Monthly Security Bulletin – November 2024

This month’s security bulletin hot topics:

1.        qBittorrent fixes flaw exposing users to MitM attacks for 14 years

2.         Lumma/Amadey: fake CAPTCHAs want to know if you’re human

3.         Law Enforcement Deanonymizes Tor Users

4.         New tool bypasses Google Chrome’s new cookie encryption system

5.         Black Basta ransomware poses as IT support on Microsoft Teams to breach networks

6.         Cisco fixes VPN DoS flaw discovered in password spray attacks

7.         The Global Surveillance Free-for-All in Mobile Ad Data

8.         VMware fixes bad patch for critical vCenter Server RCE flaw

9.         Intel, AMD CPUs on Linux impacted by newly disclosed Spectre bypass

10.       Fake Google Meet conference errors push infostealing malware

11.       Critical Kubernetes Image Builder flaw gives SSH root access to VMs

12.       TrickMo malware steals Android PINs using fake lock screen

13.       Iranian hackers now exploit Windows flaw to elevate privileges

14.       Critical Vulnerability in libwebp Library

15.       New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks

16.       Deebot Robot Vacuums Are Using Photos and Audio to Train Their AI

17.       European govt air-gapped systems breached using custom malware

18.       China Possibly Hacking US “Lawful Access” Backdoor

19.       Cloudflare blocks largest recorded DDoS attack peaking at 3.8Tbps

20.       Fake browser updates spread updated WarmCookie malware

21.       Critical Zimbra RCE flaw exploited to backdoor servers using emails

22.       Hacking ChatGPT by Planting False Memories into Its Data