Lookout: almost 50% of Android phones used by US state and local government staff run outdated versions of the OS, exposing them to hundreds of vulnerabilities (Bill Toulas/BleepingComputer)

Bill Toulas / BleepingComputer:
Researchers find 75 apps on Google Play and 10 on Apple’s App Store that engaged in ad fraud, collectively had 13M installs, and have since been removed  —  Security researchers have discovered 75 applications on Google Play and another ten on Apple’s App Store engaged in ad fraud.

Bill Toulas / BleepingComputer:
UK police, Europol, Dutch police, and others dismantle online spoofing service iSpoof and arrest 146 people, including the suspected mastermind  —  The ‘iSpoof’ online spoofing service has been dismantled following an international law enforcement investigation that also led to the arrest of 146 people …

Bill Toulas / BleepingComputer:
Researchers find thousands of repos on GitHub offering fake proof-of-concept exploits for various vulnerabilities, with many of them containing malware instead  —  Researchers at the Leiden Institute of Advanced Computer Science found thousands of repositories on GitHub that offer fake proof-of-concept …

Bill Toulas / BleepingComputer:
Brave says it will hide and block cookie consent notifications with an approach “more privacy-preserving” than similar systems used in other browsers  —  The Brave browser will soon allows users to block annoying and potentially privacy-harming cookie consent banners on all websites they visit.

Lawrence Abrams / BleepingComputer:
Microsoft releases 68 security fixes, including patches for six actively exploited Windows zero-day flaws and 11 vulnerabilities classified as Critical  —  Today is Microsoft’s November 2022 Patch Tuesday, and with it comes fixes for six actively exploited Windows vulnerabilities and a total of 68 flaws.

Sergiu Gatlan / BleepingComputer:
Microsoft confirms two zero-day vulnerabilities in Exchange Server 2013, 2016, and 2019 are being exploited; one researcher suspects a Chinese threat actor  —  Microsoft has confirmed that two recently reported zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 are being exploited in the wild.