Apple releases a security patch for a new, actively exploited iOS and iPadOS zero-day vulnerability (CVE-2022-42827) that allows malicious apps to execute arbitrary code with the highest privileges.

Read: https://thehackernews.com/2022/10/apple-releases-patch-for-new-actively.html

Hive ransomware hackers have claimed responsibility for the recent cyberattack on Tata Power, and the group has begun leaking stolen data as part of its double extortion scheme.

Read: https://thehackernews.com/2022/10/hive-ransomware-hackers-begin-leaking.html

A 22-year-old high-severity vulnerability has been reported in the widely used SQLite database library that could allow attackers to crash or control programs.

Read: https://thehackernews.com/2022/10/22-year-old-vulnerability-reported-in.html

Researchers uncover details of two Windows event log vulnerabilities, dubbed "LogCrusher" and "OverLog," the first of which is not yet fixed, and the second could be exploited to cause a denial-of-service.

Read: https://thehackernews.com/2022/10/researchers-detail-windows-event-log.html

Cybercriminals used two point-of-sale malware strains (POS) to steal the details of more than 167,000 credit cards worth nearly $3.34 million on underground forums.

Read: https://thehackernews.com/2022/10/cybercriminals-used-two-pos-malware-to.html

CISA warns of active exploitation attempts in the wild targeting two vulnerabilities in Cisco AnyConnect software and four flaws in GIGABYTE drivers.

Read: https://thehackernews.com/2022/10/hackers-actively-exploiting-cisco.html

Cybercrime group Vice Society has been linked to several ransomware and extortion campaigns targeting the education, government, and retail sectors.

Read: https://thehackernews.com/2022/10/vice-society-hackers-are-behind-several.html

VMware has released security updates to address a critical RCE vulnerability (CVE-2021-39144) affecting the VMware Cloud Foundation product.

Read: https://thehackernews.com/2022/10/vmware-releases-patch-for-critical-rce.html

Hackers behind the RomCom RAT malware have been observed using malicious versions of popular apps to attack Ukrainian military institutions.

Read: https://thehackernews.com/2022/10/romcom-hackers-circulating-malicious.html

A 26-year-old Ukrainian national has been charged in the U.S. for his alleged role in the Raccoon Stealer malware-as-a-service (MaaS) operation.

Read: https://thehackernews.com/2022/10/us-charges-ukrainian-hacker-over-role.html

North Korean cyber espionage group Kimsuky has been observed deploying three new Android malware strains (FastFire, FastViewer, and FastSpy) to attack users in its southern counterpart.

Read: https://thehackernews.com/2022/10/kimsuky-hackers-spotted-using-3-new.html

Researchers have uncovered a new cryptojacking campaign targeting vulnerable Docker and Kubernetes infrastructures as part of opportunistic attacks to illicitly mine cryptocurrency.

Read: https://thehackernews.com/2022/10/new-cryptojacking-campaign-targeting.html

Australian health insurance company Medibank announced that the personal data of all 3.9 million customers had been unauthorizedly accessed following a recent ransomware attack.

Read: https://thehackernews.com/2022/10/australian-health-insurer-medibank.html

Researchers detail a recently reported vulnerability, dubbed “SiriSpy,” in Apple's iOS and macOS devices that could have allowed apps to eavesdrop on users' conversations with Siri.

Read: https://thehackernews.com/2022/10/apple-ios-and-macos-flaw-couldve-let.html

Researchers have uncovered over 80 command-and-control (C2) servers associated with the ShadowPad malware.

Read: https://thehackernews.com/2022/10/researchers-expose-over-80-shadowpad.html

U.S. government has charged a 34-year-old British hacker with running a dark web marketplace called "The Real Deal" that sold hacking tools and stolen credentials.

Read: https://thehackernews.com/2022/10/british-hacker-charged-for-operating.html

Raspberry Robin worm infected nearly 3,000 devices in nearly 1,000 organizations, allowing other cybercriminals to deploy malware such as IcedID, Bumblebee, TrueBot, and Clop ransomware.

Read: https://thehackernews.com/2022/10/raspberry-robin-operators-selling.html

⚡ Google is rolling out an emergency update for the Chrome browser to patch an actively exploited zero-day vulnerability (CVE-2022-3723).

Read: https://thehackernews.com/2022/10/google-issues-urgent-chrome-update-to.html

Cyber espionage group Cranefly uses stealthy tactics to target employees dealing with corporate transactions.

Read: https://thehackernews.com/2022/10/researchers-uncover-stealthy-techniques.html

5 malicious Android dropper apps with over 130,000 cumulative installs have been discovered in the Google Play Store, spreading banking trojans like SharkBot and Vultur to steal users' financial data and perform on-device fraud.

Read: https://thehackernews.com/2022/10/these-dropper-apps-on-play-store.html