As part of another BYOVD attack, BlackByte ransomware exploits a flaw in a legitimate Windows driver to bypass security software.

Read: https://thehackernews.com/2022/10/blackbyte-ransomware-abuses-vulnerable.html

Meta security team has identified more than 400 malicious Android and $iOS apps that have stolen users' Facebook login credentials.

Read: https://thehackernews.com/2022/10/facebook-detects-400-android-and-ios.html

Fortinet has privately warned its customers about a new authentication bypass vulnerability (CVE-2022-40684) affecting FortiGate firewalls and FortiProxy web proxies.

Read: https://thehackernews.com/2022/10/fortinet-warns-of-new-auth-bypass-flaw.html

Microsoft has released an improved mitigation method to prevent exploitation attempts against recently disclosed unpatched Exchange server vulnerabilities (CVE-2022-41040 and CVE-2022-41082).

Read: https://thehackernews.com/2022/10/microsoft-issues-improved-mitigations.html

Hackers are exploiting a severe UNPATCHED remote code execution vulnerability (CVE-2022-41352) in Zimbra enterprise collaboration software and email platform.

Read: https://thehackernews.com/2022/10/hackers-exploiting-unpatched-rce-flaw.html

Hackers stole 100 million worth of cryptocurrency from a Binance-linked blockchain.

Read: https://thehackernews.com/2022/10/hackers-steal-100-million.html

Intel has confirmed that proprietary source code related to its Alder Lake CPUs has been leaked after it was posted on 4chan and GitHub by an unknown third-party.

Read: https://thehackernews.com/2022/10/intel-confirms-leak-of-alder-lake-bios.html

A new report reveals Emotet's latest malware delivery and evasion techniques used in recent cyberattacks.

Read: https://thehackernews.com/2022/10/new-report-uncovers-emotets-delivery.html

Researchers have outlined the increasingly sophisticated malware tools employed by a cyber espionage group called "Earth Aughisky."

Read: https://thehackernews.com/2022/10/researchers-detail-malicious-tools-used.html

Fortinet warns that the newly discovered critical vulnerability affecting its firewall and proxy products is being actively exploited in the wild.

Read: https://thehackernews.com/2022/10/fortinet-warns-of-active-exploitation.html

Cyber criminals are using a previously undocumented phishing-as-a-service (PhaaS) toolkit called Caffeine to effectively scale their attacks and spread malicious payloads.

Read: https://thehackernews.com/2022/10/researchers-warn-of-new-phishing-as.html

Researchers warn of a recently reported critical RCE vulnerability (CVE-2022-36067 / CVSS 10) in the popular vm2 JavaScript sandbox module that could be exploited by hackers to overcome security barriers and perform arbitrary operations.

Read: https://thehackernews.com/2022/10/researchers-detail-critical-rce-flaw.html

A new report shows how BazaCall callback phishing attack operators keep updating their social engineering tactics to deploy malware on targeted networks.

Read: https://thehackernews.com/2022/10/bazarcall-callback-phishing-attacks.html

A critical vulnerability (CVE-2022-38465 / CVSS 9.3) in Siemens Simatic programmable logic controllers (PLCs) can enable attackers to access hard-coded private cryptographic keys and bypass access controls.

Read: https://thehackernews.com/2022/10/critical-bug-in-siemens-simatic-plcs.html

Microsoft's Patch Tuesday updates this month fix 85 vulnerabilities, including an actively exploited Windows Zero Day vulnerability, but no patches yet for in-the-wild exploited Exchange Server vulnerabilities.

Read: https://thehackernews.com/2022/10/microsoft-patch-tuesday-fixes-new.html

Google is rolling out support for passkeys, the next-generation passwordless authentication standard, to both Android and Chrome.

Read: https://thehackernews.com/2022/10/google-rolling-out-passkey-passwordless.html

Cyber criminals are resorting to voice phishing tactics (vishing) to trick their victims into installing Android banking malware on their devices.

Read: https://thehackernews.com/2022/10/hackers-using-vishing-tactics-to-trick.html

Researchers uncover seven custom backdoors used by Polonium APT hackers in targeted attacks on Israeli entities to take screenshots, log keystrokes, spy via webcam, open reverse shells and exfiltrate files.

Read: https://thehackernews.com/2022/10/researchers-uncover-custom-backdoors.html

Watch Out! An unofficial modified version of the popular WhatsApp messaging app called "YoWhatsApp" has been caught infecting users' Android devices with the Triada malware.

Read: https://thehackernews.com/2022/10/modified-whatsapp-app-caught-infecting.html

Researchers have published technical details and a PoC exploit for a recently disclosed critical vulnerability (CVE-2022-40684) affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager.

Read: https://thehackernews.com/2022/10/poc-exploit-released-for-critical.html

Tata Power, India's largest integrated power company, has been hit by a cyberattack.

Read: https://thehackernews.com/2022/10/indian-energy-company-tata-powers-it.html