Australian telecom giant Optus has confirmed that the personal information of nearly 2.1 million of its current and former customers was exposed in a recent data breach.

Read: https://thehackernews.com/2022/10/optus-hack-exposes-data-of-nearly-21.html

A 46-year-old online fraudster has been sentenced to 25 years in prison for laundering more than $9.5 million through cyber fraud.

Read: https://thehackernews.com/2022/10/bec-scammer-gets-25-year-jail-sentence.html

Researchers have disclosed details of a recently reported vulnerability in Packagist, a PHP software package repository, that could have been exploited to mount software supply chain attacks.

Read: https://thehackernews.com/2022/10/researchers-report-supply-chain.html

A popular YouTube channel with over 180,000 subscribers has been caught distributing a malicious version of the Tor browser that infects systems with spyware.

Details: https://thehackernews.com/2022/10/popular-youtube-channel-caught.html

India's CBI has arrested a Russian national suspected of hacking into a software platform used for the 2021 engineering entrance exams to help hundreds of students cheat for money.

Read: https://thehackernews.com/2022/10/russian-hacker-arrested-in-india-for.html

A Canadian national convicted for his role as a Netwalker ransomware affiliate has been sentenced to 20 years in U.S. prison and ordered to forfeit $21,500,000.

Read: https://thehackernews.com/2022/10/canadian-netwalker-ransomware-affiliate.html

Microsoft has revised its mitigation measures for the newly disclosed and actively exploited zero-day vulnerabilities in Exchange Server after it was found that they can be trivially bypassed.

Details: https://thehackernews.com/2022/10/mitigation-for-exchange-zero-days.html

FBI, CISA and NSA have disclosed information on how multiple nation-state hacker groups targeted the network of a Defense Industrial Base sector organization.

Read: https://thehackernews.com/2022/10/fbi-cisa-and-nsa-reveal-how-hackers.html

A new Android malware dubbed "RatMilad" has been observed targeting Middle Eastern enterprise mobile devices by posing as VPNs and phone number spoofing apps.

Read: https://thehackernews.com/2022/10/experts-warn-of-new-ratmilad-android.html

Australian telecom company Telstra has announced that it has been the victim of a third-party data breach, nearly two weeks after its rival Optus reported a data breach of its own.

Read: https://thehackernews.com/2022/10/telstra-telecom-suffers-data-breach.html

Former Uber Chief Security Officer has been found guilty of hiding 2016 #databreach from regulators in an attempt to cover up the incident.

Read: https://thehackernews.com/2022/10/former-uber-security-chief-found-guilty.html

Hacker group behind the malware-as-a-service (MaaS) called "Eternity" has been spotted offering a new malware called "LilithBot" to other cybercriminals.

Read: https://thehackernews.com/2022/10/eternity-group-hackers-offering-new.html

Security researchers have disclosed details of a now-fixed vulnerability in macOS operating system that could have allowed malicious applications to run in a way that bypasses Apple's security measures.

Read: https://thehackernews.com/2022/10/details-released-for-recently-patched.html

A 19-year-old Sydney teenager has been arrested for allegedly using leaked Optus telecom data to extort victims in SMS scams.

Read: https://thehackernews.com/2022/10/19-year-old-hacker-arrested-for-using.html

A hacker group called "LofyGang" distributed nearly 200 trojanized packages on the NPM open source repository that steals users' credit card information.

Read: https://thehackernews.com/2022/10/lofygang-distributed-200-malicious-npm.html

A researcher warns of a new stealth phishing attack technique that could allow hackers to use the application mode feature in Chromium-based web browsers to create "realistic desktop phishing applications."

Read: https://thehackernews.com/2022/10/hackers-can-use-app-mode-in-chromium.html

As part of another BYOVD attack, BlackByte ransomware exploits a flaw in a legitimate Windows driver to bypass security software.

Read: https://thehackernews.com/2022/10/blackbyte-ransomware-abuses-vulnerable.html

Meta security team has identified more than 400 malicious Android and $iOS apps that have stolen users' Facebook login credentials.

Read: https://thehackernews.com/2022/10/facebook-detects-400-android-and-ios.html

Fortinet has privately warned its customers about a new authentication bypass vulnerability (CVE-2022-40684) affecting FortiGate firewalls and FortiProxy web proxies.

Read: https://thehackernews.com/2022/10/fortinet-warns-of-new-auth-bypass-flaw.html

Microsoft has released an improved mitigation method to prevent exploitation attempts against recently disclosed unpatched Exchange server vulnerabilities (CVE-2022-41040 and CVE-2022-41082).

Read: https://thehackernews.com/2022/10/microsoft-issues-improved-mitigations.html

Hackers are exploiting a severe UNPATCHED remote code execution vulnerability (CVE-2022-41352) in Zimbra enterprise collaboration software and email platform.

Read: https://thehackernews.com/2022/10/hackers-exploiting-unpatched-rce-flaw.html