New malware hides as legit nginx process on e-commerce servers

eCommerce servers are being targeted with remote access malware that hides on Nginx servers in a way that makes it virtually invisible to security solutions. [...]

https://www.bleepingcomputer.com/news/security/new-malware-hides-as-legit-nginx-process-on-e-commerce-servers/

Nine WiFi routers used by millions were vulnerable to 226 flaws

Security researchers analyzed nine popular WiFi routers and found a total of 226 potential vulnerabilities in them, even when running the latest firmware. [...]

https://www.bleepingcomputer.com/news/security/nine-wifi-routers-used-by-millions-were-vulnerable-to-226-flaws/

Russian internet watchdog announces ban of six more VPN products

Russia's internet watchdog, 'Roskomnadzor', has announced the ban of six more VPN products, bringing the total number to more than a dozen, shows a notification to companies in the country. [...]

https://www.bleepingcomputer.com/news/legal/russian-internet-watchdog-announces-ban-of-six-more-vpn-products/

Hackers use in-house Zoho ServiceDesk exploit to drop webshells

An advanced persistent threat (APT) group that had been exploiting a flaw in the Zoho ManageEngine ADSelfService Plus software has pivoted to leveraging a different vulnerability in another Zoho product. [...]

https://www.bleepingcomputer.com/news/security/hackers-use-in-house-zoho-servicedesk-exploit-to-drop-webshells/

Twitter removes 3,400 accounts used in govt propaganda campaigns

Twitter today announced the permanent removal of more than 3,400 accounts linked to governments of six countries running manipulation or spam campaigns. [...]

https://www.bleepingcomputer.com/news/security/twitter-removes-3-400-accounts-used-in-govt-propaganda-campaigns/

Phishing actors start exploiting the Omicron COVID-19 variant

Phishing actors have quickly started to exploit the emergence of the Omicron COVID-19 variant and now use it as a lure in their malicious email campaigns. [...]

https://www.bleepingcomputer.com/news/security/phishing-actors-start-exploiting-the-omicron-covid-19-variant/

Microsoft Edge now bashes Google Chrome when you download it

​Microsoft Edge is now displaying in-browser alerts that discourage users from downloading Google Chrome by bashing the popular browser. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-now-bashes-google-chrome-when-you-download-it/

Zoho: Patch new ManageEngine bug exploited in attacks ASAP

Business software provider Zoho urged customers today to update their Desktop Central and Desktop Central MSP installation to the latest available version. [...]

https://www.bleepingcomputer.com/news/security/zoho-patch-new-manageengine-bug-exploited-in-attacks-asap/

Researchers discover 14 new data-stealing web browser attacks

IT security researchers from Ruhr-Universität Bochum (RUB) and the Niederrhein University of Applied Sciences have discovered 14 new types of 'XS-Leak' cross-site leak attacks against modern web browsers, including Google Chrome, Microsoft Edge, Safari, and Mozilla Firefox. [...]

https://www.bleepingcomputer.com/news/security/researchers-discover-14-new-data-stealing-web-browser-attacks/

FBI: Cuba ransomware breached 49 US critical infrastructure orgs

The Federal Bureau of Investigation (FBI) has revealed that the Cuba ransomware gang has compromised the networks of at least 49 organizations from US critical infrastructure sectors. [...]

https://www.bleepingcomputer.com/news/security/fbi-cuba-ransomware-breached-49-us-critical-infrastructure-orgs/

Fake support agents call victims to install Android banking malware

The BRATA Android remote access trojan (RAT) has been spotted in Italy, with threat actors calling victims of SMS attacks to steal their online banking credentials. [...]

https://www.bleepingcomputer.com/news/security/fake-support-agents-call-victims-to-install-android-banking-malware/

US State Dept employees’ phones hacked using NSO spyware

Apple has warned US Department of State employees that their iPhones have been hacked by unknown attackers using an iOS exploit dubbed ForcedEntry to deploy Pegasus spyware developed by Israeli surveillance firm NSO Group. [...]

https://www.bleepingcomputer.com/news/security/us-state-dept-employees-phones-hacked-using-nso-spyware/

The Week in Ransomware - December 3rd 2021 - Seizing Bitcoin

For this week's 'Week in Ransomware' article we have included the latest ransomware news over the past two weeks. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-3rd-2021-seizing-bitcoin/

Microsoft reverses Windows 11's annoying default browser setting changes

Microsoft has reversed a Windows 11 design change that made it highly annoying to change the default browser used by the operating system. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-reverses-windows-11s-annoying-default-browser-setting-changes/

Microsoft shares fix for broken Outlook search in Windows 11

Microsoft has shared a solution for Outlook users who have been experiencing search issues after upgrading to Windows 11. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-fix-for-broken-outlook-search-in-windows-11/

Malicious KMSPico installers steal your cryptocurrency wallets

Threat actors are distributing altered KMSpico installers to infect Windows devices with malware that steals cryptocurrency wallets. [...]

https://www.bleepingcomputer.com/news/security/malicious-kmspico-installers-steal-your-cryptocurrency-wallets/

New Twitter phishing campaign targets verified accounts

A new phishing campaign has been targeting verified Twitter accounts, as seen by BleepingComputer. The phishing campaign follows Twitter's recent removal of the checkmark from a number of verified accounts, citing that these were ineligible for the legendary status, and verified in error. [...]

https://www.bleepingcomputer.com/news/security/new-twitter-phishing-campaign-targets-verified-accounts/

Convincing Microsoft phishing uses fake Office 365 spam alerts

A persuasive and ongoing series of phishing attacks are using fake Office 365 notifications asking the recipients to review blocked spam messages, with the end goal of stealing their Microsoft credentials. [...]

https://www.bleepingcomputer.com/news/security/convincing-microsoft-phishing-uses-fake-office-365-spam-alerts/

Malicious Excel XLL add-ins push RedLine password-stealing malware

Cybercriminals are spamming website contact forms and discussion forums to distribute Excel XLL files that download and install the RedLine password and information-stealing malware. [...]

https://www.bleepingcomputer.com/news/security/malicious-excel-xll-add-ins-push-redline-password-stealing-malware/

Russian hacking group uses new stealthy Ceeloader malware

The Nobelium hacking group continues to breach government and enterprise networks worldwide by targeting their cloud and managed service providers and using a new custom "Ceeloader" malware. [...]

https://www.bleepingcomputer.com/news/security/russian-hacking-group-uses-new-stealthy-ceeloader-malware/

Microsoft offers 50% subscription discounts to Office pirates

Microsoft is offering discounts of up to 50% on Microsoft 365 subscriptions to those using pirated versions of Microsoft Office willing to switch to a genuine version. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-offers-50-percent-subscription-discounts-to-office-pirates/