Malicious Android app steals Malaysian bank credentials, MFA codes

A fake Android app is masquerading as a housekeeping service to steal online banking credentials from the customers of eight Malaysian banks. [...]

https://www.bleepingcomputer.com/news/security/malicious-android-app-steals-malaysian-bank-credentials-mfa-codes/

Microsoft fixes installation issues in new Windows 11 dev build

Microsoft has addressed a long list of issues and added more Windows 11 start menu customization options with the release of Windows 11 Insider Preview Build 22509 to the Dev Channel. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-installation-issues-in-new-windows-11-dev-build/

Bulletproof hosting founder imprisoned for helping cybercrime gangs

34-year-old Russian Aleksandr Grichishkin, the founder of a bulletproof hosting service, was sentenced to 60 months in prison for allowing cybercrime gangs to use the platform in attacks targeting US financial institutions between 2008 to 2015. [...]

https://www.bleepingcomputer.com/news/security/bulletproof-hosting-founder-imprisoned-for-helping-cybercrime-gangs/

Former Ubiquiti dev charged for trying to extort his employer

Nickolas Sharp, a former employee of networking device maker Ubiquiti, was arrested and charged today with data theft and attempting to extort his employer while posing as a whistleblower and an anonymous hacker. [...]

https://www.bleepingcomputer.com/news/security/former-ubiquiti-dev-charged-for-trying-to-extort-his-employer/

Emotet now spreads via fake Adobe Windows App Installer packages

The notorious Emotet malware is now distributed through malicious Windows App Installer packages that pretend to be Adobe PDF software. [...]

https://www.bleepingcomputer.com/news/security/emotet-now-spreads-via-fake-adobe-windows-app-installer-packages/

Planned Parenthood LA discloses data breach after ransomware attack

​Planned Parenthood Los Angeles has disclosed a data breach after suffering a ransomware attack in October that exposed the personal information of approximately 400,000 patients. [...]

https://www.bleepingcomputer.com/news/security/planned-parenthood-la-discloses-data-breach-after-ransomware-attack/

New malware hides as legit nginx process on e-commerce servers

eCommerce servers are being targeted with remote access malware that hides on Nginx servers in a way that makes it virtually invisible to security solutions. [...]

https://www.bleepingcomputer.com/news/security/new-malware-hides-as-legit-nginx-process-on-e-commerce-servers/

Nine WiFi routers used by millions were vulnerable to 226 flaws

Security researchers analyzed nine popular WiFi routers and found a total of 226 potential vulnerabilities in them, even when running the latest firmware. [...]

https://www.bleepingcomputer.com/news/security/nine-wifi-routers-used-by-millions-were-vulnerable-to-226-flaws/

Russian internet watchdog announces ban of six more VPN products

Russia's internet watchdog, 'Roskomnadzor', has announced the ban of six more VPN products, bringing the total number to more than a dozen, shows a notification to companies in the country. [...]

https://www.bleepingcomputer.com/news/legal/russian-internet-watchdog-announces-ban-of-six-more-vpn-products/

Hackers use in-house Zoho ServiceDesk exploit to drop webshells

An advanced persistent threat (APT) group that had been exploiting a flaw in the Zoho ManageEngine ADSelfService Plus software has pivoted to leveraging a different vulnerability in another Zoho product. [...]

https://www.bleepingcomputer.com/news/security/hackers-use-in-house-zoho-servicedesk-exploit-to-drop-webshells/

Twitter removes 3,400 accounts used in govt propaganda campaigns

Twitter today announced the permanent removal of more than 3,400 accounts linked to governments of six countries running manipulation or spam campaigns. [...]

https://www.bleepingcomputer.com/news/security/twitter-removes-3-400-accounts-used-in-govt-propaganda-campaigns/

Phishing actors start exploiting the Omicron COVID-19 variant

Phishing actors have quickly started to exploit the emergence of the Omicron COVID-19 variant and now use it as a lure in their malicious email campaigns. [...]

https://www.bleepingcomputer.com/news/security/phishing-actors-start-exploiting-the-omicron-covid-19-variant/

Microsoft Edge now bashes Google Chrome when you download it

​Microsoft Edge is now displaying in-browser alerts that discourage users from downloading Google Chrome by bashing the popular browser. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-now-bashes-google-chrome-when-you-download-it/

Zoho: Patch new ManageEngine bug exploited in attacks ASAP

Business software provider Zoho urged customers today to update their Desktop Central and Desktop Central MSP installation to the latest available version. [...]

https://www.bleepingcomputer.com/news/security/zoho-patch-new-manageengine-bug-exploited-in-attacks-asap/

Researchers discover 14 new data-stealing web browser attacks

IT security researchers from Ruhr-Universität Bochum (RUB) and the Niederrhein University of Applied Sciences have discovered 14 new types of 'XS-Leak' cross-site leak attacks against modern web browsers, including Google Chrome, Microsoft Edge, Safari, and Mozilla Firefox. [...]

https://www.bleepingcomputer.com/news/security/researchers-discover-14-new-data-stealing-web-browser-attacks/

FBI: Cuba ransomware breached 49 US critical infrastructure orgs

The Federal Bureau of Investigation (FBI) has revealed that the Cuba ransomware gang has compromised the networks of at least 49 organizations from US critical infrastructure sectors. [...]

https://www.bleepingcomputer.com/news/security/fbi-cuba-ransomware-breached-49-us-critical-infrastructure-orgs/

Fake support agents call victims to install Android banking malware

The BRATA Android remote access trojan (RAT) has been spotted in Italy, with threat actors calling victims of SMS attacks to steal their online banking credentials. [...]

https://www.bleepingcomputer.com/news/security/fake-support-agents-call-victims-to-install-android-banking-malware/

US State Dept employees’ phones hacked using NSO spyware

Apple has warned US Department of State employees that their iPhones have been hacked by unknown attackers using an iOS exploit dubbed ForcedEntry to deploy Pegasus spyware developed by Israeli surveillance firm NSO Group. [...]

https://www.bleepingcomputer.com/news/security/us-state-dept-employees-phones-hacked-using-nso-spyware/

The Week in Ransomware - December 3rd 2021 - Seizing Bitcoin

For this week's 'Week in Ransomware' article we have included the latest ransomware news over the past two weeks. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-3rd-2021-seizing-bitcoin/

Microsoft reverses Windows 11's annoying default browser setting changes

Microsoft has reversed a Windows 11 design change that made it highly annoying to change the default browser used by the operating system. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-reverses-windows-11s-annoying-default-browser-setting-changes/

Microsoft shares fix for broken Outlook search in Windows 11

Microsoft has shared a solution for Outlook users who have been experiencing search issues after upgrading to Windows 11. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-fix-for-broken-outlook-search-in-windows-11/