Just like the previous month, October too witnessed a volley of cybersecurity-related incidents that affected several organizations, systems, processes and more.
Researchers uncovered several new malware families apart from exploring the latest version of the existing malware. Novter botnet, Tarmac, MedusaLocker ransomware, Lemon_Duck powershell, and many more new malware were found targeting several industries in different sectors, while Gustuff and Adwind trojan were uncovered with enhanced capabilities.
In addition, security experts also demonstrated two new attack methods named PDFex and Minerva attack that could allow attackers to steal more sensitive details. While PDFex attack is launched against PDF viewers, Minerva attack is used against vulnerable cryptographic libraries. Decryption keys for ransomware such as HildaCrypt, STOP, Nemty, Paradise, and Muhstik were also released to allow victims to recover their encrypted files for free.
In the realm of bugs, hackers were found exploiting authentication bypass vulnerability, remote code execution vulnerability, and other critical security flaws to gain access to systems, servers, and networks of organizations.
The past month also saw several massive data breaches across the world that involved the loss of personal and financial details. In one incident, tax records of 20 million Russians were exposed due to an unprotected database. On the other hand, personal data of 92 million Brazilians were put up for auction on the dark web forum. Health records of about one million New Zealanders were also at risk after a breach of Tu Ora Compass Health.
Scammers were, as usual, found leveraging common social engineering techniques to trick users into revealing personal and financial data.
Here's an aggregated list of all breaches, malware, vulnerabilities, patches, and scams reported in October.