FBI, CISA, ACSC, NCSC have issued a fresh warning regarding Iranian government-sponsored APT hackers abusing Microsoft Exchange and Fortinet flaws in the course of their malicious activities, including data exfiltration and #ransomware.

Read: https://thehackernews.com/2021/11/us-uk-and-australia-warn-of-iranian.html

Microsoft warns about the activities of 6 evolving Iranian state-sponsored hacking groups that increasingly rely on ransomware to generate revenue and deliberately sabotage their targets.

Read details: https://thehackernews.com/2021/11/microsoft-warns-about-6-iranian-hacking.html

A critical pre-authentication RCE as root #vulnerability (CVE-2021-34991) affects several models of Netgear SOHO routers.

Read: https://thehackernews.com/2021/11/critical-root-rce-bug-affects-multiple.html

PRODAFT researchers have revealed secrets about the inner workings of the Conti ransomware group, including the servers' real IP addresses and how they made 25 million from their victims.

Read details: https://thehackernews.com/2021/11/experts-expose-secrets-of-conti.html

FBI issues a new FLASH ALERT about an actively exploited zero-day vulnerability affecting FatPipe WARP, MPVPN and IPVPN router clustering and VPN load balancing devices.

Details: https://thehackernews.com/2021/11/fbi-issues-flash-alert-on-actively.html

The U.S. government has charged two Iranian hackers and sanctioned four other Iranian nationals for allegedly sending threatening emails to American voters and spreading disinformation ahead of the 2020 presidential election.

Read: https://thehackernews.com/2021/11/us-charged-2-iranians-hackers-for.html

Researchers discover 11 malicious Python libraries distributed via the PyPI repository that aim to install backdooring shells, steal Discord access tokens, passwords, and launch dependency confusion attacks.

Read details: https://thehackernews.com/2021/11/11-malicious-pypi-python-libraries.html

North Korean hacking group TA406 has been linked to a series of credential-theft campaigns targeting research, government, media, and other organizations, as well as spreading information-gathering malware.

Details: https://thehackernews.com/2021/11/north-korean-hackers-found-behind-range.html

RedCurl, a Russian-speaking cyberespionage hacker group, has returned after a seven-month hiatus with new attacks on four companies this year while improving its toolkit to thwart analysis.

Details: https://thehackernews.com/2021/11/redcurl-corporate-espionage-hackers.html

Hackers have been spotted exploiting Microsoft Exchange 'ProxyLogon' and 'ProxyShell' vulnerabilities in spam campaigns where malicious emails were sent as replies to existing email chains.

Details: https://thehackernews.com/2021/11/hackers-exploiting-proxylogon-and.html

Researchers discover a new #Golang-based Linux malware that hides as a system process on servers running eCommerce websites.

Read: https://thehackernews.com/2021/11/new-golang-based-linux-malware.html

Web hosting company GoDaddy suffers a major data breach affecting over 1 MILLION of its managed WordPress hosting customers, exposing their:

—WordPress admin password set at the time of installation,
—sFTP, database users & passwords,
—SSL private keys

https://thehackernews.com/2021/11/godaddy-data-breach-exposes-over-1.html

Researchers have spotted a more elusive & stealthy version of BrazKing Android malware in the wild, capable of stealing two-factor authentication codes and launching fraudulent transactions from infected devices.

Read details: https://thehackernews.com/2021/11/more-stealthier-version-of-brazking.html

Researchers publish details of two vulnerabilities [CVE-2021-2145 and CVE-2021-2310] in Oracle VM VirtualBox that could allow an attacker to compromise the hypervisor and cause a denial of service (DoS).

Read : https://thehackernews.com/2021/11/researchers-detail-privilege-escalation.html

⚡Apple has sued Israeli spyware firm NSO Group for allowing state-sponsored attackers to illegally hack and spy on its iPhone users via the Pegasus malware.

Read details — https://thehackernews.com/2021/11/apple-sues-israels-nso-group-for-spying.html

Over 9 million Android devices are infected with a new class of information-stealing malware disguised as dozens of arcade, shooter and strategy games, distributed through #Huawei's AppGallery marketplace.

Read: https://thehackernews.com/2021/11/over-9-million-android-phones-running.html

Several users in the Middle East are being targeted by the hacker group APT C-23 with a new variant of their Android spyware that is stealthy and even more persistent.

Read details: https://thehackernews.com/2021/11/apt-c-23-hackers-using-new-android.html

Researchers uncover details of new vulnerabilities in MediaTek's audio DSP embedded in 37% of all smartphones and IoT devices.

Read: https://thehackernews.com/2021/11/eavesdropping-bugs-in-mediatek-chips.html

Exploiting these flaws could allow attackers to carry out a "massive eavesdrop campaign" without the users' knowledge.

VMware has released updates to address two security vulnerabilities (CVE-2021-21980, CVE-2021-22049) in vCenter Server and Cloud Foundation that could be abused by a remote attacker to gain access to sensitive information.

https://thehackernews.com/2021/11/vmware-warns-of-newly-discovered.html

⚠️Warning — Hackers are actively exploiting a new zero-day variant of a recently disclosed privilege escalation vulnerability affecting the Windows Installer software component.

Read details: https://thehackernews.com/2021/11/warning-hackers-exploiting-new-windows.html

A new Iranian hacking group has been discovered exploiting a critical vulnerability in Microsoft Windows' MSHTML platform to target Farsi-speaking victims with PowerShell-based information stealer.

https://thehackernews.com/2021/11/hackers-using-microsoft-mshtml-flaw-to.html