Cyber Security hacker news weekly October 18-25, 2021

Cyber Security hacker news weekly October 18-25, 2021
00:00 intro
00:52 Top 5 Attack Vectors to Look Out For in 2022
05:42 PHISHING
05:45 YouTube creators’ accounts hijacked with cookie-stealing malware
07:57 FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks
09:55 ATTACKS, VULNERABILITIES & UPDATES
09:58 Sinclair TV stations downtime allegedly caused by a ransomware attack
10:58 TA505 Gang Is Back With Newly Polished FlawedGrace RAT
12:34 Experts hacked a fully patched iOS 15 running on iPhone 13 at China’s Tianfu Cup hacking contest
14:00 RedLine Stealer identified as primary source of stolen credentials on two dark web markets
15:45 TeamTNT Deploys Malicious Docker Image On Docker Hub
16:36 Squirrel Bug Lets Attackers Execute Code in Games, Cloud Services
18:24 Geriatric Microsoft Bug Exploited by APT Using Commodity RATs
20:13 Threat actors offer for sale data for 50 millions of Moscow drivers
21:12 REvil ransomware operation shuts down once again
21:46 Experts spotted an Ad-Blocking Chrome extension injecting malicious ads
22:51 Cisco SD-WAN flaw could lead to arbitrary code execution, patch it now!
24:45 TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates
25:45 New Gummy Browsers attack lets hackers spoof tracking profiles
27:51 Symantec uncovered a previously unknown nation-state actor, named Harvester, that targeted telcos
30:07 Supply-chain attack on NPM Package UAParser, which has millions of daily downloads
31:30 Groove ransomware group calls on other ransomware gangs to hit US public sector
32:52 Hacker steals government ID database for Argentina’s entire population
33:53 Prometheus endpoint unprotected installs could expose sensitive data
34:58 FiveSys, a new digitally-signed rootkit spotted by Bitdefender experts
37:06 Experts found many similarities between the new Karma Ransomware and Nemty variants
38:41 A flaw in WinRAR could lead to remote code execution
00:40:40 Evil Corp rebrands their ransomware, this time is the Macaw Locker
42:21 PurpleFox botnet variant uses WebSockets for more secure C2 communication
44:06 Acer suffers a second data breach in a week
45:07 China-linked LightBasin group accessed calling records from telcos worldwide
47:52 Romance scammers exploit Apple’s developer program to spread fake cryptocurrency apps
49:57 OTHER SECURITY NEWS
49:59 Zerodium is looking for zero-day exploits in ExpressVPN, NordVPN, and Surfshark Windows VPN clients
51:27 Trustwave released a free decryptor for the BlackByte ransomware
52:59 DarkSide ransomware operators move 6.8M worth of Bitcoin after REvil shutdown
53:43 FBI, CISA, NSA published a joint advisory on BlackMatter ransomware operations
00:57:02 Facebook SSRF Dashboard allows hunting SSRF vulnerabilities
57:59 US Bureau of Industry and Security bans export of hacking tools to authoritarian regimes
01:00:00 THANKS FOR WATCHING