com/2021/10/microsoft-warns-of-continued-supply.html

< Gummy Browsers >

Researchers find a new way that could let attackers collect browser’s fingerprinting information and spoof it without the victim’s awareness.

Read details: https://thehackernews.com/2021/10/new-attack-let-attacker-collect-and.html