A new report reveals Emotet's latest malware delivery and evasion techniques used in recent cyberattacks.

Read: https://thehackernews.com/2022/10/new-report-uncovers-emotets-delivery.html

Researchers have outlined the increasingly sophisticated malware tools employed by a cyber espionage group called "Earth Aughisky."

Read: https://thehackernews.com/2022/10/researchers-detail-malicious-tools-used.html

Fortinet warns that the newly discovered critical vulnerability affecting its firewall and proxy products is being actively exploited in the wild.

Read: https://thehackernews.com/2022/10/fortinet-warns-of-active-exploitation.html

Cyber criminals are using a previously undocumented phishing-as-a-service (PhaaS) toolkit called Caffeine to effectively scale their attacks and spread malicious payloads.

Read: https://thehackernews.com/2022/10/researchers-warn-of-new-phishing-as.html

Researchers warn of a recently reported critical RCE vulnerability (CVE-2022-36067 / CVSS 10) in the popular vm2 JavaScript sandbox module that could be exploited by hackers to overcome security barriers and perform arbitrary operations.

Read: https://thehackernews.com/2022/10/researchers-detail-critical-rce-flaw.html

A new report shows how BazaCall callback phishing attack operators keep updating their social engineering tactics to deploy malware on targeted networks.

Read: https://thehackernews.com/2022/10/bazarcall-callback-phishing-attacks.html

A critical vulnerability (CVE-2022-38465 / CVSS 9.3) in Siemens Simatic programmable logic controllers (PLCs) can enable attackers to access hard-coded private cryptographic keys and bypass access controls.

Read: https://thehackernews.com/2022/10/critical-bug-in-siemens-simatic-plcs.html

Microsoft's Patch Tuesday updates this month fix 85 vulnerabilities, including an actively exploited Windows Zero Day vulnerability, but no patches yet for in-the-wild exploited Exchange Server vulnerabilities.

Read: https://thehackernews.com/2022/10/microsoft-patch-tuesday-fixes-new.html

Google is rolling out support for passkeys, the next-generation passwordless authentication standard, to both Android and Chrome.

Read: https://thehackernews.com/2022/10/google-rolling-out-passkey-passwordless.html

Cyber criminals are resorting to voice phishing tactics (vishing) to trick their victims into installing Android banking malware on their devices.

Read: https://thehackernews.com/2022/10/hackers-using-vishing-tactics-to-trick.html

Researchers uncover seven custom backdoors used by Polonium APT hackers in targeted attacks on Israeli entities to take screenshots, log keystrokes, spy via webcam, open reverse shells and exfiltrate files.

Read: https://thehackernews.com/2022/10/researchers-uncover-custom-backdoors.html

Watch Out! An unofficial modified version of the popular WhatsApp messaging app called "YoWhatsApp" has been caught infecting users' Android devices with the Triada malware.

Read: https://thehackernews.com/2022/10/modified-whatsapp-app-caught-infecting.html

Researchers have published technical details and a PoC exploit for a recently disclosed critical vulnerability (CVE-2022-40684) affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager.

Read: https://thehackernews.com/2022/10/poc-exploit-released-for-critical.html

Tata Power, India's largest integrated power company, has been hit by a cyberattack.

Read: https://thehackernews.com/2022/10/indian-energy-company-tata-powers-it.html

Interpol has announced the arrest of 75 people as part of a coordinated global operation against an organized cybercrime syndicate called "Black Axe."

Read: https://thehackernews.com/2022/10/interpol-led-operation-takes-down-black.html

Zimbra has finally released security patches for an actively exploited RCE vulnerability (CVE-2022-41352) in its Enterprise Collaboration Suite that could be used to upload arbitrary files to vulnerable instances.

Read: https://thehackernews.com/2022/10/zimbra-releases-patch-for-actively.html

Microsoft warns about a newly discovered ransomware campaign called "Prestige" that targets companies in the transportation and related logistics industries in Ukraine and Poland.

Read: https://thehackernews.com/2022/10/new-prestige-ransomware-targeting.html

New research has uncovered a security weakness in Microsoft 365 that could be exploited to determine the content of encrypted messages due to the use of a broken cryptographic algorithm.

Read: https://thehackernews.com/2022/10/researchers-claim-microsoft-office-365.html

Hackers behind the Black Basta ransomware attacks have been observed using the Qakbot trojan to deploy the Brute Ratel C4 framework as a second-stage payload in recent attacks.

Read: https://thehackernews.com/2022/10/black-basta-ransomware-hackers.html

Police in Europe have arrested members of a cybercrime ring that used a hacking tool to steal cars without a physical key fob.

Read: https://thehackernews.com/2022/10/european-police-arrest-gang-that-hacked.html