Apple has released urgent iOS 15.0.2 and iPadOS 15.0.2 updates to address a new critical 0-day vulnerability (CVE-2021-30883) that is being actively exploited in the wild.

Read details: https://thehackernews.com/2021/10/apple-releases-urgent-iphone-and-ipad.html

Ukrainian authorities arrest a hacker responsible for creating and managing a "powerful botnet" consisting of over 100,000 enslaved devices used for DDoS and spam attacks on behalf of paying customers.

Read details: https://thehackernews.com/2021/10/ukraine-arrests-operator-of-ddos-botnet.html

An Iran-linked hacking group has been conducting extensive password-spraying attacks on more than 250 Office 365 tenants, targeting the US, Israeli defense firms.

https://thehackernews.com/2021/10/microsoft-warns-of-iran-linked-hackers.html

According to Microsoft, nearly 20 of the targeted tenants were compromised successfully.

Microsoft Azure's cloud platform was hit by a record 2.4 Tbps DDoS attack targeting an unnamed customer in Europe.

Read details: https://thehackernews.com/2021/10/microsoft-fended-off-record-24-tbps.html

GitHub has revoked weak SSH authentication keys generated via the popular GitKraken git GUI client due to a vulnerability in a third-party library that increased the chance of duplicating SSH keys.

Read: https://thehackernews.com/2021/10/github-revoked-insecure-ssh-keys.html

Multiple vulnerabilities have been discovered in LibreOffice and OpenOffice that could be exploited by malicious actors to modify documents to make them appear to be digitally signed by a trusted source.

Details: https://thehackernews.com/2021/10/digital-signature-spoofing-flaws.html

// Microsoft Patch Tuesday
// October 2021 Edition

Update your Windows PCs right away to patch 4 new 0-day vulnerabilities that are currently being exploited in the wild.

Read details: https://thehackernews.com/2021/10/update-your-windows-pcs-immediately-to.html

A critical vulnerability in OpenSea, the world's largest non-fungible token (NFT) marketplace, could have allowed hackers to drain cryptocurrency funds from users' wallets.

Read: https://thehackernews.com/2021/10/critical-flaw-in-opensea-could-have-let.html

Researchers have identified a large number of endpoints associated with the Prometheus event monitoring solution, deployed at originations, that are publicly accessible, allowing unauthenticated users to access sensitive information.

https://thehackernews.com/2021/10/experts-warn-of-unprotected-prometheus.html

After a thorough examination of 80 million samples, Google's VirusTotal releases its first "Ransomware Activity Report," which provides a comprehensive snapshot of ransomware attacks.

Read: https://thehackernews.com/2021/10/virustotal-releases-ransomware-report.html

Multiple security vulnerabilities have been disclosed in softphone software from Linphone and MicroSIP that could be exploited by unauthenticated remote attackers.

Read details: https://thehackernews.com/2021/10/critical-remote-hacking-flaws-disclosed.html

Google's TAG team is tracking 270 government-backed hacker groups from more than 50 countries.

Read: https://thehackernews.com/2021/10/google-were-tracking-270-state.html

United States Cybersecurity Infrastructure and Security Agency (CISA) has issued a warning about cyber threats aimed against wastewater and water systems.

Read Details: https://thehackernews.com/2021/10/cisa-issues-warning-on-cyber-threats.html

AllBlock ad-blocking plugin for Chrome and Opera browsers caught injecting advertisements into Google search results pages.

Read: https://thehackernews.com/2021/10/ad-blocking-chrome-extension-caught.html

Hackers behind Trickbot are expanding the distribution channels for malware.

Read: https://thehackernews.com/2021/10/attackers-behind-trickbot-expanding.html

Chinese hackers demonstrated new exploits for never-before-seen critical vulnerabilities in Windows 10, iOS 15, Google Chrome, Apple Safari, Microsoft Exchange Server and Ubuntu 20 at the Tianfu Cup 2021.

Read: https://thehackernews.com/2021/10/windows-10-linux-ios-chrome-and-many.html

Cybersecurity experts warn of an increase in Lyceum hacker group activities in Tunisia.

Read: https://thehackernews.com/2021/10/cybersecurity-experts-warn-of-rise-in.html

A new variant of the FlawedGrace malware, KiXtart Loader and MirrorBlast Loader is spreading via mass email campaigns targeting a variety of industries, with one of the region-specific operations targeting Germany and Austria in particular.

https://thehackernews.com/2021/10/a-new-variant-of-flawedgrace-spreading.html

A new sandbox escape bug (CVE-2021-41556) in the Squirrel engine could allow attackers to execute arbitrary code and hack games and cloud services.

https://thehackernews.com/2021/10/squirrel-engine-bug-could-let-attackers.html

Microsoft has released a new advisory warning of a vulnerability in Surface Pro 3 convertible laptops that could be exploited by an attacker to introduce malicious devices into corporate networks and bypass the device attestation mechanism.

https://thehackernews.com/2021/10/microsoft-warns-of-new-security-flaw.html