Uber says the hacker responsible for the latest security breach is linked to the Lapsus$ extortion group.

Read: https://thehackernews.com/2022/09/uber-blames-lapsus-hacking-group-for.html

Researchers have discovered a threat cluster associated with Sandworm that continues to attack Ukraine with off-the-shelf #malware masquerading as telecommunications providers.

Read: https://thehackernews.com/2022/09/russian-sandworm-hackers-impersonate.html

CISA and Claroty researchers warn of newly identified critical remotely exploitable vulnerabilities in Dataprobe's popular iBoot-PDU power distribution unit product, mostly used in industrial environments and data centers.

Read: https://thehackernews.com/2022/09/critical-remote-hack-flaws-found-in.html

Researchers recorded a massive DDoS attack involving more than 25.3 billion requests from nearly 170,000 IPs that included routers, security cameras and compromised servers in more than 180 countries, including the U.S., Indonesia and Brazil.

https://thehackernews.com/2022/09/record-ddos-attack-with-253-billion.html

U.S. Federal Communications Commission (FCC) has added two more Chinese telecommunication companies, ComNet & China Unicom, to its list of communications equipment and services deemed a threat to national security.

Read: https://thehackernews.com/2022/09/us-adds-2-more-chinese-telecom-firms-to.html

Hackers stole $160 million worth of digital assets from crypto trading platform Wintermute.

Read: https://thehackernews.com/2022/09/crypto-trading-firm-wintermute-loses.html

Researchers found over 39,000 unauthenticated Redis database instances exposed on the Internet, nearly 50% of which showed signs of attempted compromise.

Read: https://thehackernews.com/2022/09/over-39000-unauthenticated-redis.html

Hackers are actively exploiting an unauthenticated RCE vulnerability (CVE-2022-26134) in unpatched Atlassian Confluence servers to deploy cryptocurrency mining malware.

Read: https://thehackernews.com/2022/09/hackers-targeting-unpatched-atlassian.html

A 15-year-old unpatched Python vulnerability potentially affects as many as 350,000 open-source projects, leaving them vulnerable to code execution attacks.

Read: https://thehackernews.com/2022/09/15-year-old-unpatched-python.html

Researchers have uncovered a new vulnerability in Oracle Cloud Infrastructure (OCI) that could be exploited by users to access the virtual disks of other Oracle customers.

Read: https://thehackernews.com/2022/09/researchers-disclose-critical.html

A malicious NPM package masquerading as Material Tailwind has been discovered, indicating that threat actors are attempting to distribute malicious code via open source software repositories.

Read: https://thehackernews.com/2022/09/malicious-npm-package-caught-mimicking.html

Researchers have discovered a new wave of mobile surveillance targeting the Uyghur community, part of an ongoing spying operation that has been active since at least 2015.

Read: https://thehackernews.com/2022/09/researchers-uncover-years-long-mobile.html

Microsoft warns that hackers are using malicious OAuth applications to gain control of Exchange email servers and spread spam to cloud tenants.

Read: https://thehackernews.com/2022/09/hackers-using-malicious-oauth-apps-to.html

Indian banks' customers are being targeted by a malicious campaign in which attackers infect their Android devices with a fake REWARD app to steal their personal data.

Read: https://thehackernews.com/2022/09/fake-indian-banking-rewards-apps.html

Void Balaur hacker-for-hire group has shifted its focus to target Russian businesses and political entities.

Read: https://thehackernews.com/2022/09/void-balaur-hackers-for-hire-group-now.html

CISA has added a recently disclosed critical vulnerability in Zoho ManageEngine to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of an active attack.

Read: https://thehackernews.com/2022/09/cisa-warns-of-hackers-exploiting-recent.html

Researchers have identified a previously unknown APT hacking group, dubbed Metador, which has infiltrated telecommunications companies, universities, Internet service providers in the Middle East and Africa.

Read: https://thehackernews.com/2022/09/researchers-uncover-new-metador-apt.html

Sophos has warned of cyberattacks targeting a recently fixed critical RCE vulnerability (CVE-2022-3236) in its firewall product.

Read: https://thehackernews.com/2022/09/hackers-actively-exploiting-new-sophos.html

London police have arrested a 17-year-old Oxfordshire teenager on suspicion of hacking, possibly in connection with the recent high-profile hacking attacks on Uber and Rockstar Games.

Read: https://thehackernews.com/2022/09/london-police-arrested-17-year-old.html

Ukrainian authorities have arrested a hacking group that sold personal data from 30 million accounts belonging to citizens of #Ukraine and the European Union for a profit of $372,000.

Read: https://thehackernews.com/2022/09/ukraine-arrests-cybercrime-group-for.html