Facebook appears to have silently made a tool available that allows users to remove their contact information, such as phone numbers and email addresses, uploaded by others.

Read: https://thehackernews.com/2022/11/this-hidden-facebook-tool-lets-users.html

Australian health insurer Medibank confirmed today that ransomware hackers accessed the personal data of 9.7 million of its customers, but the company will not pay a ransom.

Read: https://thehackernews.com/2022/11/medibank-refuses-to-pay-ransom-after-97.html

U.S. authorities have seized more than 50,000 bitcoin worth $3.36 billion from a person who stole them from the SilkRoad website and stored them on a circuit board hidden in a popcorn tin.

Read: https://thehackernews.com/2022/11/us-seizes-over-50k-bitcoin-worth-33.html

A new analysis shows that the Amadey malware is being used to install the LockBit 3.0 ransomware on compromised systems.

Details: https://thehackernews.com/2022/11/amadey-bot-spotted-deploying-lockbit-30.html

A new clipper malware strain known as Laplas is targeting cryptocurrency users via another malware called SmokeLoader.

Read: https://thehackernews.com/2022/11/new-laplas-clipper-malware-targeting.html

Microsoft has released the November Patch Tuesday security update to fix 68 newly identified vulnerabilities, including 6 actively exploited zero-days.

Read: https://thehackernews.com/2022/11/install-latest-windows-update-asap.html

VMware has released patches for 5 new flaws affecting Workspace ONE Assist solution, 3 of which are rated CRITICAL (CVE-2022-31685, CVE-2022-31686, CVE-2022-31687) and could be exploited to bypass authentication and gain elevated privileges.

https://thehackernews.com/2022/11/vmware-warns-of-3-new-critical-flaws.html

Researchers find an updated version of an IceXLoader malware loader suspected of infecting thousands of home and corporate Windows machines around the world.

Read: https://thehackernews.com/2022/11/new-icexloader-malware-loader-variant.html

Researchers have linked the hacker group "Keksec" to a new campaign that uses malicious Chromium-based browser extensions to spy on machines compromised by the Cloud9 botnet.

Details: https://thehackernews.com/2022/11/experts-warn-of-browser-extensions.html

A number of recent phishing campaigns using the decentralized Interplanetary Filesystem (IPFS) network to host malware, phishing kit infrastructure and facilitate other attacks.

Details: https://thehackernews.com/2022/11/several-cyber-attacks-observed.html

Russia-linked APT29 hackers has been found leveraging a "lesser-known" Windows feature called "Credential Roaming" in its attack on an unnamed European diplomatic entity.

Details: https://thehackernews.com/2022/11/apt29-exploited-windows-feature-to.html

Researchers reported 3 new BIOS vulnerabilities discovered in the UEFI firmware of Lenovo notebook models, including Yoga, IdeaPad and ThinkBook.

Read: https://thehackernews.com/2022/11/new-uefi-firmware-flaws-reported-in.html

A new high-severity vulnerability has been discovered in a critical system used in oil and gas companies that could be exploited by an attacker to inject and execute arbitrary code.

Read: https://thehackernews.com/2022/11/high-severity-flaw-reported-in-critical.html

Citrix has released security updates to address 3 new flaws in Application Delivery Controller (ADC) & Gateway products, including a critical authentication bypass vulnerability that could be exploited to take control of affected systems.

https://thehackernews.com/2022/11/citrix-issues-patches-for-critical-flaw.html

A malicious package discovered on the Python Package Index (PyPI) has been found employing a steganographic trick to conceal malicious code within image files.

Read: https://thehackernews.com/2022/11/researchers-uncover-pypi-package-hiding.html

Google has awarded a researcher $70,000 for reporting a security vulnerability that can be exploited to bypass the lock screen on all Pixel smartphones.

Read details and watch demo: https://thehackernews.com/2022/11/hacker-rewarded-70000-for-finding-way.html

Researchers warn of massive malicious campaigns targeting customers of leading Indian banks with various banking malware, including Elibomi, FakeReward, AxBanker, IcRAT and IcSpy.

Read: https://thehackernews.com/2022/11/warning-this-widespread-malicious.html

Microsoft has attributed the recent wave of "Prestige" ransomware attacks on Ukraine and Poland to the Russia-sponsored hacking group Sandworm.

Read: https://thehackernews.com/2022/11/microsoft-blames-russian-hackers-for.html

U.S. Department of Justice has announced charges against a Russian-Canadian national for his alleged involvement in LockBit ransomware attacks around the world.

Read: https://thehackernews.com/2022/11/russian-canadian-national-charged-over.html

Researchers discover multiple high-severity flaws in the widely used OpenLiteSpeed Web Server and its enterprise variant that could be exploited for RCE attacks.

https://thehackernews.com/2022/11/multiple-high-severity-flaw-affect.html

RCE: CVE-2022-0073
Privilege Escalation: CVE-2022-0074
Directory Traversal: CVE-2022-0072

Two new malicious dropper apps distributed via Google Play Store have been caught infecting users' Android devices with Xenomorph banking malware.

Read: https://thehackernews.com/2022/11/these-two-google-play-store-apps.html