Hackers compromise the FBI's email system in order to send hoax warnings to thousands about a false "sophisticated chain-attack."

https://thehackernews.com/2021/11/fbis-email-system-hacked-to-send-out.html

North Korean Lazarus hacking group targets cybersecurity researchers using a trojanized pirated version of the popular IDA Pro reverse engineering software.

Read: https://thehackernews.com/2021/11/north-korean-hackers-target.html

A new analysis of website fingerprinting (WF) attacks aimed at the Tor web browser has revealed that "an adversary can achieve a WF classification accuracy of above 95% when monitoring a small set of 5 popular websites."

Read details: https://thehackernews.com/2021/11/researchers-demonstrate-new.html

A new politically-motivated hacking group called "Moses Staff" is targeting Israeli companies to cause damage by leaking their stolen sensitive data and encrypting their networks without demanding a ransom.

Read: https://thehackernews.com/2021/11/new-moses-staff-hacker-group-targets.html

Researchers have unmasked a new Android Trojan — called SharkBot — that compromises smartphones to steal credentials from banking and cryptocurrency services in Italy, the UK and the US.

Read details: https://thehackernews.com/2021/11/sharkbot-new-android-trojan-stealing.html

The infamous Emotet botnet has returned with the help of the TrickBot malware, nearly 10 months after a coordinated law enforcement operation dismantled its C&C infrastructure in late January 2021.

Read details: https://thehackernews.com/2021/11/notorious-emotet-botnet-makes-comeback.html

[New] Researchers have demonstrated a new method for fingerprinting advanced MITM phishing toolkits at network-level that allowed them to automatically detect ~1,220 phishing websites in the wild.

Read details: https://thehackernews.com/2021/11/researchers-demonstrate-new-way-to.html

ESET researchers found a link between the spyware sold by Israeli firm Candiru and watering-hole attacks launched through high-profile sites in U.K. and Middle Eastern countries, including Syria, Saudi Arabia, Yemen and Iran.

Read details: https://thehackernews.com/2021/11/israels-candiru-spyware-found-linked-to.html

Hackers targeting Myanmar spotted using the technique of "domain fronting" to hide malicious command-&-control traffic behind a legitimate domain owned by the Myanmar government.

Read details: https://thehackernews.com/2021/11/hackers-targeting-myanmar-use-domain.html

FBI, CISA, ACSC, NCSC have issued a fresh warning regarding Iranian government-sponsored APT hackers abusing Microsoft Exchange and Fortinet flaws in the course of their malicious activities, including data exfiltration and #ransomware.

Read: https://thehackernews.com/2021/11/us-uk-and-australia-warn-of-iranian.html

Microsoft warns about the activities of 6 evolving Iranian state-sponsored hacking groups that increasingly rely on ransomware to generate revenue and deliberately sabotage their targets.

Read details: https://thehackernews.com/2021/11/microsoft-warns-about-6-iranian-hacking.html

A critical pre-authentication RCE as root #vulnerability (CVE-2021-34991) affects several models of Netgear SOHO routers.

Read: https://thehackernews.com/2021/11/critical-root-rce-bug-affects-multiple.html

PRODAFT researchers have revealed secrets about the inner workings of the Conti ransomware group, including the servers' real IP addresses and how they made 25 million from their victims.

Read details: https://thehackernews.com/2021/11/experts-expose-secrets-of-conti.html

FBI issues a new FLASH ALERT about an actively exploited zero-day vulnerability affecting FatPipe WARP, MPVPN and IPVPN router clustering and VPN load balancing devices.

Details: https://thehackernews.com/2021/11/fbi-issues-flash-alert-on-actively.html

The U.S. government has charged two Iranian hackers and sanctioned four other Iranian nationals for allegedly sending threatening emails to American voters and spreading disinformation ahead of the 2020 presidential election.

Read: https://thehackernews.com/2021/11/us-charged-2-iranians-hackers-for.html

Researchers discover 11 malicious Python libraries distributed via the PyPI repository that aim to install backdooring shells, steal Discord access tokens, passwords, and launch dependency confusion attacks.

Read details: https://thehackernews.com/2021/11/11-malicious-pypi-python-libraries.html

North Korean hacking group TA406 has been linked to a series of credential-theft campaigns targeting research, government, media, and other organizations, as well as spreading information-gathering malware.

Details: https://thehackernews.com/2021/11/north-korean-hackers-found-behind-range.html

RedCurl, a Russian-speaking cyberespionage hacker group, has returned after a seven-month hiatus with new attacks on four companies this year while improving its toolkit to thwart analysis.

Details: https://thehackernews.com/2021/11/redcurl-corporate-espionage-hackers.html

Hackers have been spotted exploiting Microsoft Exchange 'ProxyLogon' and 'ProxyShell' vulnerabilities in spam campaigns where malicious emails were sent as replies to existing email chains.

Details: https://thehackernews.com/2021/11/hackers-exploiting-proxylogon-and.html

Researchers discover a new #Golang-based Linux malware that hides as a system process on servers running eCommerce websites.

Read: https://thehackernews.com/2021/11/new-golang-based-linux-malware.html

Web hosting company GoDaddy suffers a major data breach affecting over 1 MILLION of its managed WordPress hosting customers, exposing their:

—WordPress admin password set at the time of installation,
—sFTP, database users & passwords,
—SSL private keys

https://thehackernews.com/2021/11/godaddy-data-breach-exposes-over-1.html