PhoneSpy!

South Korean Android users are being spied on by a new family of 23 malicious apps designed to siphon off sensitive information and take remote control of devices.

Read details: https://thehackernews.com/2021/11/researchers-discover-phonespy-malware.html

A new zero-day vulnerability (CVE-2021-3064) has been discovered in Palo Alto Networks GlobalProtect VPN, which could be exploited by an unauthenticated attacker to execute arbitrary code with root privileges on affected devices.

Detail: https://thehackernews.com/2021/11/palo-alto-warns-of-zero-day-bug-in.html

According to a new report, the Iranian hacking group Lyceum is responsible for a series of targeted attacks on ISPs, telecom operators, and other targets in #Israel, Morocco, Tunisia, and Saudi Arabia.

Read details: https://thehackernews.com/2021/11/irans-lyceum-hackers-target-telecoms.html

Operators of the TrickBot Trojan are collaborating with the Shathak threat group to spread their wares, which will ultimately lead to the spread of the Conti ransomware to infected machines.

Read: https://thehackernews.com/2021/11/trickbot-operators-partner-with-shatak.html

Researchers uncover a new cyber mercenary hacker-for-hire group—dubbed Void Balaur—that has been conducting cyber espionage and data theft since 2015, and selling the stolen information on underground forums.

Details: https://thehackernews.com/2021/11/researchers-uncover-hacker-for-hire.html

Researchers have uncovered details of a new watering hole attack carried out via Hong Kong-based websites and exploited a zero-day vulnerability in macOS to install a never-before-seen backdoor on visitors' computers.

Read details: https://thehackernews.com/2021/11/hackers-exploit-macos-zero-day-to-hack.html

Researchers are warning of a new evolving botnet called "Abcbot" that has been spotted in the wild and has worm-like spreading capabilities to infect Linux systems.

Details: https://thehackernews.com/2021/11/abcbot-new-evolving-wormable-botnet.html

Cybercriminals are now increasingly using HTML Smuggling to gain initial access and deploy an array of threats, including banking malware, remote administration Trojans (RATs), and ransomware payloads.

https://thehackernews.com/2021/11/hackers-increasingly-using-html.html

Hackers compromise the FBI's email system in order to send hoax warnings to thousands about a false "sophisticated chain-attack."

https://thehackernews.com/2021/11/fbis-email-system-hacked-to-send-out.html

North Korean Lazarus hacking group targets cybersecurity researchers using a trojanized pirated version of the popular IDA Pro reverse engineering software.

Read: https://thehackernews.com/2021/11/north-korean-hackers-target.html

A new analysis of website fingerprinting (WF) attacks aimed at the Tor web browser has revealed that "an adversary can achieve a WF classification accuracy of above 95% when monitoring a small set of 5 popular websites."

Read details: https://thehackernews.com/2021/11/researchers-demonstrate-new.html

A new politically-motivated hacking group called "Moses Staff" is targeting Israeli companies to cause damage by leaking their stolen sensitive data and encrypting their networks without demanding a ransom.

Read: https://thehackernews.com/2021/11/new-moses-staff-hacker-group-targets.html

Researchers have unmasked a new Android Trojan — called SharkBot — that compromises smartphones to steal credentials from banking and cryptocurrency services in Italy, the UK and the US.

Read details: https://thehackernews.com/2021/11/sharkbot-new-android-trojan-stealing.html

The infamous Emotet botnet has returned with the help of the TrickBot malware, nearly 10 months after a coordinated law enforcement operation dismantled its C&C infrastructure in late January 2021.

Read details: https://thehackernews.com/2021/11/notorious-emotet-botnet-makes-comeback.html

[New] Researchers have demonstrated a new method for fingerprinting advanced MITM phishing toolkits at network-level that allowed them to automatically detect ~1,220 phishing websites in the wild.

Read details: https://thehackernews.com/2021/11/researchers-demonstrate-new-way-to.html

ESET researchers found a link between the spyware sold by Israeli firm Candiru and watering-hole attacks launched through high-profile sites in U.K. and Middle Eastern countries, including Syria, Saudi Arabia, Yemen and Iran.

Read details: https://thehackernews.com/2021/11/israels-candiru-spyware-found-linked-to.html

Hackers targeting Myanmar spotted using the technique of "domain fronting" to hide malicious command-&-control traffic behind a legitimate domain owned by the Myanmar government.

Read details: https://thehackernews.com/2021/11/hackers-targeting-myanmar-use-domain.html

FBI, CISA, ACSC, NCSC have issued a fresh warning regarding Iranian government-sponsored APT hackers abusing Microsoft Exchange and Fortinet flaws in the course of their malicious activities, including data exfiltration and #ransomware.

Read: https://thehackernews.com/2021/11/us-uk-and-australia-warn-of-iranian.html

Microsoft warns about the activities of 6 evolving Iranian state-sponsored hacking groups that increasingly rely on ransomware to generate revenue and deliberately sabotage their targets.

Read details: https://thehackernews.com/2021/11/microsoft-warns-about-6-iranian-hacking.html

A critical pre-authentication RCE as root #vulnerability (CVE-2021-34991) affects several models of Netgear SOHO routers.

Read: https://thehackernews.com/2021/11/critical-root-rce-bug-affects-multiple.html

PRODAFT researchers have revealed secrets about the inner workings of the Conti ransomware group, including the servers' real IP addresses and how they made 25 million from their victims.

Read details: https://thehackernews.com/2021/11/experts-expose-secrets-of-conti.html