Researchers have discovered a new rootkit malware that has a valid digital signature issued by Microsoft and is targeting online gamers in China.

Read details: https://thehackernews.com/2021/10/researchers-discover-microsoft-signed.html

Cybercrime gang FIN7 created a fake cybersecurity company called "Bastion Secure" to recruit IT experts and get them to launch ransomware attacks.

Read details: https://thehackernews.com/2021/10/hackers-set-up-fake-company-to-get-it.html

The hacker group "Lone Wolf" uses political and government-themed malicious domains to target entities in India and Afghanistan with commodity RATs.

Read details: https://thehackernews.com/2021/10/lone-wolf-hacker-group-targeting.html

A popular JavaScript NPM library with over 6 million weekly downloads has been hijacked to publish crypto-mining malware.

Read details: https://thehackernews.com/2021/10/popular-npm-package-hijacked-to-publish.html

In a multiple-country effort, law enforcement agencies 'reportedly' hacked the infrastructure of REvil ransomware group and forced it offline.

Read details: https://thehackernews.com/2021/10/feds-reportedly-hacked-revil-ransomware.html

Microsoft's threat intelligence team has uncovered "a series of large-scale credential phishing campaigns" using a custom phishing kit called "TodayZoo."

Read details: https://thehackernews.com/2021/10/microsoft-warns-of-todayzoo-phishing.html

New York Times journalist Ben Hubbard was repeatedly targeted with Israel-based NSO Groups Pegasus spyware over a three-year period after reporting on Saudi Arabia.

Read details: https://thehackernews.com/2021/10/nyt-journalist-repeatedly-hacked-with.html

Watch Out! Hackers are actively exploiting a critical vulnerability in multiple versions of a time and billing system called BillQuick to deploy ransomware on vulnerable systems.

Read details: https://thehackernews.com/2021/10/hackers-exploited-popular-billquick.html

Microsoft warns of continued supply-chain attacks by hacker group Nobelium, which has compromised 14 downstream customers of several cloud service providers, managed service providers and other IT service companies.

Read: https://thehackernews.com/2021/10/microsoft-warns-of-continued-supply.html

< Gummy Browsers >

Researchers find a new way that could let attackers collect browser’s fingerprinting information and spoof it without the victim’s awareness.

Read details: https://thehackernews.com/2021/10/new-attack-let-attacker-collect-and.html

Mozilla warns that two malicious Firefox add-ons installed by over 455,000 users prevent users from downloading security updates, accessing updated blocklists, and updating remotely configured content.

Read details: https://thehackernews.com/2021/10/malicious-firefox-add-ons-block-browser.html

Over 10 MILLION users have been targeted with 151 malicious Android apps from the Google Play Store that tricked users into paying for premium subscription services without their knowledge or consent.

Details: https://thehackernews.com/2021/10/over-10-million-android-users-targeted.html

North Korean hacking group Lazarus has been observed waging two separate supply-chain attacks to gain a foothold in corporate networks and attack downstream organizations.

Read details: https://thehackernews.com/2021/10/latest-report-uncovers-supply-chain.html

A widespread malicious email campaign deploys a new malware loader that gives attackers initial access to corporate networks to spread malicious payloads like Qakbot and Cobalt Strike.

Read: https://thehackernews.com/2021/10/hackers-using-squirrelwaffle-loader-to.html

Two more malicious libraries distributed via the official NPM repository have been caught stealing credentials, installing remote access trojans, and infecting compromised systems with ransomware.

Read: https://thehackernews.com/2021/10/malicious-npm-libraries-caught.html

Cybersecurity researchers at ESET have discovered a new unique #malware loader, dubbed Wslink, that runs as a server and executes received modules in memory.

Read details: https://thehackernews.com/2021/10/new-wslink-malware-loader-runs-as.html

A researcher has cracked 70% of the 5,000 Wi-Fi networks in the Israeli city of Tel Aviv, showing how insecure Wi-Fi passwords can open the door to serious threats for individuals, small businesses and enterprises.

Read: https://thehackernews.com/2021/10/israeli-researcher-cracked-over-3500-wi.html

IMPORTANT — Google has issued an emergency update (version 95.0.4638.69) for Chrome web browser for Windows, Mac, and #Linux users to patch two zero-day vulnerabilities that are being actively exploited in the wild.

https://thehackernews.com/2021/10/google-releases-urgent-chrome-update-to.html

A Russian hacker extradited to the United States earlier this month has appeared in federal court in Ohio to face charges over his alleged involvement in the notorious TrickBot malware group.

Details: https://thehackernews.com/2021/10/russian-trickbot-gang-hacker-extradited.html

// Shrootless (CVE-2021-30892) //

Microsoft discovered a new SIP bypass vulnerability in Apple's macOS system that could allow attackers to gain root privileges and install persistent, undetectable rootkit malware.

Read details: https://thehackernews.com/2021/10/new-shrootless-bug-could-let-attackers.html