Emotet botnet comeback hatched by ex-Ryuk member now part of Conti gang

The Emotet botnet is back by popular demand, resurrected by its former operator convinced by ex-members of the Ryuk ransomware gang. [...]

https://www.bleepingcomputer.com/news/security/emotet-botnet-comeback-hatched-by-ex-ryuk-member-now-part-of-conti-gang/

Some Tesla owners unable to unlock cars due to server errors

Some Tesla owners worldwide are unable to unlock their cars or communicate with it using the app due to problems with the company's servers. [...]

https://www.bleepingcomputer.com/news/technology/some-tesla-owners-unable-to-unlock-cars-due-to-server-errors/

The Week in Ransomware - November 19th 2021 - Targeting Conti

While last week was full of arrests and law enforcement actions, this week has been much quieter, with mostly new research released. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-19th-2021-targeting-conti/

Microsoft: Office 365 will boost default protection for all users

Microsoft is rolling out Built-In Protection to Defender for Office 365, a new feature that would automatically enable recommended settings and policies to make sure all new and existing users get at least a basic level of protection. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-office-365-will-boost-default-protection-for-all-users/

Microsoft Exchange servers hacked in internal reply-chain attacks

Threat actors are hacking Microsoft Exchange servers using ProxyShell and ProxyLogon exploits to distribute malware and bypass detection using stolen internal reply-chain emails. [...]

https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-in-internal-reply-chain-attacks/

US SEC warns investors of ongoing govt impersonation attacks

The Securities and Exchange Commission (SEC) has warned US investors of scammers impersonating SEC officials in government impersonator schemes via phone calls, voicemails, emails, and letters. [...]

https://www.bleepingcomputer.com/news/security/us-sec-warns-investors-of-ongoing-govt-impersonation-attacks/

How to download a Windows 10 21H2 ISO from Microsoft

Microsoft released Windows 10 21H2, the November 2021 Update, last week and you can now download an ISO image for the new version to put aside for emergencies or clean installs. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-download-a-windows-10-21h2-iso-from-microsoft/

Wind turbine giant Vestas' data compromised in cyberattack

Vestas Wind Systems, a leader in wind turbine manufacturing, has shut down its IT systems after suffering a cyberattack. [...]

https://www.bleepingcomputer.com/news/security/wind-turbine-giant-vestas-data-compromised-in-cyberattack/

GoDaddy hack causes data breach affecting 1.2 million customers

GoDaddy said in a data breach notification published today that the data of up to 1.2 million of its customers was exposed after hackers gained access to the company's Managed WordPress hosting environment. [...]

https://www.bleepingcomputer.com/news/security/godaddy-hack-causes-data-breach-affecting-12-million-customers/

Biometric auth bypassed using fingerprint photo, printer, and glue

Researchers demonstrated that fingerprints could be cloned for biometric authentication for as little as $5 without using any sophisticated or uncommon tools. [...]

https://www.bleepingcomputer.com/news/security/biometric-auth-bypassed-using-fingerprint-photo-printer-and-glue/

Black Friday 2021 Deal: 60% off Malwarebytes Premium

Malwarebytes's Black Friday deals are live with 60% off Malwarebytes Premium and 50% off the Malwarebytes Premium + Privacy. [...]

https://www.bleepingcomputer.com/news/software/black-friday-2021-deal-60-percent-off-malwarebytes-premium/

Hackers hit Iran's Mahan airline, claim confidential data theft

One of Iran's largest privately-owned airlines, Mahan Air, has announced a cybersecurity incident that has resulted in its website going offline and potentially data loss. [...]

https://www.bleepingcomputer.com/news/security/hackers-hit-irans-mahan-airline-claim-confidential-data-theft/

US govt warns of increased ransomware risks during holidays

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warned critical infrastructure partners and public/private sector organizations not to let down their defenses against ransomware attacks during the holiday season. [...]

https://www.bleepingcomputer.com/news/security/us-govt-warns-of-increased-ransomware-risks-during-holidays/

UK govt warns thousands of SMBs their online stores were hacked

The UK's National Cyber Security Centre (NCSC) says it warned the owners of more than 4,000 online stores that their sites were compromised in Magecart attacks to steal the payment info of customers. [...]

https://www.bleepingcomputer.com/news/security/uk-govt-warns-thousands-of-smbs-their-online-stores-were-hacked/

Exploit released for Microsoft Exchange RCE bug, patch now

Proof-of-concept exploit code has been released online over the weekend for an actively exploited high severity vulnerability impacting Microsoft Exchange servers. [...]

https://www.bleepingcomputer.com/news/security/exploit-released-for-microsoft-exchange-rce-bug-patch-now/

New Windows zero-day with public exploit lets you become an admin

A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server. [...]

https://www.bleepingcomputer.com/news/microsoft/new-windows-zero-day-with-public-exploit-lets-you-become-an-admin/

Windows 11 KB5007262 Cumulative Update Preview Released

Microsoft has released the optional KB5007262 Preview cumulative update for Windows 11 with 70 fixes or improvements. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5007262-cumulative-update-preview-released/

Tardigrade hackers target big pharma vaccine makers with stealthy malware

​An advanced hacking group known as 'Tardigrade' is targeting biomanufacturing facilities and research centers working on vaccines and critical medicines. [...]

https://www.bleepingcomputer.com/news/security/tardigrade-hackers-target-big-pharma-vaccine-makers-with-stealthy-malware/

Over nine million Android devices infected by info-stealing trojan

A large-scale malware campaign on Huawei's AppGallery has led to approximately 9,300,000 installs of Android trojans masquerading as over 190 different apps [...]

https://www.bleepingcomputer.com/news/security/over-nine-million-android-devices-infected-by-info-stealing-trojan/

Microsoft Edge adds Super Duper Secure Mode to Stable channel

Microsoft has quietly added a 'Super Duper Secure Mode' to the Microsoft Edge web browser, a new feature that brings security improvements without significant performance losses. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-adds-super-duper-secure-mode-to-stable-channel/

Researchers warn of severe risks from ‘Printjack’ printer attacks

A team of Italian researchers has compiled a set of three attacks called 'Printjack,' warning users of the significant consequences of over-trusting their printer. [...]

https://www.bleepingcomputer.com/news/security/researchers-warn-of-severe-risks-from-printjack-printer-attacks/