Microsoft has revised its mitigation measures for the newly disclosed and actively exploited zero-day vulnerabilities in Exchange Server after it was found that they can be trivially bypassed.

Details: https://thehackernews.com/2022/10/mitigation-for-exchange-zero-days.html

FBI, CISA and NSA have disclosed information on how multiple nation-state hacker groups targeted the network of a Defense Industrial Base sector organization.

Read: https://thehackernews.com/2022/10/fbi-cisa-and-nsa-reveal-how-hackers.html

A new Android malware dubbed "RatMilad" has been observed targeting Middle Eastern enterprise mobile devices by posing as VPNs and phone number spoofing apps.

Read: https://thehackernews.com/2022/10/experts-warn-of-new-ratmilad-android.html

Australian telecom company Telstra has announced that it has been the victim of a third-party data breach, nearly two weeks after its rival Optus reported a data breach of its own.

Read: https://thehackernews.com/2022/10/telstra-telecom-suffers-data-breach.html

Former Uber Chief Security Officer has been found guilty of hiding 2016 #databreach from regulators in an attempt to cover up the incident.

Read: https://thehackernews.com/2022/10/former-uber-security-chief-found-guilty.html

Hacker group behind the malware-as-a-service (MaaS) called "Eternity" has been spotted offering a new malware called "LilithBot" to other cybercriminals.

Read: https://thehackernews.com/2022/10/eternity-group-hackers-offering-new.html

Security researchers have disclosed details of a now-fixed vulnerability in macOS operating system that could have allowed malicious applications to run in a way that bypasses Apple's security measures.

Read: https://thehackernews.com/2022/10/details-released-for-recently-patched.html

A 19-year-old Sydney teenager has been arrested for allegedly using leaked Optus telecom data to extort victims in SMS scams.

Read: https://thehackernews.com/2022/10/19-year-old-hacker-arrested-for-using.html

A hacker group called "LofyGang" distributed nearly 200 trojanized packages on the NPM open source repository that steals users' credit card information.

Read: https://thehackernews.com/2022/10/lofygang-distributed-200-malicious-npm.html

A researcher warns of a new stealth phishing attack technique that could allow hackers to use the application mode feature in Chromium-based web browsers to create "realistic desktop phishing applications."

Read: https://thehackernews.com/2022/10/hackers-can-use-app-mode-in-chromium.html

As part of another BYOVD attack, BlackByte ransomware exploits a flaw in a legitimate Windows driver to bypass security software.

Read: https://thehackernews.com/2022/10/blackbyte-ransomware-abuses-vulnerable.html

Meta security team has identified more than 400 malicious Android and $iOS apps that have stolen users' Facebook login credentials.

Read: https://thehackernews.com/2022/10/facebook-detects-400-android-and-ios.html

Fortinet has privately warned its customers about a new authentication bypass vulnerability (CVE-2022-40684) affecting FortiGate firewalls and FortiProxy web proxies.

Read: https://thehackernews.com/2022/10/fortinet-warns-of-new-auth-bypass-flaw.html

Microsoft has released an improved mitigation method to prevent exploitation attempts against recently disclosed unpatched Exchange server vulnerabilities (CVE-2022-41040 and CVE-2022-41082).

Read: https://thehackernews.com/2022/10/microsoft-issues-improved-mitigations.html

Hackers are exploiting a severe UNPATCHED remote code execution vulnerability (CVE-2022-41352) in Zimbra enterprise collaboration software and email platform.

Read: https://thehackernews.com/2022/10/hackers-exploiting-unpatched-rce-flaw.html

Hackers stole 100 million worth of cryptocurrency from a Binance-linked blockchain.

Read: https://thehackernews.com/2022/10/hackers-steal-100-million.html

Intel has confirmed that proprietary source code related to its Alder Lake CPUs has been leaked after it was posted on 4chan and GitHub by an unknown third-party.

Read: https://thehackernews.com/2022/10/intel-confirms-leak-of-alder-lake-bios.html

A new report reveals Emotet's latest malware delivery and evasion techniques used in recent cyberattacks.

Read: https://thehackernews.com/2022/10/new-report-uncovers-emotets-delivery.html

Researchers have outlined the increasingly sophisticated malware tools employed by a cyber espionage group called "Earth Aughisky."

Read: https://thehackernews.com/2022/10/researchers-detail-malicious-tools-used.html

Fortinet warns that the newly discovered critical vulnerability affecting its firewall and proxy products is being actively exploited in the wild.

Read: https://thehackernews.com/2022/10/fortinet-warns-of-active-exploitation.html