Hackers undetected on Queensland water supplier server for 9 months

Hackers stayed hidden for nine months on a server holding customer information for a Queensland water supplier, illustrating the need of better cyberdefenses for critical infrastructure. [...]

https://www.bleepingcomputer.com/news/security/hackers-undetected-on-queensland-water-supplier-server-for-9-months/

AMD fixes dozens of Windows 10 graphics driver security bugs

AMD has fixed a long list of security vulnerabilities found in its graphics driver for Windows 10 devices, allowing attackers to execute arbitrary code and elevate privileges on vulnerable systems. [...]

https://www.bleepingcomputer.com/news/security/amd-fixes-dozens-of-windows-10-graphics-driver-security-bugs/

How to fix the Windows 0x0000007c network printing error

A Windows security update released in October caused widespread Windows 10 and Windows 11 issues where users experience 0x0000007c errors when adding or printing to network printers. This article describes a fix you can use for the 0x0000007c printing errors. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-fix-the-windows-0x0000007c-network-printing-error/

BotenaGo botnet targets millions of IoT devices with 33 exploits

A new BotenaGo malware botnet has been discovered using over thirty exploits to attack millions of routers and IoT devices. [...]

https://www.bleepingcomputer.com/news/security/botenago-botnet-targets-millions-of-iot-devices-with-33-exploits/

Windows 10 App Installer abused in BazarLoader malware attacks

The TrickBot gang operators are now abusing the Windows 10 App Installer to deploy their BazarLoader malware on the systems of targets who fall victim to a highly targeted spam campaign. [...]

https://www.bleepingcomputer.com/news/security/windows-10-app-installer-abused-in-bazarloader-malware-attacks/

The new Microsoft Store is now rolling out to Windows 10 PCs

Microsoft has started rolling out Windows 11's new Microsoft Store to Windows 10, allowing users a greater option of apps for users to install. [...]

https://www.bleepingcomputer.com/news/microsoft/the-new-microsoft-store-is-now-rolling-out-to-windows-10-pcs/

Zero-day bug in all Windows versions gets free unofficial patch

A free and unofficial patch is now available for a zero-day local privilege escalation vulnerability in the Windows User Profile Service that lets attackers gain SYSTEM privileges under certain conditions. [...]

https://www.bleepingcomputer.com/news/microsoft/zero-day-bug-in-all-windows-versions-gets-free-unofficial-patch/

Costco discloses data breach after finding credit card skimmer

Costco Wholesale Corporation has warned customers in notification letters sent this month that their payment card information might have been stolen while recently shopping at one of its stores. [...]

https://www.bleepingcomputer.com/news/security/costco-discloses-data-breach-after-finding-credit-card-skimmer/

Microsoft warns of surge in HTML smuggling phishing attacks

Microsoft has seen a surge in malware campaigns using HTML smuggling to distribute banking malware and remote access trojans (RAT). [...]

https://www.bleepingcomputer.com/news/security/microsoft-warns-of-surge-in-html-smuggling-phishing-attacks/

These are the top-level domains threat actors like the most

​Out of over a thousand top-level domain choices, cyber-criminals and threat actors prefer a small set of 25, which accounts for 90% of all malicious sites. [...]

https://www.bleepingcomputer.com/news/security/these-are-the-top-level-domains-threat-actors-like-the-most/

FTC shares ransomware defense tips for small US businesses

The US Federal Trade Commission (FTC) has shared guidance for small businesses on how to secure their networks from ransomware attacks by blocking threat actors' attempts to exploit vulnerabilities using social engineering or exploits targeting technology. [...]

https://www.bleepingcomputer.com/news/security/ftc-shares-ransomware-defense-tips-for-small-us-businesses/

QBot returns for a new wave of infections using Squirrelwaffle

The activity of the QBot (also known as Quakbot) banking trojan is spiking again, and analysts from multiple security research firms attribute this to the rise of Squirrelwaffle. [...]

https://www.bleepingcomputer.com/news/security/qbot-returns-for-a-new-wave-of-infections-using-squirrelwaffle/

Microsoft Intune bug forces Samsung devices into non-compliant state

Microsoft says some Samsung Galaxy devices will be marked as non-compliant with the organization's security requirements in Microsoft Intune's management interface after automatic restarts or after installing managed updates. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-intune-bug-forces-samsung-devices-into-non-compliant-state/

The Week in Ransomware - November 12th 2021 - Targeting REvil

This week, law enforcement struck a massive blow against the REvil ransomware operation, with multiple arrests announced and the seizure of cryptocurrency. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-12th-2021-targeting-revil/

New Windows 11 build fixes widespread printer issues, system freezes

Microsoft has fixed a long list of issues impacting Windows 11 in a newly released build for Windows Insiders in the Beta and Release Preview Channels. [...]

https://www.bleepingcomputer.com/news/microsoft/new-windows-11-build-fixes-widespread-printer-issues-system-freezes/

Surveillance firm pays $1 million fine after 'spy van' scandal

The Office of the Commissioner for Personal Data Protection in Cyprus has collected a $1 million fine from intelligence company WiSpear for gathering mobile data from various individuals arriving at the airport in Larnaca. [...]

https://www.bleepingcomputer.com/news/security/surveillance-firm-pays-1-million-fine-after-spy-van-scandal/

Fake end-to-end encrypted chat app distributes Android spyware

The GravityRAT remote access trojan is being distributed in the wild again, this time under the guise of an end-to-end encrypted chat application called SoSafe Chat. [...]

https://www.bleepingcomputer.com/news/security/fake-end-to-end-encrypted-chat-app-distributes-android-spyware/

FBI system hacked to email 'urgent' warning about fake cyberattack

The Federal Bureau of Investigation (FBI) email servers were hacked to distribute spam email impersonating FBI warnings that the recipients' network was breached and data was stolen. [...]

https://www.bleepingcomputer.com/news/security/fbi-system-hacked-to-email-urgent-warning-about-fake-cyberattack/

US Education Dept urged to boost K-12 schools' ransomware defenses

The US Department of Education and Department of Homeland Security (DHS) were urged this week to more aggressively strengthen cybersecurity protections at K-12 schools across the nation to keep up with a massive wave of attacks. [...]

https://www.bleepingcomputer.com/news/security/us-education-dept-urged-to-boost-k-12-schools-ransomware-defenses/

New Microsoft emergency updates fix Windows Server auth issues

Microsoft has released out-of-band updates to address authentication failures related to Kerberos delegation scenarios impacting Domain Controllers (DC) running supported versions of Windows Server. [...]

https://www.bleepingcomputer.com/news/microsoft/new-microsoft-emergency-updates-fix-windows-server-auth-issues/

Moses Staff hackers wreak havoc on Israeli orgs with ransomless encryptions

A new hacker group named Moses Staff has recently claimed responsibility for numerous attacks against Israeli entities, which appear politically motivated as they do not make any ransom payment demands. [...]

https://www.bleepingcomputer.com/news/security/moses-staff-hackers-wreak-havoc-on-israeli-orgs-with-ransomless-encryptions/