WordPress plugin bug impacts 1M sites, allows malicious redirects

The OptinMonster plugin is affected by a high-severity flaw that allows unauthorized API access and sensitive information disclosure on roughly a million WordPress sites. [...]

https://www.bleepingcomputer.com/news/security/wordpress-plugin-bug-impacts-1m-sites-allows-malicious-redirects/

Android spyware spreading as antivirus software in Japan

A new variant of the Android info-stealer called FakeCop has been spotted by Japanese security researchers, who warn that the distribution of the malicious APK is picking up pace. [...]

https://www.bleepingcomputer.com/news/security/android-spyware-spreading-as-antivirus-software-in-japan/

Microsoft: Shrootless bug lets hackers install macOS rootkits

Attackers could use a new macOS vulnerability discovered by Microsoft to bypass System Integrity Protection (SIP) and perform arbitrary operations, elevate privileges to root, and install rootkits on vulnerable devices. [...]

https://www.bleepingcomputer.com/news/security/microsoft-shrootless-bug-lets-hackers-install-macos-rootkits/

NSA and CISA share guidance on securing 5G cloud infrastructure

CISA and the NSA shared guidance on securing cloud-native 5G networks from attacks seeking to compromise information or deny access by taking down cloud infrastructure. [...]

https://www.bleepingcomputer.com/news/security/nsa-and-cisa-share-guidance-on-securing-5g-cloud-infrastructure/

All Windows versions impacted by new LPE zero-day vulnerability

A security researcher has disclosed technical details for a Windows zero-day privilege elevation vulnerability and a public proof-of-concept (PoC) exploit that gives SYSTEM privileges under certain conditions. [...]

https://www.bleepingcomputer.com/news/security/all-windows-versions-impacted-by-new-lpe-zero-day-vulnerability/

Emergency Google Chrome update fixes zero-days used in attacks

Google has released Chrome 95.0.4638.69 for Windows, Mac, and Linux to fix two zero-day vulnerabilities that attackers have actively exploited. [...]

https://www.bleepingcomputer.com/news/google/emergency-google-chrome-update-fixes-zero-days-used-in-attacks/

TrickBot malware dev extradited to U.S. faces 60 years in prison

A Russian national believed to be a member of the TrickBot malware development team has been extradited to the U.S. and is currently facing charges that could get him 60 years in prison. [...]

https://www.bleepingcomputer.com/news/security/trickbot-malware-dev-extradited-to-us-faces-60-years-in-prison/

Police arrest criminals behind Norsk Hydro ransomware attack

The Europol has announced the arrest of 12 individuals who are believed to be linked to ransomware attacks against 1,800 victims in 71 countries. [...]

https://www.bleepingcomputer.com/news/security/police-arrest-criminals-behind-norsk-hydro-ransomware-attack/

Google Chromebooks failing to enroll due to network issue

Since Thursday evening, Google has been investigating reports of customers having issues enrolling their Chromebooks with a network error. [...]

https://www.bleepingcomputer.com/news/security/google-chromebooks-failing-to-enroll-due-to-network-issue/

Microsoft: Windows web content filtering now generally available

Microsoft has announced that web content filtering has reached general availability and is now available for all Windows enterprise customers. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-web-content-filtering-now-generally-available/

DOJ: Pirated sports streamer hacked accounts, extorted MLB

The U.S. Attorney's Office for the Southern District of New York has charged a man for illegally streaming MLB, NBA, NFL, and NHL games via the web and hacking into sports leagues' customer accounts. [...]

https://www.bleepingcomputer.com/news/security/doj-pirated-sports-streamer-hacked-accounts-extorted-mlb/

Microsoft PowerToys adds Windows 11 theme, new mouse utility

Microsoft has added new utilities to the PowerToys toolset and updated the user interface with a new Windows 11 theme for PowerRename. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-powertoys-adds-windows-11-theme-new-mouse-utility/

Hive ransomware now encrypts Linux and FreeBSD systems

The Hive ransomware gang now also encrypts Linux and FreeBSD using new malware variants specifically developed to target these platforms. [...]

https://www.bleepingcomputer.com/news/security/hive-ransomware-now-encrypts-linux-and-freebsd-systems/

Snake malware biting hard on 50 apps for only $25

Cybercriminals are flooding to use the Snake password-stealing trojan, making it one of the popular malware families used in attacks. [...]

https://www.bleepingcomputer.com/news/security/snake-malware-biting-hard-on-50-apps-for-only-25/

The Week in Ransomware - October 29th 2021 - Making arrests

This week, international law enforcement operations went on the offensive, making arrests in numerous countries for ransomware-related activities. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-29th-2021-making-arrests/

Microsoft: Windows KB5006674, KB5006670 updates break printing

Microsoft says Windows customers are experiencing issues with network printing after installing the Windows 11 KB5006674 and Windows 10 KB5006670 updates issued with this month's Patch Tuesday, on October 12. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-kb5006674-kb5006670-updates-break-printing/

Chaos ransomware targets gamers via fake Minecraft alt lists

The Chaos Ransomware gang encrypts gamers' Windows devices through fake Minecraft alt lists promoted on gaming forums. [...]

https://www.bleepingcomputer.com/news/security/chaos-ransomware-targets-gamers-via-fake-minecraft-alt-lists/

Microsoft warns of rise in password sprays targeting cloud accounts

The Microsoft Detection and Response Team (DART) says it detected an increase in password spray attacks targeting privileged cloud accounts and high-profile identities such as C-level executives. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-rise-in-password-sprays-targeting-cloud-accounts/

FBI: HelloKitty ransomware adds DDoS attacks to extortion tactics

The U.S. Federal Bureau of Investigation (FBI) has sent out a flash alert warning private industry partners that the HelloKitty ransomware gang (aka FiveHands) has added distributed denial-of-service (DDoS) attacks to their arsenal of extortion tactics. [...]

https://www.bleepingcomputer.com/news/security/fbi-hellokitty-ransomware-adds-ddos-attacks-to-extortion-tactics/

BlackShadow hackers breach Israeli hosting firm and extort customers

The BlackShadow hacking group attacked the Israeli hosting provider Cyberserve to steal client databases and disrupt the company's services. [...]

https://www.bleepingcomputer.com/news/security/blackshadow-hackers-breach-israeli-hosting-firm-and-extort-customers/

Kaspersky's stolen Amazon SES token used in Office 365 phishing

Kaspersky said today that a legitimate Amazon Simple Email Service (SES) token issued to a third-party contractor was recently used by threat actors behind a spear-phishing campaign targeting Office 365 users. [...]

https://www.bleepingcomputer.com/news/security/kasperskys-stolen-amazon-ses-token-used-in-office-365-phishing/