Russian authorities have arrested the founder and CEO of cybersecurity company Group-IB on suspicion of treason against the state for allegedly passing on secret information to foreign intelligence services.

Read details: https://thehackernews.com/2021/09/cybersecurity-firm-group-ibs-ceo.html

The hacking group responsible for the SolarWinds cyberattack has been linked to a new backdoor targeting high-profile victims through DNS hijacking on "government zones of a CIS member state."

Details: https://thehackernews.com/2021/09/new-tomiris-backdoor-found-linked-to.html

A new unpatched vulnerability in Microsoft Azure Active Directory (AD) can be exploited by attackers to perform undetected password brute force attacks—without generating sign-in events in the targeted organization's tenant.

Read details: https://thehackernews.com/2021/09/new-azure-ad-bug-lets-hackers-brute.html

IMPORTANT — Google has released another emergency security update for the Chrome web browser, this time to fix two new zero-day vulnerabilities that are being actively exploited in the wild.

Read details: https://thehackernews.com/2021/09/update-google-chrome-asap-to-patch-2.html

ALERT!!

This new malicious campaign is spreading a fake antivirus program that claims to detect the Pegasus Spyware and pretending to be from Amnesty International but actually infecting computers with malware.

Read details: https://thehackernews.com/2021/10/beware-of-fake-amnesty-international.html

Here's a new free online tool to discover unprotected cloud storage instances.

Read more: https://thehackernews.com/2021/09/immuniweb-launches-free-cloud-security.html

Chinese spy hackers deploy new rootkit against targeted Windows 10 users working for high-profile entities in Malaysia, Thailand, Vietnam and Indonesia, in addition to outliers in Egypt, Ethiopia and Afghanistan.

Details: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html

Researchers have found an unpatched vulnerability in Apple Pay that attackers could exploit to make an unauthorized contactless Visa payment from a locked iPhone.

Read details: https://thehackernews.com/2021/10/apple-pay-can-be-abused-to-make.html

A new hacking group has been identified as being behind a series of attacks on the fuel, energy and aviation industries in Russia, the US, India, Nepal, Taiwan and Japan, with the aim of stealing data from compromised networks.

Details: https://thehackernews.com/2021/10/a-new-apt-hacking-group-targeting-fuel.html

Several poorly configured Apache Airflow instances of companies across various industries exposing their credentials for popular services such as cloud hosting providers, payment processing, and social media platforms.

Read — https://thehackernews.com/2021/10/poorly-configured-apache-airflow.html

LANTENNA Attack!

Researchers demonstrate a new mechanism for exfiltrating data from air-gapped systems—using Ethernet cables to generate wireless radio signals.

Read: https://thehackernews.com/2021/10/creating-wireless-signals-with-ethernet.html

Ukrainian authorities arrest hackers who attacked more than 100 companies in Europe and North America with ransomware malware.

Details: https://thehackernews.com/2021/10/ransomware-hackers-who-attacked-over.html

Chinese cyberespionage group APT41 has been linked to a series of seemingly disparate #malware campaigns in which phishing attacks were disguised as coming from Indian government entities.

Read details — https://thehackernews.com/2021/10/new-study-links-seemingly-disparate.html

Apache has issued urgent security patches to address 2 new security vulnerabilities—including a zero-day path traversal and file disclosure flaw (CVE-2021-41773) in HTTP servers that it said is being actively exploited in the wild.

Details: https://thehackernews.com/2021/10/apache-warns-of-zero-day-exploit-in.html

Researchers have found a previously unknown UEFI bootkit malware — dubbed "ESPecter" — that cyberespionage hackers have been using to backdoor Windows operating systems at least since 2012.

Read details: https://thehackernews.com/2021/10/researchers-discover-uefi-bootkit.html

Multiple critical vulnerabilities have been discovered in Honeywell Experion PKS and ACE Controllers that could be exploited for RCE and DoS attacks on critical processes.

https://thehackernews.com/2021/10/multiple-critical-flaws-discovered-in.html

CVE-2021-38397 (CVSS 10)
TypeCVE-2021-38395 (CVSS 9.1)
CVE-2021-38399 (CVSS 7.5)

Google will automatically enroll around 150 million users in its two-factor authentication scheme by the end of the year as part of its ongoing efforts to prevent unauthorized access to accounts and improve security.

Read details: https://thehackernews.com/2021/10/google-to-turns-on-2-factor.html

Researchers have discovered a new cyberespionage campaign targeting the aerospace and telecommunications industries, in which attackers are using Dropbox to send commands to RAT malware and store stolen data.

Read: https://thehackernews.com/2021/10/iranian-hackers-abuse-dropbox-in.html

Twitch, the popular live streaming site, has suffered a large 125GB data and source code leak as a result of a server configuration issue "that was subsequently accessed by a malicious third party."

Read details: https://thehackernews.com/2021/10/twitch-suffers-massive-125gb-data-and.html

Apple to require all third-party iOS, iPadOS and macOS app developers to mandatorily make it easy for users to delete their accounts.

Details: https://thehackernews.com/2021/10/apple-requires-devs-to-make-it-easy-for.html

U.S. Department of Justice announces a new Civil Cyber-Fraud Initiative aimed at holding government contractors accountable for #cybersecurity.

Read: https://thehackernews.com/2021/10/us-justice-dept-launches-civil-cyber.html

In addition, FCC has established new rules to prevent SIM swapping scams and port-out fraud.