Researchers have identified a previously undocumented subgroup of APT41 that has been targeting entities located in East and Southeast Asia and Ukraine with custom Cobalt Strike loader.

Read: https://thehackernews.com/2022/11/new-earth-longzhi-apt-targets-ukraine.html

Google has agreed to pay a record $391.5 million fine to settle with 40 U.S. states over allegations that the company deceived users about the collection of their location data.

Read: https://thehackernews.com/2022/11/google-to-pays-391-million-privacy-fine.html

A suspected Chinese state-sponsored actor breached a digital certificate authority as well as government and defense agencies in several Asian countries.

Read: https://thehackernews.com/2022/11/researchers-say-china-state-backed.html

Researchers have disclosed details of recently reported vulnerabilities in the Zendesk Explore analytics service that could have allowed attackers to gain unauthorized access to information from customer accounts.

Read: https://thehackernews.com/2022/11/researchers-reported-critical-sqli-and.html

Researchers discover a serious vulnerability in Time-Triggered Ethernet (TTE) networking technology used in safety-critical infrastructure such as spacecraft, helicopters and wind turbines and can cause the entire system to fail.

https://thehackernews.com/2022/11/pcspoof-new-vulnerability-affects.html

Researchers have discovered a critical remote code execution vulnerability (CVSS score: 9.8) in #Spotify's Backstage software catalog and developer platform.

Details: https://thehackernews.com/2022/11/critical-rce-flaw-reported-in-spotifys.html

Google plans to roll out Privacy Sandbox for Android in beta for mobile devices running Android 13 starting early next year.

Read: https://thehackernews.com/2022/11/google-to-roll-out-privacy-sandbox-beta.html

Researchers have unearthed new samples of RapperBot botnet #malware capable of launching massive DDoS attacks against game servers.

Read: https://thehackernews.com/2022/11/warning-new-rapperbot-campaign-aims-to.html

Researchers discovered hundreds of databases on Amazon RDS exposing personal identifiable information (PII).

Read: https://thehackernews.com/2022/11/researchers-discover-hundreds-of-amazon.html

North Korean hackers have been observed using an updated version of the Dtrack backdoor to attack a wide range of industries in Germany, Brazil, India, Italy, Mexico, Switzerland, Saudi Arabia, Turkey, and the United States.

https://thehackernews.com/2022/11/north-korean-hackers-targeting-europe.html

Iranian government-sponsored hackers have been blamed for compromising a U.S. federal agency by exploiting the Log4Shell vulnerability in an unpatched VMware Horizon server.

Details: https://thehackernews.com/2022/11/iranian-hackers-compromised-us-federal.html

Multiple security vulnerabilities have been reported in F5 BIG-IP and BIG-IQ devices that can be exploited to completely compromise affected systems.

Read: https://thehackernews.com/2022/11/high-severity-vulnerabilities-reported.html

A Ukrainian hacker wanted by the U.S. for more than a decade has been arrested by Swiss authorities for his role in the notorious Zeus cybercrime ring that stole millions of dollars from victims' bank accounts.

https://thehackernews.com/2022/11/fbi-wanted-leader-of-notorious-zeus.html

More than 1,300 companies around the world were attacked by the Hive ransomware-as-a-service (RaaS) scheme, netting the hackers $100 million in illicit payments.

Read: https://thehackernews.com/2022/11/hive-ransomware-attackers-extorted-100.html

LodaRAT malware has resurfaced with new updated variants that are being deployed in conjunction with other sophisticated malware, such as RedLine Stealer and Neshta.

Read: https://thehackernews.com/2022/11/lodarat-malware-resurfaces-with-new.html

Researchers warn about hackers who are constantly distributing new malicious Python packages in an ongoing supply chain attack to spread W4SP stealer #malware.

Read: https://thehackernews.com/2022/11/w4sp-stealer-constantly-targeting.html

Meta reportedly fired or disciplined more than two dozen employees and contractors for allegedly compromising and taking over users' Facebook and Instagram accounts.

Read: https://thehackernews.com/2022/11/meta-reportedly-fires-dozens-of.html

Atlassian has released security patches to address two critical vulnerabilities (CVE-2022-43781 and CVE-2022-43782) affecting Bitbucket Server, Data Center, and Crowd products.

Read: https://thehackernews.com/2022/11/atlassian-releases-patches-for-critical.html

Microsoft researchers warn of an ongoing malware campaign (by DEV-0569) leveraging Google Ads to widely distribute various post-compromise payloads, including Royal ransomware.

Details: https://thehackernews.com/2022/11/microsoft-warns-of-hackers-using-google.html

Chinese Mustang Panda hackers have been linked to a spate of spear-phishing attacks targeting governments, educational institutions, and research facilities around the world.

Details: https://thehackernews.com/2022/11/chinese-mustang-panda-hackers-actively.html

Indian government has released a draft of the much-awaited "Digital Personal #DataProtectionBill 2022," marking the fourth such effort since July 2018.

Details: https://thehackernews.com/2022/11/indian-government-publishes-draft-of.html