Luna Moth gang has invested "significantly" in call centers to target businesses with callback phishing campaigns and extorted hundreds of thousands of dollars from multiple victims in the legal and retail sectors.

Read: https://thehackernews.com/2022/11/luna-moth-gang-invests-in-call-centers.html

Researchers have warned of an emerging Go-based malware called "Aurora Stealer" that is increasingly being used in campaigns to steal sensitive information from compromised hosts.

Read: https://thehackernews.com/2022/11/researchers-warn-of-cyber-criminals.html

Researchers warn against the Windows malware ViperSoftX, which infects users' Chromium-based web browsers with malicious extensions to steal login credentials, clipboard data, and cryptocurrencies.

Read: https://thehackernews.com/2022/11/this-malware-installs-malicious-browser.html

Nighthawk, a nascent and legitimate penetration testing framework with Cobalt Strike-like capabilities, is likely to become the hackers' next favorite post-exploitation tool.

Read: https://thehackernews.com/2022/11/nighthawk-likely-to-become-hackers-new.html

Microsoft warns of hackers exploiting now-discontinued Boa web server software used in IoT and OT environments to attack critical industries.

Read: https://thehackernews.com/2022/11/hackers-exploiting-abandoned-boa-web.html

Dozens of Russian hacker groups have infected over 890,000 devices with info-stealing #malware and stolen over 50 million passwords for Amazon, PayPal, crypto wallets and gaming accounts.

Read: https://thehackernews.com/2022/11/34-russian-hacker-groups-stole-over-50.html

Vietnam-based cybercrime operation DUCKTAIL has returned with new capabilities to run fraudulent ads via compromised business accounts.

Read: https://thehackernews.com/2022/11/ducktail-malware-operation-evolves-with.html

Black Basta ransomware gang is actively infiltrating U.S. companies with the Qakbot malware to create an initial entry point and move laterally into a company's network.

Read: https://thehackernews.com/2022/11/black-basta-ransomware-gang-actively.html

SharkBot Android banking fraud malware has resurfaced on the official Google Play Store and pretends to be a file manager in order to bypass the app marketplace restrictions.

Read: https://thehackernews.com/2022/11/this-android-file-manager-app-infected.html

Bahamut cyberespionage hacker group targeting Android users with fake VPN apps designed to extract sensitive information.

Read: https://thehackernews.com/2022/11/bahamut-cyber-espionage-hackers.html

A set of 5 vulnerabilities in Arm's Mali GPU driver has remained unpatched on millions of Android devices for months, despite the chip maker releasing fixes.

Read: https://thehackernews.com/2022/11/million-of-android-devices-still-dont.html

Researchers have discovered a new variant of RansomExx ransomware rewritten in the Rust #programming language.

Read: https://thehackernews.com/2022/11/new-ransomexx-ransomware-variant.html

INTERPOL arrested 975 suspected cybercriminals and seized $130 million in a global crackdown on voice phishing, romance fraud, sextortion, investment fraud, business email compromise, and money laundering.

Read: https://thehackernews.com/2022/11/interpol-seized-130-million-from.html

A coordinated law enforcement effort has dismantled an online phone number spoofing service called "iSpoof" and arrested 142 people connected to the operation.

Read: https://thehackernews.com/2022/11/uk-police-arrest-142-in-global.html

Devices from Dell, HP and Lenovo have been found to use outdated versions of the OpenSSL cryptographic library, which are known to contain at least 10 critical vulnerabilities.

Read: https://thehackernews.com/2022/11/dell-hp-and-lenovo-devices-found-using.html

Google has released an update for the Chrome browser to patch a new, actively exploited zero-day vulnerability (CVE-2022-4135) that resides in the GPU component.

Read: https://thehackernews.com/2022/11/update-chrome-browser-now-to-patch-new.html

Researchers warn of new "RansomBoggs" ransomware attacks targeting organizations in Ukraine and linked to the Russia-based Sandworm nation-state hacking group.

Read:https://thehackernews.com/2022/11/russia-based-ransomboggs-ransomware.html

U.S. regulators have imposed a ban on Chinese telecommunications and video surveillance equipment from Huawei, ZTE, Hytera, Hikvision, and Dahua, classifying them as "unacceptable" threats to national security.

Read: https://thehackernews.com/2022/11/us-bans-chinese-telecom-equipment-and.html

Elon Musk has confirmed that #Twitter 2.0 - The Everything App - will bring end-to-end #encryption (E2EE) for direct messages and long-form tweets to the platform.

Read: https://thehackernews.com/2022/11/elon-musk-confirms-twitter-20-will.html

Over a dozen new vulnerabilities have been discovered in the firmware of Lanner's Baseboard Management Controller (BMC) that could leave OT and IoT networks vulnerable to remote attacks.

Read: https://thehackernews.com/2022/11/over-dozen-new-bmc-firmware-flaws.html

Researchers have reported a cross-tenant vulnerability in Amazon Web Services (AWS) that exploits #AWS AppSync and allows an attacker to infiltrate a victim organization and access resources in those accounts.

Read: https://thehackernews.com/2022/11/researchers-detail-appsync-cross-tenant.html