Researchers detail a recently reported vulnerability, dubbed βSiriSpy,β in Apple's iOS and macOS devices that could have allowed apps to eavesdrop on users' conversations with Siri.
Read: https://thehackernews.com/2022/10/apple-ios-and-macos-flaw-couldve-let.html
Read: https://thehackernews.com/2022/10/apple-ios-and-macos-flaw-couldve-let.html
π37π€―7π±6β‘4π3π₯1π€1
Researchers have uncovered over 80 command-and-control (C2) servers associated with the ShadowPad malware.
Read: https://thehackernews.com/2022/10/researchers-expose-over-80-shadowpad.html
Read: https://thehackernews.com/2022/10/researchers-expose-over-80-shadowpad.html
π₯28π12π2π€―2β‘1
U.S. government has charged a 34-year-old British hacker with running a dark web marketplace called "The Real Deal" that sold hacking tools and stolen credentials.
Read: https://thehackernews.com/2022/10/british-hacker-charged-for-operating.html
Read: https://thehackernews.com/2022/10/british-hacker-charged-for-operating.html
π€―37π17π15π±8π7β‘3π€3π₯2
Raspberry Robin worm infected nearly 3,000 devices in nearly 1,000 organizations, allowing other cybercriminals to deploy malware such as IcedID, Bumblebee, TrueBot, and Clop ransomware.
Read: https://thehackernews.com/2022/10/raspberry-robin-operators-selling.html
Read: https://thehackernews.com/2022/10/raspberry-robin-operators-selling.html
π€―18π8π₯5β‘2
β‘ Google is rolling out an emergency update for the Chrome browser to patch an actively exploited zero-day vulnerability (CVE-2022-3723).
Read: https://thehackernews.com/2022/10/google-issues-urgent-chrome-update-to.html
Read: https://thehackernews.com/2022/10/google-issues-urgent-chrome-update-to.html
π50π9π€―8β‘4π±4π₯1
Cyber espionage group Cranefly uses stealthy tactics to target employees dealing with corporate transactions.
Read: https://thehackernews.com/2022/10/researchers-uncover-stealthy-techniques.html
Read: https://thehackernews.com/2022/10/researchers-uncover-stealthy-techniques.html
π₯17π7π€―6π4β‘1
5 malicious Android dropper apps with over 130,000 cumulative installs have been discovered in the Google Play Store, spreading banking trojans like SharkBot and Vultur to steal users' financial data and perform on-device fraud.
Read: https://thehackernews.com/2022/10/these-dropper-apps-on-play-store.html
Read: https://thehackernews.com/2022/10/these-dropper-apps-on-play-store.html
π₯19π14π±6π3β‘2
Researchers have uncovered several serious vulnerabilities in Juniper Networks devices, some of which could be exploited for code execution.
Read: https://thehackernews.com/2022/10/high-severity-flaws-in-juniper-junos-os.html
Read: https://thehackernews.com/2022/10/high-severity-flaws-in-juniper-junos-os.html
β‘22π21π4π₯3
Communication services provider Twilio disclosed another security incident involving the same threat actor behind the August hack.
Read: https://thehackernews.com/2022/10/twilio-reveals-another-breach-from-same.html
Read: https://thehackernews.com/2022/10/twilio-reveals-another-breach-from-same.html
π€―34π9π₯8π8π±7β‘6π4
Researchers describe a recently reported vulnerability in Samsung's Galaxy Store app that could have enabled attackers to install and/or launch malicious apps and potentially carry out remote attacks.
Read: https://thehackernews.com/2022/10/samsung-galaxy-store-bug-couldve-let.html
Read: https://thehackernews.com/2022/10/samsung-galaxy-store-bug-couldve-let.html
π€―34π11π₯5π±4β‘3π2
An unofficial patch has been made available for an actively exploited vulnerability in Microsoft Windows that allows files signed with malformed signatures to bypass Mark-of-the-Web (MotW) protection.
