Nighthawk, a nascent and legitimate penetration testing framework with Cobalt Strike-like capabilities, is likely to become the hackers' next favorite post-exploitation tool.

Read: https://thehackernews.com/2022/11/nighthawk-likely-to-become-hackers-new.html

Microsoft warns of hackers exploiting now-discontinued Boa web server software used in IoT and OT environments to attack critical industries.

Read: https://thehackernews.com/2022/11/hackers-exploiting-abandoned-boa-web.html

Dozens of Russian hacker groups have infected over 890,000 devices with info-stealing #malware and stolen over 50 million passwords for Amazon, PayPal, crypto wallets and gaming accounts.

Read: https://thehackernews.com/2022/11/34-russian-hacker-groups-stole-over-50.html

Vietnam-based cybercrime operation DUCKTAIL has returned with new capabilities to run fraudulent ads via compromised business accounts.

Read: https://thehackernews.com/2022/11/ducktail-malware-operation-evolves-with.html

Black Basta ransomware gang is actively infiltrating U.S. companies with the Qakbot malware to create an initial entry point and move laterally into a company's network.

Read: https://thehackernews.com/2022/11/black-basta-ransomware-gang-actively.html

SharkBot Android banking fraud malware has resurfaced on the official Google Play Store and pretends to be a file manager in order to bypass the app marketplace restrictions.

Read: https://thehackernews.com/2022/11/this-android-file-manager-app-infected.html

Bahamut cyberespionage hacker group targeting Android users with fake VPN apps designed to extract sensitive information.

Read: https://thehackernews.com/2022/11/bahamut-cyber-espionage-hackers.html

A set of 5 vulnerabilities in Arm's Mali GPU driver has remained unpatched on millions of Android devices for months, despite the chip maker releasing fixes.

Read: https://thehackernews.com/2022/11/million-of-android-devices-still-dont.html

Researchers have discovered a new variant of RansomExx ransomware rewritten in the Rust #programming language.

Read: https://thehackernews.com/2022/11/new-ransomexx-ransomware-variant.html

INTERPOL arrested 975 suspected cybercriminals and seized $130 million in a global crackdown on voice phishing, romance fraud, sextortion, investment fraud, business email compromise, and money laundering.

Read: https://thehackernews.com/2022/11/interpol-seized-130-million-from.html

A coordinated law enforcement effort has dismantled an online phone number spoofing service called "iSpoof" and arrested 142 people connected to the operation.

Read: https://thehackernews.com/2022/11/uk-police-arrest-142-in-global.html

Devices from Dell, HP and Lenovo have been found to use outdated versions of the OpenSSL cryptographic library, which are known to contain at least 10 critical vulnerabilities.

Read: https://thehackernews.com/2022/11/dell-hp-and-lenovo-devices-found-using.html

Google has released an update for the Chrome browser to patch a new, actively exploited zero-day vulnerability (CVE-2022-4135) that resides in the GPU component.

Read: https://thehackernews.com/2022/11/update-chrome-browser-now-to-patch-new.html

Researchers warn of new "RansomBoggs" ransomware attacks targeting organizations in Ukraine and linked to the Russia-based Sandworm nation-state hacking group.

Read:https://thehackernews.com/2022/11/russia-based-ransomboggs-ransomware.html

U.S. regulators have imposed a ban on Chinese telecommunications and video surveillance equipment from Huawei, ZTE, Hytera, Hikvision, and Dahua, classifying them as "unacceptable" threats to national security.

Read: https://thehackernews.com/2022/11/us-bans-chinese-telecom-equipment-and.html

Elon Musk has confirmed that #Twitter 2.0 - The Everything App - will bring end-to-end #encryption (E2EE) for direct messages and long-form tweets to the platform.

Read: https://thehackernews.com/2022/11/elon-musk-confirms-twitter-20-will.html

Over a dozen new vulnerabilities have been discovered in the firmware of Lanner's Baseboard Management Controller (BMC) that could leave OT and IoT networks vulnerable to remote attacks.

Read: https://thehackernews.com/2022/11/over-dozen-new-bmc-firmware-flaws.html

Researchers have reported a cross-tenant vulnerability in Amazon Web Services (AWS) that exploits #AWS AppSync and allows an attacker to infiltrate a victim organization and access resources in those accounts.

Read: https://thehackernews.com/2022/11/researchers-detail-appsync-cross-tenant.html

CISA has added a critical vulnerability affecting Oracle Fusion Middleware to the Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation.

Read: https://thehackernews.com/2022/11/cisa-warns-of-actively-exploited.html

Ireland's data regulator has fined Facebook €265 million ($277 million) for failing to protect the personal data of more than half a billion users of its social media platform.

Read: https://thehackernews.com/2022/11/irish-regulator-fines-facebook-277.html

Researchers have reported a new vulnerability (CVE-2022-4020) in Acer laptops that could be potentially weaponized to disable UEFI Secure Boot protection.

Read: https://thehackernews.com/2022/11/new-flaw-in-acer-laptops-could-let.html