Utah medical center hit by data breach affecting 582k patients

Utah Imaging Associates (UIA), a Utah-based radiology center, has announced a data breach affecting 582,170 people after their personal information was exposed. [...]

https://www.bleepingcomputer.com/news/security/utah-medical-center-hit-by-data-breach-affecting-582k-patients/

Microsoft Authenticator gets new enterprise security features

Microsoft has added new security features for Microsoft Authenticator users that further secure the app and make it easier to roll out in enterprise environments. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-authenticator-gets-new-enterprise-security-features/

Fake TSA PreCheck sites scam US travelers with fake renewals

There has been a surge in reports of people getting scammed after visiting TSA PreCheck, Global Entry, and NEXUS application service sites, being charged $140 only to get nothing in return. [...]

https://www.bleepingcomputer.com/news/security/fake-tsa-precheck-sites-scam-us-travelers-with-fake-renewals/

New Windows 11 build fixes Microsoft Installer issue breaking apps

Microsoft has fixed a recently confirmed Windows 11 issue in a newly released build for Windows Insiders in the Beta and Release Preview channels. [...]

https://www.bleepingcomputer.com/news/microsoft/new-windows-11-build-fixes-microsoft-installer-issue-breaking-apps/

Emotet botnet comeback hatched by ex-Ryuk member now part of Conti gang

The Emotet botnet is back by popular demand, resurrected by its former operator convinced by ex-members of the Ryuk ransomware gang. [...]

https://www.bleepingcomputer.com/news/security/emotet-botnet-comeback-hatched-by-ex-ryuk-member-now-part-of-conti-gang/

Some Tesla owners unable to unlock cars due to server errors

Some Tesla owners worldwide are unable to unlock their cars or communicate with it using the app due to problems with the company's servers. [...]

https://www.bleepingcomputer.com/news/technology/some-tesla-owners-unable-to-unlock-cars-due-to-server-errors/

The Week in Ransomware - November 19th 2021 - Targeting Conti

While last week was full of arrests and law enforcement actions, this week has been much quieter, with mostly new research released. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-19th-2021-targeting-conti/

Microsoft: Office 365 will boost default protection for all users

Microsoft is rolling out Built-In Protection to Defender for Office 365, a new feature that would automatically enable recommended settings and policies to make sure all new and existing users get at least a basic level of protection. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-office-365-will-boost-default-protection-for-all-users/

Microsoft Exchange servers hacked in internal reply-chain attacks

Threat actors are hacking Microsoft Exchange servers using ProxyShell and ProxyLogon exploits to distribute malware and bypass detection using stolen internal reply-chain emails. [...]

https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-in-internal-reply-chain-attacks/

US SEC warns investors of ongoing govt impersonation attacks

The Securities and Exchange Commission (SEC) has warned US investors of scammers impersonating SEC officials in government impersonator schemes via phone calls, voicemails, emails, and letters. [...]

https://www.bleepingcomputer.com/news/security/us-sec-warns-investors-of-ongoing-govt-impersonation-attacks/

How to download a Windows 10 21H2 ISO from Microsoft

Microsoft released Windows 10 21H2, the November 2021 Update, last week and you can now download an ISO image for the new version to put aside for emergencies or clean installs. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-download-a-windows-10-21h2-iso-from-microsoft/

Wind turbine giant Vestas' data compromised in cyberattack

Vestas Wind Systems, a leader in wind turbine manufacturing, has shut down its IT systems after suffering a cyberattack. [...]

https://www.bleepingcomputer.com/news/security/wind-turbine-giant-vestas-data-compromised-in-cyberattack/

GoDaddy hack causes data breach affecting 1.2 million customers

GoDaddy said in a data breach notification published today that the data of up to 1.2 million of its customers was exposed after hackers gained access to the company's Managed WordPress hosting environment. [...]

https://www.bleepingcomputer.com/news/security/godaddy-hack-causes-data-breach-affecting-12-million-customers/

Biometric auth bypassed using fingerprint photo, printer, and glue

Researchers demonstrated that fingerprints could be cloned for biometric authentication for as little as $5 without using any sophisticated or uncommon tools. [...]

https://www.bleepingcomputer.com/news/security/biometric-auth-bypassed-using-fingerprint-photo-printer-and-glue/

Black Friday 2021 Deal: 60% off Malwarebytes Premium

Malwarebytes's Black Friday deals are live with 60% off Malwarebytes Premium and 50% off the Malwarebytes Premium + Privacy. [...]

https://www.bleepingcomputer.com/news/software/black-friday-2021-deal-60-percent-off-malwarebytes-premium/

Hackers hit Iran's Mahan airline, claim confidential data theft

One of Iran's largest privately-owned airlines, Mahan Air, has announced a cybersecurity incident that has resulted in its website going offline and potentially data loss. [...]

https://www.bleepingcomputer.com/news/security/hackers-hit-irans-mahan-airline-claim-confidential-data-theft/

US govt warns of increased ransomware risks during holidays

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warned critical infrastructure partners and public/private sector organizations not to let down their defenses against ransomware attacks during the holiday season. [...]

https://www.bleepingcomputer.com/news/security/us-govt-warns-of-increased-ransomware-risks-during-holidays/

UK govt warns thousands of SMBs their online stores were hacked

The UK's National Cyber Security Centre (NCSC) says it warned the owners of more than 4,000 online stores that their sites were compromised in Magecart attacks to steal the payment info of customers. [...]

https://www.bleepingcomputer.com/news/security/uk-govt-warns-thousands-of-smbs-their-online-stores-were-hacked/

Exploit released for Microsoft Exchange RCE bug, patch now

Proof-of-concept exploit code has been released online over the weekend for an actively exploited high severity vulnerability impacting Microsoft Exchange servers. [...]

https://www.bleepingcomputer.com/news/security/exploit-released-for-microsoft-exchange-rce-bug-patch-now/

New Windows zero-day with public exploit lets you become an admin

A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server. [...]

https://www.bleepingcomputer.com/news/microsoft/new-windows-zero-day-with-public-exploit-lets-you-become-an-admin/

Windows 11 KB5007262 Cumulative Update Preview Released

Microsoft has released the optional KB5007262 Preview cumulative update for Windows 11 with 70 fixes or improvements. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5007262-cumulative-update-preview-released/