Monthly Security Bulletin – October 2023

1. Exploit released for critical VMware SSH auth bypass vulnerability

2. Chrome extensions can steal plaintext passwords from websites

3. Okta: Hackers target IT help desks to gain Super Admin, disable MFA

4. ASUS routers vulnerable to critical remote code execution flaws

5. W3LL phishing kit hijacks thousands of Microsoft 365 accounts, bypasses MFA

6. Cisco warns of VPN zero-day exploited by ransomware gangs

7. Microsoft Teams phishing attack pushes DarkGate malware

8. New ‘MetaStealer’ malware targets Intel-based macOS systems

9. Hackers use new 3AM ransomware to save failed LockBit attack

10. Microsoft leaks 38TB of private data via unsecured Azure storage

11. Thousands of Juniper devices vulnerable to unauthenticated RCE flaw

12. Fake WinRAR proof-of-concept exploit drops VenomRAT malware

13. Hotel hackers redirect guests to fake Booking.com to steal cards

14. Critical Vulnerability in libwebp Library

15. Google assigns new maximum rated CVE to libwebp bug exploited in attacks

16. Modern GPUs vulnerable to new GPU.zip side-channel attack

17. Fake Bitwarden sites push new ZenRAT password-stealing malware

18. Microsoft breach led to theft of 60,000 US State Dept emails

19. Progress warns of maximum severity WS_FTP Server vulnerability

20. Exploit released for Microsoft SharePoint Server auth bypass flaw