<Trojan Source Attack/>

Researchers discovered a new class of vulnerabilities that hackers could use to hide malicious code & vulnerabilities in source code of a program, effectively opening the door to more first-party and supply chain risks.

https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html

Multiple critical flaws have been discovered in Hitachi Vantara's Pentaho Business Analytics software that could be abused by hackers to upload arbitrary data files and even execute arbitrary code on the app's underlying host system.

Read: https://thehackernews.com/2021/11/critical-flaws-uncovered-in-pentaho.html

Trick & Treat! 🎃

Google launches a new #bugbounty that will reward hackers with $31,337 for exploiting "already patched" Linux kernel vulnerabilities in its lab environment and $50,337 for unpatched flaws or a new exploit technique.

Details: https://thehackernews.com/2021/11/google-to-pay-hackers-31337-for.html

WARNING: A critical unauthenticated remote code execution flaw (CVE-2021-22205) affecting #GitLab CE is being actively exploited in the wild.

Details: https://thehackernews.com/2021/11/alert-hackers-exploiting-gitlab.html

Android Security Bulletin — Nov 2021

➤ There is a new zero-day vulnerability (CVE-2021-1048) that is being exploited by hackers for targeted attacks.

➤ Google has rolled out patches for this and 38 other flaws.

Read — https://thehackernews.com/2021/11/google-warns-of-new-android-0-day.html

Facebook is shutting down its decades-old "facial recognition system" and deleting a vast trove of more than a billion users' facial recognition templates, citing growing societal concerns about the use of such technology.

Read: https://thehackernews.com/2021/11/facebook-to-shut-down-facial.html

BlackMatter ransomware appears to be shutting down and meanwhile, researchers have released the latest analysis of new samples, showing how operators have been steadily adding new features and encryption capabilities over three months.

Read: https://thehackernews.com/2021/11/blackmatter-ransomware-reportedly.html

A heap overflow vulnerability (CVE-2021-43267) has been reported in Linux Kernel's Transparent Inter Process Communication (TIPC) module that can be exploited either locally or remotely within a network to gain kernel privileges.

Read: https://thehackernews.com/2021/11/critical-rce-vulnerability-reported-in.html

Cisco has released security patches for flaws affecting multiple products, the most critical of which are:

—CVE-2021-40119: Hardcoded SSH Keys Bug in Policy Suite.

—Multiple flaws affecting Cisco Catalyst PON Series Switches ONT.

Read: https://thehackernews.com/2021/11/hardcoded-ssh-key-in-cisco-policy-suite.html

United States has announced a $10,000,000 reward for information leading to the identification or location of key individuals behind the Russia-linked DarkSide ransomware group.

Read — https://thehackernews.com/2021/11/us-offers-10-million-reward-for.html

CISA has ordered U.S. federal agencies to patch hundreds of actively exploited vulnerabilities discovered in 2021 by November 17, 2021, and the remaining older vulnerabilities by May 3, 2022.

Read Details — https://thehackernews.com/2021/11/us-federal-agencies-ordered-to-patch.html

Two popular NPM packages— "coa" and "rc" —with a cumulative weekly download of nearly 22 million have been found to be backdoored with malicious password-stealer code in another instance of a supply-chain attack.

Read: https://thehackernews.com/2021/11/two-npm-packages-with-22-million-weekly.html

BlackBerry researchers have discovered an Initial Access Broker (IAB), Zebra2104, that's connected to three malicious groups, including MountLocker and Phobos ransomware, as well as StrongPity APT.

Read: https://thehackernews.com/2021/11/blackberry-uncover-initial-access.html

At least nine entities across multiple industries were compromised by exploiting a recently patched critical vulnerability in Zoho's ManageEngine ADSelfService Plus, which was used to drop various shells and stealers.

Read: https://thehackernews.com/2021/11/experts-detail-malicious-code-dropped.html

Suspected REvil ransomware affiliates arrested in global takedown, including 22-year-old allegedly involved in #Kaseya supply-chain attack.

https://thehackernews.com/2021/11/suspected-revil-ransomware-affiliates.html

Suspects are responsible for 5000 infections & extorted an estimated $577.70 million from affected businesses.

The U.S. Justice Department has charged a Ukrainian national with launching a ransomware attack against software company Kaseya and seized $6.1 million in connection with suspected extortionists.

Details: https://thehackernews.com/2021/11/us-charges-ukrainian-hacker-for-kaseya.html

Robinhood, a popular trading platform and investing app, suffered a data breach in which hackers accessed the data of nearly 7 million users, and even attempted to extort the company for ransom.

Read: https://thehackernews.com/2021/11/robinhood-trading-app-suffers-data.html

< Nov. 2021 Patch Tuesday >

Microsoft releases security patches for 55 new vulnerabilities, including two actively exploited zero-day flaws in Excel (CVE-2021-42292) and Exchange Server (CVE-2021-42321).

Read Details: https://thehackernews.com/2021/11/microsoft-issues-patches-for-actively.html

Researchers have discovered 14 new critical vulnerabilities affecting the BusyBox utility, the Swiss Army knife for Linux-based embedded devices.

Read details: https://thehackernews.com/2021/11/14-new-security-flaws-found-in-busybox.html

PhoneSpy!

South Korean Android users are being spied on by a new family of 23 malicious apps designed to siphon off sensitive information and take remote control of devices.

Read details: https://thehackernews.com/2021/11/researchers-discover-phonespy-malware.html

A new zero-day vulnerability (CVE-2021-3064) has been discovered in Palo Alto Networks GlobalProtect VPN, which could be exploited by an unauthenticated attacker to execute arbitrary code with root privileges on affected devices.

Detail: https://thehackernews.com/2021/11/palo-alto-warns-of-zero-day-bug-in.html