A new report shows how BazaCall callback phishing attack operators keep updating their social engineering tactics to deploy malware on targeted networks.

Read: https://thehackernews.com/2022/10/bazarcall-callback-phishing-attacks.html

A critical vulnerability (CVE-2022-38465 / CVSS 9.3) in Siemens Simatic programmable logic controllers (PLCs) can enable attackers to access hard-coded private cryptographic keys and bypass access controls.

Read: https://thehackernews.com/2022/10/critical-bug-in-siemens-simatic-plcs.html

Microsoft's Patch Tuesday updates this month fix 85 vulnerabilities, including an actively exploited Windows Zero Day vulnerability, but no patches yet for in-the-wild exploited Exchange Server vulnerabilities.

Read: https://thehackernews.com/2022/10/microsoft-patch-tuesday-fixes-new.html

Google is rolling out support for passkeys, the next-generation passwordless authentication standard, to both Android and Chrome.

Read: https://thehackernews.com/2022/10/google-rolling-out-passkey-passwordless.html

Cyber criminals are resorting to voice phishing tactics (vishing) to trick their victims into installing Android banking malware on their devices.

Read: https://thehackernews.com/2022/10/hackers-using-vishing-tactics-to-trick.html

Researchers uncover seven custom backdoors used by Polonium APT hackers in targeted attacks on Israeli entities to take screenshots, log keystrokes, spy via webcam, open reverse shells and exfiltrate files.

Read: https://thehackernews.com/2022/10/researchers-uncover-custom-backdoors.html

Watch Out! An unofficial modified version of the popular WhatsApp messaging app called "YoWhatsApp" has been caught infecting users' Android devices with the Triada malware.

Read: https://thehackernews.com/2022/10/modified-whatsapp-app-caught-infecting.html

Researchers have published technical details and a PoC exploit for a recently disclosed critical vulnerability (CVE-2022-40684) affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager.

Read: https://thehackernews.com/2022/10/poc-exploit-released-for-critical.html

Tata Power, India's largest integrated power company, has been hit by a cyberattack.

Read: https://thehackernews.com/2022/10/indian-energy-company-tata-powers-it.html

Interpol has announced the arrest of 75 people as part of a coordinated global operation against an organized cybercrime syndicate called "Black Axe."

Read: https://thehackernews.com/2022/10/interpol-led-operation-takes-down-black.html

Zimbra has finally released security patches for an actively exploited RCE vulnerability (CVE-2022-41352) in its Enterprise Collaboration Suite that could be used to upload arbitrary files to vulnerable instances.

Read: https://thehackernews.com/2022/10/zimbra-releases-patch-for-actively.html

Microsoft warns about a newly discovered ransomware campaign called "Prestige" that targets companies in the transportation and related logistics industries in Ukraine and Poland.

Read: https://thehackernews.com/2022/10/new-prestige-ransomware-targeting.html

New research has uncovered a security weakness in Microsoft 365 that could be exploited to determine the content of encrypted messages due to the use of a broken cryptographic algorithm.

Read: https://thehackernews.com/2022/10/researchers-claim-microsoft-office-365.html

Hackers behind the Black Basta ransomware attacks have been observed using the Qakbot trojan to deploy the Brute Ratel C4 framework as a second-stage payload in recent attacks.

Read: https://thehackernews.com/2022/10/black-basta-ransomware-hackers.html

Police in Europe have arrested members of a cybercrime ring that used a hacking tool to steal cars without a physical key fob.

Read: https://thehackernews.com/2022/10/european-police-arrest-gang-that-hacked.html

Operation CuckooBees: A Chinese-aligned espionage hacking group is targeting government organizations in Hong Kong.

Read: https://thehackernews.com/2022/10/chinese-spyder-loader-malware-spotted.html

A critical RCE vulnerability has been discovered in the popular Cobalt Strike exploitation framework that could allow an attacker to take control of the target system.

Read: https://thehackernews.com/2022/10/critical-rce-vulnerability-discovered.html

HelpSystems releases an out-of-band patch update to fix the issue.

Chinese APT hackers, codenamed DiceyF, have been linked to a string of attacks aimed at online casinos in Southeast Asia for years.

Read: https://thehackernews.com/2022/10/chinese-hackers-targeting-online.html

Security researchers warn of a new, stealthy PowerShell backdoor that disguises itself as a Windows update process.

Details: https://thehackernews.com/2022/10/experts-warn-of-stealthy-powershell.html

CISA has published two Industrial Control Systems (ICS) advisories warning of serious security vulnerabilities in Advantech R-SeeNet and Hitachi Energy APM Edge appliances.

Details: https://thehackernews.com/2022/10/cisa-warns-of-critical-flaws-affecting.html

Researchers have disclosed more details about a now-patched vulnerability in Azure Service Fabric Explorer (SFX) that could allow an attacker to gain administrative privileges on the cluster.

Read: https://thehackernews.com/2022/10/researchers-detail-azure-sfx-flaw-that.html