⚠️WARNING — Hackers are actively exploiting a critical zero-day vulnerability in the WordPress e-commerce plugin WPGateway & have attacked more than 280,000 sites in the last 30 days, adding malicious admins to the successfully breached sites.

https://thehackernews.com/2022/09/over-280000-wordpress-sites-attacked.html

< September 2022, Patch Tuesday >

Microsoft issues security patches to fix 64 newly identified vulnerabilities across its software lineup, including a 0-day vulnerability that has been actively exploited in the real world.

https://thehackernews.com/2022/09/microsofts-latest-security-update-fixes.html

Researchers have detailed the inner workings of a malware called OriginLogger, which is being traded as a successor to the widespread information stealer and malware known as Agent Tesla.

Read details: https://thehackernews.com/2022/09/researchers-detail-originlogger-rat.html

SparklingGoblin APT hackers have been spotted using a new Linux variant of the SideWalk backdoor, highlighting the implant's cross-platform capabilities.

Read: https://thehackernews.com/2022/09/sparklinggoblin-apt-hackers-using-new.html

Cybercriminals behind the Lornenz ransomware attacks exploit a vulnerability in Mitel VoIP phone systems to gain a foothold in targeted companies.

Read details: https://thehackernews.com/2022/09/lorenz-ransomware-exploit-mitel-voip.html

WANTED BY THE FBI — $10 MILLION Reward!

United States charges 3 Iranian hackers for ransomware attacks against hundreds of organizations around the world and imposes sanctions on them and 7 other individuals and 2 organizations.

https://thehackernews.com/2022/09/us-charges-3-iranian-hackers-and.html

Webworm hackers have used customized versions of three older remote access trojans (RATs), including Trochilus, Gh0st, and 9002, in recent cyber espionage attacks.

Read: https://thehackernews.com/2022/09/webworm-hackers-using-modified-rats-in.html

In an ongoing #cyberespionage campaign, Gamaredon APT Russian hackers are targeting employees of Ukrainian government, defense, and law enforcement agencies with custom malware to steal information.

Read: https://thehackernews.com/2022/09/russian-gamaredon-hackers-target.html

Gamers looking for cheats on YouTube are being targeted with malicious links that install RedLine stealer malware and cryptocurency miners on gaming computers.

Read: https://thehackernews.com/2022/09/researchers-warn-of-self-spreading.html

Uber is investigating a new breach of its network after a hacker appears to have compromised an employee's Slack account and accessed other internal systems.

Read: https://thehackernews.com/2022/09/uber-says-its-investigating-potential.html

Researchers have uncovered two separate malicious cryptocurrency mining campaigns; one exploiting Oracle WebLogic to control vulnerable servers, while the other targets misconfigured Docker containers.

Read: https://thehackernews.com/2022/09/hackers-targeting-weblogic-servers-and.html

North Korean hackers have been found leveraging a "novel spear-phish method" that involves making use of trojanized versions of the PuTTY SSH and Telnet client.

Read: https://thehackernews.com/2022/09/north-korean-hackers-spreading.html

New connections between two widely used pay-per-install (PPI) malware distribution services have been discovered, revealing that PrivateLoader is the proprietary loader for Ruzki's PPI service.

Read: https://thehackernews.com/2022/09/researchers-find-link-bw-privateloader.html

A recent breach at password management solution LastPass gave hackers access to the company's systems for a 4-days, but "there is no evidence that customer data or encrypted password vaults were accessed."

Read: https://thehackernews.com/2022/09/hackers-had-access-to-lastpasss.html

Uber claims to have found "no evidence" that users' private data was compromised in the recent breach, but screenshots and information from other sources suggest there may be more to this story.

Read: https://thehackernews.com/2022/09/uber-claims-no-sensitive-data-exposed.html

Microsoft warns of an ongoing large-scale CLICK fraud campaign targeting gamers by secretly installing browser extensions on compromised systems.

Read: https://thehackernews.com/2022/09/microsoft-warns-of-large-scale-click.html

Bitdefender has released a free decryptor for LockerGoga ransomware in collaboration with Europol and Zurich law enforcement.

Read: https://thehackernews.com/2022/09/europol-and-bitdefender-release-free.html

After Conti group officially withdrew from the threat landscape, ransomware-as-a-service groups such as Quantum and BlackCat have recently been spotted using the Emotet botnet to expand their reach.

Read: https://thehackernews.com/2022/09/emotet-botnet-started-distributing.html

American video game publisher Rockstar Games has confirmed that a hacker illegally downloaded early footage of Grand Theft Auto VI.

Read: https://thehackernews.com/2022/09/rockstar-games-confirms-hacker-stole.html

Uber says the hacker responsible for the latest security breach is linked to the Lapsus$ extortion group.

Read: https://thehackernews.com/2022/09/uber-blames-lapsus-hacking-group-for.html

Researchers have discovered a threat cluster associated with Sandworm that continues to attack Ukraine with off-the-shelf #malware masquerading as telecommunications providers.

Read: https://thehackernews.com/2022/09/russian-sandworm-hackers-impersonate.html