North Korean Lazarus hackers have been observed deploying a Windows rootkit on targeted computers by exploiting a vulnerability in a Dell firmware driver.

Read: https://thehackernews.com/2022/10/hackers-exploiting-dell-driver.html

Researchers have attributed a recently discovered Linux-based ransomware known as Cheerscrypt to "Emperor Dragonfly," a Chinese cyber espionage group known for operating short-lived ransomware schemes.

Read: https://thehackernews.com/2022/10/researchers-link-cheerscrypt-linux.html

Chinese hackers are believed to be behind a new supply chain attack that hijacked the Comm100 Live Chat application to spread a JavaScript backdoor.

Read: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html

U.S. cybersecurity agency CISA has issued a new order directing federal agencies to regularly track all assets and #software vulnerabilities on their networks.

Read: https://thehackernews.com/2022/10/cisa-orders-federal-agencies-to.html

Australian telecom giant Optus has confirmed that the personal information of nearly 2.1 million of its current and former customers was exposed in a recent data breach.

Read: https://thehackernews.com/2022/10/optus-hack-exposes-data-of-nearly-21.html

A 46-year-old online fraudster has been sentenced to 25 years in prison for laundering more than $9.5 million through cyber fraud.

Read: https://thehackernews.com/2022/10/bec-scammer-gets-25-year-jail-sentence.html

Researchers have disclosed details of a recently reported vulnerability in Packagist, a PHP software package repository, that could have been exploited to mount software supply chain attacks.

Read: https://thehackernews.com/2022/10/researchers-report-supply-chain.html

A popular YouTube channel with over 180,000 subscribers has been caught distributing a malicious version of the Tor browser that infects systems with spyware.

Details: https://thehackernews.com/2022/10/popular-youtube-channel-caught.html

India's CBI has arrested a Russian national suspected of hacking into a software platform used for the 2021 engineering entrance exams to help hundreds of students cheat for money.

Read: https://thehackernews.com/2022/10/russian-hacker-arrested-in-india-for.html

A Canadian national convicted for his role as a Netwalker ransomware affiliate has been sentenced to 20 years in U.S. prison and ordered to forfeit $21,500,000.

Read: https://thehackernews.com/2022/10/canadian-netwalker-ransomware-affiliate.html

Microsoft has revised its mitigation measures for the newly disclosed and actively exploited zero-day vulnerabilities in Exchange Server after it was found that they can be trivially bypassed.

Details: https://thehackernews.com/2022/10/mitigation-for-exchange-zero-days.html

FBI, CISA and NSA have disclosed information on how multiple nation-state hacker groups targeted the network of a Defense Industrial Base sector organization.

Read: https://thehackernews.com/2022/10/fbi-cisa-and-nsa-reveal-how-hackers.html

A new Android malware dubbed "RatMilad" has been observed targeting Middle Eastern enterprise mobile devices by posing as VPNs and phone number spoofing apps.

Read: https://thehackernews.com/2022/10/experts-warn-of-new-ratmilad-android.html

Australian telecom company Telstra has announced that it has been the victim of a third-party data breach, nearly two weeks after its rival Optus reported a data breach of its own.

Read: https://thehackernews.com/2022/10/telstra-telecom-suffers-data-breach.html

Former Uber Chief Security Officer has been found guilty of hiding 2016 #databreach from regulators in an attempt to cover up the incident.

Read: https://thehackernews.com/2022/10/former-uber-security-chief-found-guilty.html

Hacker group behind the malware-as-a-service (MaaS) called "Eternity" has been spotted offering a new malware called "LilithBot" to other cybercriminals.

Read: https://thehackernews.com/2022/10/eternity-group-hackers-offering-new.html

Security researchers have disclosed details of a now-fixed vulnerability in macOS operating system that could have allowed malicious applications to run in a way that bypasses Apple's security measures.

Read: https://thehackernews.com/2022/10/details-released-for-recently-patched.html

A 19-year-old Sydney teenager has been arrested for allegedly using leaked Optus telecom data to extort victims in SMS scams.

Read: https://thehackernews.com/2022/10/19-year-old-hacker-arrested-for-using.html

A hacker group called "LofyGang" distributed nearly 200 trojanized packages on the NPM open source repository that steals users' credit card information.

Read: https://thehackernews.com/2022/10/lofygang-distributed-200-malicious-npm.html

A researcher warns of a new stealth phishing attack technique that could allow hackers to use the application mode feature in Chromium-based web browsers to create "realistic desktop phishing applications."

Read: https://thehackernews.com/2022/10/hackers-can-use-app-mode-in-chromium.html