TikTok has denied reports of a data breach after a hacker group claimed to have gained access to information on two billion of its users.

Read details: https://thehackernews.com/2022/09/tiktok-denies-data-breach-reportedly.html

QNAP has issued an advisory urging NAS device users to update Photo Station software to the latest available version after discovering another DeadBolt ransomware attack exploiting a zero-day vulnerability.

Read details: https://thehackernews.com/2022/09/qnap-warns-of-new-deadbolt-ransomware.html

Researchers have discovered a new Android spyware that is capable of collecting extensive information and is distributed under the guise of a book that likely targets the Uyghur community in China.

Details: https://thehackernews.com/2022/09/researchers-find-new-android-spyware.html

Researchers have identified a new phishing-as-a-service (PhaaS) called "EvilProxy" that is being promoted in the dark web as a way for cybercriminals to bypass security measures employed by online services.

Read: https://thehackernews.com/2022/09/new-evilproxy-phishing-service-allowing.html

Researchers uncover "TeslaGun," a previously undocumented software control panel used by the financially motivated cybercrime group TA505 to manage its "ServHelper" backdoor malware attacks.

Read details: https://thehackernews.com/2022/09/ta505-hackers-using-teslagun-panel-to.html

Researchers uncover targeted cyberattacks by the "Worok" espionage hacking group against high-profile Asian companies and local governments.

Read details: https://thehackernews.com/2022/09/worok-hackers-target-high-profile-asian.html

A new critical remote code execution vulnerability (CVE-2022-34747) has been found in Zyxel network-attached storage (NAS) devices — Firmware patch update released.

Read: https://thehackernews.com/2022/09/critical-rce-vulnerability-affects.html

MooBot, a new variant of the Mirai botnet, has been spotted exploiting unpatched D-Link devices to include them in its army of denial-of-service bots.

Read: https://thehackernews.com/2022/09/mirai-variant-moobot-botnet-exploiting.html

North Korean hacker group Lazarus has been spotted deploying a new remote access trojan, dubbed "MagicRAT," in targeted campaigns exploiting VMware Horizon platforms.

Read details: https://thehackernews.com/2022/09/north-korean-hackers-spotted-using-new.html

Researchers discover a new stealthy malware, dubbed Shikitega, that targets Linux-based systems and IoT devices via a multi-stage infection chain and uses polymorphic encoders to evade detection.

Details: https://thehackernews.com/2022/09/new-stealthy-shikitega-malware.html

Law enforcement authorities have dismantled WT1SHOP online cybercrime marketplace for selling stolen login credentials, credit cards and other personal information.

Read details: https://thehackernews.com/2022/09/authorities-shut-down-wt1shop-site-for.html

Google found that some former members of the Conti cybercrime group repurposed their hacking techniques to target Ukraine in financially and politically motivated attacks.

Read: https://thehackernews.com/2022/09/some-members-of-conti-group-targeting.html

Cisco releases security patches for 3 newly discovered vulnerabilities in its products, including a high-severity vulnerability in the NVIDIA Data Plane Development Kit.

Read details: https://thehackernews.com/2022/09/cisco-releases-security-patches-for-new.html

Microsoft warns of a subgroup of the Iranian threat actor Phosphorus (DEV-0270) that has been conducting ransomware attacks as a "form of moonlighting" for personal gain.

Read details: https://thehackernews.com/2022/09/microsoft-warns-of-ransomware-attacks.html

Several major financial services companies in French-speaking African countries have been repeatedly attacked by hackers as part of the DangerousSavanna campaign.

Read details: https://thehackernews.com/2022/09/hackers-repeatedly-targeting-financial.html

Chinese hackers used the PlugX malware to attack government officials in Europe, the Middle East, and South America.

Read: https://thehackernews.com/2022/09/chinese-hackers-target-government.html

A malicious campaign mounted by the North Korea-linked Lazarus Group is targeting energy providers around the world, including those based in the United States, Canada, and Japan.

Read details: https://thehackernews.com/2022/09/north-korean-lazarus-hackers-targeting.html

Multiple security vulnerabilities have been discovered in Baxter's Internet-connected infusion pumps, which are used by healthcare professionals in clinical environments to dispense medication to patients.

Read details: https://thehackernews.com/2022/09/new-vulnerabilities-reported-in-baxters.html

U.S. seizes nearly $30 million worth of cryptocurrencies stolen by the North Korea-linked Lazarus Group from the online video game Axie Infinity.

Read: https://thehackernews.com/2022/09/us-seizes-cryptocurrency-worth-30.html

U.S. Treasury Department has imposed new sanctions on Iran for engaging in cyberattack activities against the Albanian government's computer network.

Read details: https://thehackernews.com/2022/09/us-imposes-new-sanctions-on-iran-over.html