Chaos ransomware targets gamers via fake Minecraft alt lists

The Chaos Ransomware gang encrypts gamers' Windows devices through fake Minecraft alt lists promoted on gaming forums. [...]

https://www.bleepingcomputer.com/news/security/chaos-ransomware-targets-gamers-via-fake-minecraft-alt-lists/

Microsoft warns of rise in password sprays targeting cloud accounts

The Microsoft Detection and Response Team (DART) says it detected an increase in password spray attacks targeting privileged cloud accounts and high-profile identities such as C-level executives. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-rise-in-password-sprays-targeting-cloud-accounts/

FBI: HelloKitty ransomware adds DDoS attacks to extortion tactics

The U.S. Federal Bureau of Investigation (FBI) has sent out a flash alert warning private industry partners that the HelloKitty ransomware gang (aka FiveHands) has added distributed denial-of-service (DDoS) attacks to their arsenal of extortion tactics. [...]

https://www.bleepingcomputer.com/news/security/fbi-hellokitty-ransomware-adds-ddos-attacks-to-extortion-tactics/

BlackShadow hackers breach Israeli hosting firm and extort customers

The BlackShadow hacking group attacked the Israeli hosting provider Cyberserve to steal client databases and disrupt the company's services. [...]

https://www.bleepingcomputer.com/news/security/blackshadow-hackers-breach-israeli-hosting-firm-and-extort-customers/

Kaspersky's stolen Amazon SES token used in Office 365 phishing

Kaspersky said today that a legitimate Amazon Simple Email Service (SES) token issued to a third-party contractor was recently used by threat actors behind a spear-phishing campaign targeting Office 365 users. [...]

https://www.bleepingcomputer.com/news/security/kasperskys-stolen-amazon-ses-token-used-in-office-365-phishing/

Canadian province health care system disrupted by cyberattack

The Canadian provinces of Newfoundland and Labrador have suffered a cyberattack that has led to severe disruption to healthcare providers and hospitals. [...]

https://www.bleepingcomputer.com/news/security/canadian-province-health-care-system-disrupted-by-cyberattack/

Microsoft Defender for Windows is getting a massive overhaul

Microsoft Defender for Windows is getting a massive overhaul allowing home network admins to deploy Android, iOS, and Mac clients to monitor antivirus, phishing, compromised passwords, and identity theft alerts from a single security dashboard. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-for-windows-is-getting-a-massive-overhaul/

Signal now lets you report and block spam messages

Signal has added an easy way for users to report and block spam straight from message request screens with a single mouse click. [...]

https://www.bleepingcomputer.com/news/security/signal-now-lets-you-report-and-block-spam-messages/

'Trojan Source' attack method can hide bugs into open-source code

Academic researchers have released details about a new attack method they call "Trojan Source" that allows injecting vulnerabilities into the source code of a software project in a way that human reviewers can't detect. [...]

https://www.bleepingcomputer.com/news/security/trojan-source-attack-method-can-hide-bugs-into-open-source-code/

Android November patch fixes actively exploited kernel bug

Google has released the Android November 2021 security updates, which address 18 vulnerabilities in the framework and system components, and 18 more flaws in the kernel and vendor components. [...]

https://www.bleepingcomputer.com/news/security/android-november-patch-fixes-actively-exploited-kernel-bug/

FBI: Ransomware targets companies during mergers and acquisitions

The Federal Bureau of Investigation (FBI) warns that ransomware gangs are targeting companies involved in "time-sensitive financial events" such as corporate mergers and acquisitions to make it easier to extort their victims. [...]

https://www.bleepingcomputer.com/news/security/fbi-ransomware-targets-companies-during-mergers-and-acquisitions/

MITRE shares list of most dangerous hardware weaknesses

MITRE shared a list of the topmost dangerous programming, design, and architecture security flaws plaguing hardware this year. [...]

https://www.bleepingcomputer.com/news/security/mitre-shares-list-of-most-dangerous-hardware-weaknesses/

macOS Monterey update causes some Macs to become unbootable

A growing number of Mac and Macbook owners report that their devices become unbootable after attempting to update to the latest version of macOS, codenamed 'Monterey.' [...]

https://www.bleepingcomputer.com/news/apple/macos-monterey-update-causes-some-macs-to-become-unbootable/

Microsoft Edge for Linux out of beta, now generally available

Microsoft announced today that the Chromium-based Edge web browser is now generally available on the Linux platform via the stable channel. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-for-linux-out-of-beta-now-generally-available/

Microsoft announces new endpoint security solution for SMBs

Microsoft today announced a new endpoint security solution dubbed Microsoft Defender for Business, specially built for small and medium-sized businesses. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-new-endpoint-security-solution-for-smbs/

Microsoft 365 outage blocks access to OneDrive, SharePoint files

A Microsoft 365 outage prevents access to files, such as Excel documents, stored on the SharePoint Online, OneDrive, Office, and Microsoft Teams cloud storage services. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-blocks-access-to-onedrive-sharepoint-files/

Over 30,000 GitLab servers still unpatched against critical bug

A critical unauthenticated, remote code execution GitLab flaw fixed on April 14, 2021, remains exploitable, with over 50% of deployments remaining unpatched. [...]

https://www.bleepingcomputer.com/news/security/over-30-000-gitlab-servers-still-unpatched-against-critical-bug/

Facebook deletes 1 billion faceprints in Face Recognition shutdown

Facebook announced today that they will no longer use the Face Recognition system on their platform and will be deleting over 1 billion people's facial recognition profiles. [...]

https://www.bleepingcomputer.com/news/technology/facebook-deletes-1-billion-faceprints-in-face-recognition-shutdown/

BlackMatter ransomware claims to be shutting down due to police pressure

The BlackMatter ransomware is allegedly shutting down its operation due to pressure from the authorities and recent law enforcement operations. [...]

https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-claims-to-be-shutting-down-due-to-police-pressure/

Microsoft: Windows 11 built-in apps might not open on some systems

Microsoft says Windows 11 users might experience issues opening or using some built-in apps and features due to an expired digital certificate. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-built-in-apps-might-not-open-on-some-systems/

CISA orders federal agencies to fix hundreds of exploited security flaws

CISA has issued this year's first binding operational directive (BOD) ordering federal civilian agencies to mitigate security vulnerabilities exploited in the wild within an aggressive timeline. [...]

https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-fix-hundreds-of-exploited-security-flaws/