CISA has ordered U.S. federal agencies to patch hundreds of actively exploited vulnerabilities discovered in 2021 by November 17, 2021, and the remaining older vulnerabilities by May 3, 2022.

Read Details — https://thehackernews.com/2021/11/us-federal-agencies-ordered-to-patch.html

Two popular NPM packages— "coa" and "rc" —with a cumulative weekly download of nearly 22 million have been found to be backdoored with malicious password-stealer code in another instance of a supply-chain attack.

Read: https://thehackernews.com/2021/11/two-npm-packages-with-22-million-weekly.html

BlackBerry researchers have discovered an Initial Access Broker (IAB), Zebra2104, that's connected to three malicious groups, including MountLocker and Phobos ransomware, as well as StrongPity APT.

Read: https://thehackernews.com/2021/11/blackberry-uncover-initial-access.html

At least nine entities across multiple industries were compromised by exploiting a recently patched critical vulnerability in Zoho's ManageEngine ADSelfService Plus, which was used to drop various shells and stealers.

Read: https://thehackernews.com/2021/11/experts-detail-malicious-code-dropped.html

Suspected REvil ransomware affiliates arrested in global takedown, including 22-year-old allegedly involved in #Kaseya supply-chain attack.

https://thehackernews.com/2021/11/suspected-revil-ransomware-affiliates.html

Suspects are responsible for 5000 infections & extorted an estimated $577.70 million from affected businesses.

The U.S. Justice Department has charged a Ukrainian national with launching a ransomware attack against software company Kaseya and seized $6.1 million in connection with suspected extortionists.

Details: https://thehackernews.com/2021/11/us-charges-ukrainian-hacker-for-kaseya.html

Robinhood, a popular trading platform and investing app, suffered a data breach in which hackers accessed the data of nearly 7 million users, and even attempted to extort the company for ransom.

Read: https://thehackernews.com/2021/11/robinhood-trading-app-suffers-data.html

< Nov. 2021 Patch Tuesday >

Microsoft releases security patches for 55 new vulnerabilities, including two actively exploited zero-day flaws in Excel (CVE-2021-42292) and Exchange Server (CVE-2021-42321).

Read Details: https://thehackernews.com/2021/11/microsoft-issues-patches-for-actively.html

Researchers have discovered 14 new critical vulnerabilities affecting the BusyBox utility, the Swiss Army knife for Linux-based embedded devices.

Read details: https://thehackernews.com/2021/11/14-new-security-flaws-found-in-busybox.html

PhoneSpy!

South Korean Android users are being spied on by a new family of 23 malicious apps designed to siphon off sensitive information and take remote control of devices.

Read details: https://thehackernews.com/2021/11/researchers-discover-phonespy-malware.html

A new zero-day vulnerability (CVE-2021-3064) has been discovered in Palo Alto Networks GlobalProtect VPN, which could be exploited by an unauthenticated attacker to execute arbitrary code with root privileges on affected devices.

Detail: https://thehackernews.com/2021/11/palo-alto-warns-of-zero-day-bug-in.html

According to a new report, the Iranian hacking group Lyceum is responsible for a series of targeted attacks on ISPs, telecom operators, and other targets in #Israel, Morocco, Tunisia, and Saudi Arabia.

Read details: https://thehackernews.com/2021/11/irans-lyceum-hackers-target-telecoms.html

Operators of the TrickBot Trojan are collaborating with the Shathak threat group to spread their wares, which will ultimately lead to the spread of the Conti ransomware to infected machines.

Read: https://thehackernews.com/2021/11/trickbot-operators-partner-with-shatak.html

Researchers uncover a new cyber mercenary hacker-for-hire group—dubbed Void Balaur—that has been conducting cyber espionage and data theft since 2015, and selling the stolen information on underground forums.

Details: https://thehackernews.com/2021/11/researchers-uncover-hacker-for-hire.html

Researchers have uncovered details of a new watering hole attack carried out via Hong Kong-based websites and exploited a zero-day vulnerability in macOS to install a never-before-seen backdoor on visitors' computers.

Read details: https://thehackernews.com/2021/11/hackers-exploit-macos-zero-day-to-hack.html

Researchers are warning of a new evolving botnet called "Abcbot" that has been spotted in the wild and has worm-like spreading capabilities to infect Linux systems.

Details: https://thehackernews.com/2021/11/abcbot-new-evolving-wormable-botnet.html

Cybercriminals are now increasingly using HTML Smuggling to gain initial access and deploy an array of threats, including banking malware, remote administration Trojans (RATs), and ransomware payloads.

https://thehackernews.com/2021/11/hackers-increasingly-using-html.html

Hackers compromise the FBI's email system in order to send hoax warnings to thousands about a false "sophisticated chain-attack."

https://thehackernews.com/2021/11/fbis-email-system-hacked-to-send-out.html

North Korean Lazarus hacking group targets cybersecurity researchers using a trojanized pirated version of the popular IDA Pro reverse engineering software.

Read: https://thehackernews.com/2021/11/north-korean-hackers-target.html

A new analysis of website fingerprinting (WF) attacks aimed at the Tor web browser has revealed that "an adversary can achieve a WF classification accuracy of above 95% when monitoring a small set of 5 popular websites."

Read details: https://thehackernews.com/2021/11/researchers-demonstrate-new.html

A new politically-motivated hacking group called "Moses Staff" is targeting Israeli companies to cause damage by leaking their stolen sensitive data and encrypting their networks without demanding a ransom.

Read: https://thehackernews.com/2021/11/new-moses-staff-hacker-group-targets.html