SCUF Gaming store hacked to steal credit card info of 32,000 customers

SCUF Gaming International, a leading manufacturer of custom PC and console controllers, is notifying customers that its website was hacked in February to plant a malicious script used to steal their credit card information. [...]

https://www.bleepingcomputer.com/news/security/scuf-gaming-store-hacked-to-steal-credit-card-info-of-32-000-customers/

The Week in Ransomware - October 22nd 2021 - Striking back

Between law enforcement operations, REvil's second shut down, and ransomware gangs' response to the hacking of their servers, it has been quite the week. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-22nd-2021-striking-back/

FTC: ISPs collect and monetize far more user data than you’d think

The Federal Trade Commission (FTC) found that six largest internet service providers (ISPs) in the U.S. collect and share customers' personal data without providing them with info on how it's used or meaningful ways to control this process. [...]

https://www.bleepingcomputer.com/news/security/ftc-isps-collect-and-monetize-far-more-user-data-than-you-d-think/

Hacker sells the data for millions of Moscow drivers for $800

Hackers are selling a stolen database containing 50 million records of Moscow driver data on an underground forum for only $800. [...]

https://www.bleepingcomputer.com/news/security/hacker-sells-the-data-for-millions-of-moscow-drivers-for-800/

Popular NPM library hijacked to install password-stealers, miners

Hackers hijacked the popular UA-Parser-JS NPM library, with millions of downloads a week, to infect Linux and Windows devices with cryptominers and password-stealing trojans in a supply-chain attack. [...]

https://www.bleepingcomputer.com/news/security/popular-npm-library-hijacked-to-install-password-stealers-miners/

Microsoft 365 will get support for custom ARC configurations

Microsoft is working on adding custom Authenticated Received Chain (ARC) configuration support to Microsoft Defender for Office 365. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-365-will-get-support-for-custom-arc-configurations/

BlackMatter ransomware victims quietly helped using secret decryptor

Cybersecurity firm Emsisoft has been secretly decrypting BlackMatter ransomware victims since this summer, saving victims millions of dollars. [...]

https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-victims-quietly-helped-using-secret-decryptor/

Microsoft: Russian SVR hacked at least 14 IT supply chain firms since May

Microsoft says the Russian-backed Nobelium threat group behind last year's SolarWinds hack is still targeting the global IT supply chain, with 140 resellers and technology service providers attacked and at least 14 breached since May 2021. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-russian-svr-hacked-at-least-14-it-supply-chain-firms-since-may/

CISA urges admins to patch critical Discourse code execution bug

A critical Discourse remote code execution (RCE) vulnerability tracked as CVE-2021-41163 was fixed via an urgent update by the developer on Friday [...]

https://www.bleepingcomputer.com/news/security/cisa-urges-admins-to-patch-critical-discourse-code-execution-bug/

Hackers used billing software zero-day to deploy ransomware

An unknown ransomware group is exploiting a critical SQL injection bug found in the BillQuick Web Suite time and billing solution to deploy ransomware on their targets' networks in ongoing attacks. [...]

https://www.bleepingcomputer.com/news/security/hackers-used-billing-software-zero-day-to-deploy-ransomware/

It's Windows XP's 20th birthday and way too many still use it

​Today is the 20th anniversary of Windows XP, and although the operating system reached the end of support in 2014, way too many people continue to use the insecure version of Windows. [...]

https://www.bleepingcomputer.com/news/microsoft/its-windows-xps-20th-birthday-and-way-too-many-still-use-it/

Microsoft Defender ATP adds live response for Linux and macOS

Microsoft has announced the addition of new live macOS and Linux response capabilities to Defender for Endpoint, , the enterprise version of Redmond's Windows 10 Defender antivirus. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-atp-adds-live-response-for-linux-and-macos/

South Korean telco KT suffers nationwide outage after routing error

The second-largest telecommunications provider in South Korea, KT Corporation, has suffered a nationwide outage today, leaving all its 16.5 million customers without internet connectivity and telephony services for about 40 minutes. [...]

https://www.bleepingcomputer.com/news/technology/south-korean-telco-kt-suffers-nationwide-outage-after-routing-error/

Millions of Android users targeted in subscription fraud campaign

A new SMS scam campaign relying upon 151 apps has been uncovered, with many of these apps managing to find their way into the Play Store where they amassed 10.5 million downloads. [...]

https://www.bleepingcomputer.com/news/security/millions-of-android-users-targeted-in-subscription-fraud-campaign/

Mozilla blocks malicious add-ons installed by 455K Firefox users

Mozilla blocked malicious Firefox add-ons installed by roughly 455,000 users after discovering in early June that they were abusing the proxy API to block Firefox updates. [...]

https://www.bleepingcomputer.com/news/security/mozilla-blocks-malicious-add-ons-installed-by-455k-firefox-users/

Australia drafts Online Privacy Bill to bolster data security

Australia's Attorney-General has submitted the first draft of a new Online Privacy Bill that contains striking reforms over existing privacy laws.  [...]

https://www.bleepingcomputer.com/news/security/australia-drafts-online-privacy-bill-to-bolster-data-security/

FBI: Ranzy Locker ransomware hit at least 30 US companies this year

The FBI said on Monday that Ranzy Locker ransomware operators had compromised at least 30 US companies this year from various industry sectors. [...]

https://www.bleepingcomputer.com/news/security/fbi-ranzy-locker-ransomware-hit-at-least-30-us-companies-this-year/

Money launderers for Russian hacking groups arrested in Ukraine

The Ukrainian cybercrime police force has arrested members of a group of money launderers and hackers at the request of U.S. intelligence services.  [...]

https://www.bleepingcomputer.com/news/security/money-launderers-for-russian-hacking-groups-arrested-in-ukraine/

Police arrest 150 dark web vendors of illegal drugs and guns

Law enforcement authorities arrested 150 suspects allegedly involved in selling and buying illicit goods on DarkMarket, the largest illegal marketplace on the dark web when it was taken down in January 2021. [...]

https://www.bleepingcomputer.com/news/security/police-arrest-150-dark-web-vendors-of-illegal-drugs-and-guns/

Microsoft is force installing PC Health Check in Windows 10

Microsoft has begun force installing the PC Health Check application on Windows 10 devices using a new KB5005463 update. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-is-force-installing-pc-health-check-in-windows-10/

Researcher cracked 70% of WiFi networks sampled in Tel Aviv

A researcher has managed to crack 70% of a 5,000 WiFi network sample in his hometown, Tel Aviv, to prove that home networks are severely unsecured and easy to hijack. [...]

https://www.bleepingcomputer.com/news/security/researcher-cracked-70-percent-of-wifi-networks-sampled-in-tel-aviv/