BlackMatter ransomware appears to be shutting down and meanwhile, researchers have released the latest analysis of new samples, showing how operators have been steadily adding new features and encryption capabilities over three months.

Read: https://thehackernews.com/2021/11/blackmatter-ransomware-reportedly.html

A heap overflow vulnerability (CVE-2021-43267) has been reported in Linux Kernel's Transparent Inter Process Communication (TIPC) module that can be exploited either locally or remotely within a network to gain kernel privileges.

Read: https://thehackernews.com/2021/11/critical-rce-vulnerability-reported-in.html

Cisco has released security patches for flaws affecting multiple products, the most critical of which are:

—CVE-2021-40119: Hardcoded SSH Keys Bug in Policy Suite.

—Multiple flaws affecting Cisco Catalyst PON Series Switches ONT.

Read: https://thehackernews.com/2021/11/hardcoded-ssh-key-in-cisco-policy-suite.html

United States has announced a $10,000,000 reward for information leading to the identification or location of key individuals behind the Russia-linked DarkSide ransomware group.

Read — https://thehackernews.com/2021/11/us-offers-10-million-reward-for.html

CISA has ordered U.S. federal agencies to patch hundreds of actively exploited vulnerabilities discovered in 2021 by November 17, 2021, and the remaining older vulnerabilities by May 3, 2022.

Read Details — https://thehackernews.com/2021/11/us-federal-agencies-ordered-to-patch.html

Two popular NPM packages— "coa" and "rc" —with a cumulative weekly download of nearly 22 million have been found to be backdoored with malicious password-stealer code in another instance of a supply-chain attack.

Read: https://thehackernews.com/2021/11/two-npm-packages-with-22-million-weekly.html

BlackBerry researchers have discovered an Initial Access Broker (IAB), Zebra2104, that's connected to three malicious groups, including MountLocker and Phobos ransomware, as well as StrongPity APT.

Read: https://thehackernews.com/2021/11/blackberry-uncover-initial-access.html

At least nine entities across multiple industries were compromised by exploiting a recently patched critical vulnerability in Zoho's ManageEngine ADSelfService Plus, which was used to drop various shells and stealers.

Read: https://thehackernews.com/2021/11/experts-detail-malicious-code-dropped.html

Suspected REvil ransomware affiliates arrested in global takedown, including 22-year-old allegedly involved in #Kaseya supply-chain attack.

https://thehackernews.com/2021/11/suspected-revil-ransomware-affiliates.html

Suspects are responsible for 5000 infections & extorted an estimated $577.70 million from affected businesses.

The U.S. Justice Department has charged a Ukrainian national with launching a ransomware attack against software company Kaseya and seized $6.1 million in connection with suspected extortionists.

Details: https://thehackernews.com/2021/11/us-charges-ukrainian-hacker-for-kaseya.html

Robinhood, a popular trading platform and investing app, suffered a data breach in which hackers accessed the data of nearly 7 million users, and even attempted to extort the company for ransom.

Read: https://thehackernews.com/2021/11/robinhood-trading-app-suffers-data.html

< Nov. 2021 Patch Tuesday >

Microsoft releases security patches for 55 new vulnerabilities, including two actively exploited zero-day flaws in Excel (CVE-2021-42292) and Exchange Server (CVE-2021-42321).

Read Details: https://thehackernews.com/2021/11/microsoft-issues-patches-for-actively.html

Researchers have discovered 14 new critical vulnerabilities affecting the BusyBox utility, the Swiss Army knife for Linux-based embedded devices.

Read details: https://thehackernews.com/2021/11/14-new-security-flaws-found-in-busybox.html

PhoneSpy!

South Korean Android users are being spied on by a new family of 23 malicious apps designed to siphon off sensitive information and take remote control of devices.

Read details: https://thehackernews.com/2021/11/researchers-discover-phonespy-malware.html

A new zero-day vulnerability (CVE-2021-3064) has been discovered in Palo Alto Networks GlobalProtect VPN, which could be exploited by an unauthenticated attacker to execute arbitrary code with root privileges on affected devices.

Detail: https://thehackernews.com/2021/11/palo-alto-warns-of-zero-day-bug-in.html

According to a new report, the Iranian hacking group Lyceum is responsible for a series of targeted attacks on ISPs, telecom operators, and other targets in #Israel, Morocco, Tunisia, and Saudi Arabia.

Read details: https://thehackernews.com/2021/11/irans-lyceum-hackers-target-telecoms.html

Operators of the TrickBot Trojan are collaborating with the Shathak threat group to spread their wares, which will ultimately lead to the spread of the Conti ransomware to infected machines.

Read: https://thehackernews.com/2021/11/trickbot-operators-partner-with-shatak.html

Researchers uncover a new cyber mercenary hacker-for-hire group—dubbed Void Balaur—that has been conducting cyber espionage and data theft since 2015, and selling the stolen information on underground forums.

Details: https://thehackernews.com/2021/11/researchers-uncover-hacker-for-hire.html

Researchers have uncovered details of a new watering hole attack carried out via Hong Kong-based websites and exploited a zero-day vulnerability in macOS to install a never-before-seen backdoor on visitors' computers.

Read details: https://thehackernews.com/2021/11/hackers-exploit-macos-zero-day-to-hack.html

Researchers are warning of a new evolving botnet called "Abcbot" that has been spotted in the wild and has worm-like spreading capabilities to infect Linux systems.

Details: https://thehackernews.com/2021/11/abcbot-new-evolving-wormable-botnet.html

Cybercriminals are now increasingly using HTML Smuggling to gain initial access and deploy an array of threats, including banking malware, remote administration Trojans (RATs), and ransomware payloads.

https://thehackernews.com/2021/11/hackers-increasingly-using-html.html