Read: https://thehackernews.com/2022/10/unofficial-patch-released-for-new.html
Read: https://thehackernews.com/2022/10/unofficial-patch-released-for-new.html
π32π4π₯3π€―3π±3π2
GitHub patched a new high-severity repojacking bug that could have allowed attackers to access other users' repositories and perform supply chain attacks.
Read: https://thehackernews.com/2022/10/github-repojacking-bug-couldve-allowed.html
Read: https://thehackernews.com/2022/10/github-repojacking-bug-couldve-allowed.html
π€―44π12β‘10π6π€5π₯4π4
Hackers behind the Fodcha distributed denial-of-service (DDoS) botnet has resurfaced with new capabilities.
Read: https://thehackernews.com/2022/10/fodcha-ddos-botnet-resurfaces-with-new.html
Read: https://thehackernews.com/2022/10/fodcha-ddos-botnet-resurfaces-with-new.html
π32π₯12π€―4π€3π±3π1
A critical vulnerability (CVE-2022-36537) has been reported and patched in ConnectWise R1Soft Server Backup Manager software that could lead to remote code execution and supply chain attacks.
Read: https://thehackernews.com/2022/11/critical-rce-vulnerability-reported-in.html
Read: https://thehackernews.com/2022/11/critical-rce-vulnerability-reported-in.html
π₯20π11π€―4π±2
Chinese state-sponsored hackers have been observed employing a new stealthy infection chain in their LODEINFO malware attacks targeting Japanese entities.
Read: https://thehackernews.com/2022/11/chinese-hackers-using-new-stealthy.html
Read: https://thehackernews.com/2022/11/chinese-hackers-using-new-stealthy.html
π13π€―8π₯5π3π2β‘1
Researchers reveal details of a critical authentication bypass vulnerability in Jupyter Notebooks for Microsoft Azure Cosmos DB, which could have allowed attackers to achieve remote code execution on containers.
Read: https://thehackernews.com/2022/11/researchers-disclose-details-of.html
Read: https://thehackernews.com/2022/11/researchers-disclose-details-of.html
β‘12π9π₯5π€―4π1
Nothing CRITICAL this time!
OpenSSL has released patches for 2 new high-severity flaws (CVE-2022-3786 / CVE-2022-3602).
https://thehackernews.com/2022/11/just-in-openssl-releases-patch-for-2.html
CVE-2022-3602 has been downgraded from CRITICAL to HIGH as it cannot be exploited in most widely used architectures and platforms.
OpenSSL has released patches for 2 new high-severity flaws (CVE-2022-3786 / CVE-2022-3602).
https://thehackernews.com/2022/11/just-in-openssl-releases-patch-for-2.html
CVE-2022-3602 has been downgraded from CRITICAL to HIGH as it cannot be exploited in most widely used architectures and platforms.
π34π24π16π€10π₯7π±5
File hosting service Dropbox fell victim to a phishing campaign that allowed unknown hackers gained unauthorized access to 130 of its source code repositories on GitHub.
Read: https://thehackernews.com/2022/11/dropbox-breach-hackers-unauthorizedly.html
Read: https://thehackernews.com/2022/11/dropbox-breach-hackers-unauthorizedly.html
π±42π₯17π€―13π11π8β‘5
Researchers warn of booby-trapped VPN applications infecting Android devices with new SandStrike spyware.
Read: https://thehackernews.com/2022/11/experts-warn-of-sandstrike-android.html
Read: https://thehackernews.com/2022/11/experts-warn-of-sandstrike-android.html
π17π€―11π₯4π€3
As part of an adware and information theft campaign, four Android apps from the same developer directed victims to malicious websites.
Read: https://thehackernews.com/2022/11/these-android-apps-with-million-play.html
Read: https://thehackernews.com/2022/11/these-android-apps-with-million-play.html
π27π₯12π€―10
π₯26π9β‘8π±4π€―3