Meta sues people behind Facebook and Instagram phishing

Meta (formerly known as Facebook) has filed a federal lawsuit in California court to disrupt phishing attacks targeting Facebook, Messenger, Instagram, and WhatsApp users. [...]

https://www.bleepingcomputer.com/news/security/meta-sues-people-behind-facebook-and-instagram-phishing/

Microsoft warns of easy Windows domain takeover via Active Directory bugs

Microsoft warned customers today to patch two Active Directory domain service privilege escalation security flaws that, when combined, allow attackers to easily takeover Windows domains. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-easy-windows-domain-takeover-via-active-directory-bugs/

Windows 10 21H2 adds ransomware protection to security baseline

Microsoft has released the final version of security configuration baseline settings for Windows 10, version 21H2, available today from the Microsoft Security Compliance Toolkit. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-21h2-adds-ransomware-protection-to-security-baseline/

Garrett walk-through metal detectors can be remotely manipulated

Two widely used walk-through metal detectors made by Garrett are vulnerable to many remotely exploitable flaws that could severely impair their functionality, thus rendering security checkpoints deficient. [...]

https://www.bleepingcomputer.com/news/security/garrett-walk-through-metal-detectors-can-be-remotely-manipulated/

US returns $154 Million in bitcoins stolen by Sony employee

The United States has taken legal action to seize and return over $154 million purportedly stolen from Sony Life Insurance Company Ltd, a SONY subsidiary, by an employee in a textbook business email compromise (BEC) attack. [...]

https://www.bleepingcomputer.com/news/security/us-returns-154-million-in-bitcoins-stolen-by-sony-employee/

Russian hackers made millions by stealing SEC earning reports

A Russian national working for a cybersecurity company has been extradited to the U.S. where he is being charged for hacking into computer networks of two U.S.-based filing agents used by multiple companies to file quarterly and annual earnings through the Securities and Exchange Commissions (SEC) system. [...]

https://www.bleepingcomputer.com/news/security/russian-hackers-made-millions-by-stealing-sec-earning-reports/

Threat actors steal $80 million per month with fake giveaways, surveys

Scammers are estimated to have made $80 million per month by impersonating popular brands asking people to participate in fake surveys or giveaways. [...]

https://www.bleepingcomputer.com/news/security/threat-actors-steal-80-million-per-month-with-fake-giveaways-surveys/

800K WordPress sites still impacted by critical SEO plugin flaw

Two critical and high severity security vulnerabilities in the highly popular "All in One" SEO WordPress plugin exposed over 3 million websites to takeover attacks. [...]

https://www.bleepingcomputer.com/news/security/800k-wordpress-sites-still-impacted-by-critical-seo-plugin-flaw/

2easy now a significant dark web marketplace for stolen data

A dark web marketplace named '2easy' is becoming a significant player in the sale of stolen data "Logs" harvested from roughly 600,000 devices infected with information-stealing malware. [...]

https://www.bleepingcomputer.com/news/security/2easy-now-a-significant-dark-web-marketplace-for-stolen-data/

New Dell BIOS updates cause laptops and desktops not to boot

Recently released Dell BIOS updates are reportedly causing serious boot problems on multiple laptops and desktop models. [...]

https://www.bleepingcomputer.com/news/technology/new-dell-bios-updates-cause-laptops-and-desktops-not-to-boot/

PYSA ransomware behind most double extortion attacks in November

Security analysts from NCC Group report that ransomware attacks in November 2021 increased over the past month, with double-extortion continuing to be a powerful tool in threat actors' arsenal. [...]

https://www.bleepingcomputer.com/news/security/pysa-ransomware-behind-most-double-extortion-attacks-in-november/

Major services including Slack, AWS, Hulu, Imgur facing outages

Major services across the internet are currently facing ongoing networking outages. [...]

https://www.bleepingcomputer.com/news/technology/major-services-including-slack-aws-hulu-imgur-facing-outages/

CISA releases Apache Log4j scanner to find vulnerable apps

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of a scanner for identifying web services impacted by& two Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046. [...]

https://www.bleepingcomputer.com/news/security/cisa-releases-apache-log4j-scanner-to-find-vulnerable-apps/

NVIDIA discloses applications impacted by Log4j vulnerability

NVIDIA has released a security advisory detailing what products are affected by the Log4Shell vulnerability that is currently exploited in a wide range of attacks worldwide. [...]

https://www.bleepingcomputer.com/news/security/nvidia-discloses-applications-impacted-by-log4j-vulnerability/

Dridex malware trolls employees with fake job termination emails

A new Dridex malware phishing campaign is using fake employee termination emails as a lure to open a malicious Excel document, which then trolls the victim with a season's greeting message. [...]

https://www.bleepingcomputer.com/news/security/dridex-malware-trolls-employees-with-fake-job-termination-emails/

Microsoft Teams bug allowing phishing unpatched since March

Microsoft said it won't fix or is delaying patches for several security flaws impacting Microsoft Team's link preview feature reported since March 2021. [...]

https://www.bleepingcomputer.com/news/security/microsoft-teams-bug-allowing-phishing-unpatched-since-march/

Opera browser working on clipboard anti-hijacking feature

The Opera browser team is working on a new clipboard monitoring and protection system called Paste Protection, which aims to prevent content hijacking and snooping. [...]

https://www.bleepingcomputer.com/news/security/opera-browser-working-on-clipboard-anti-hijacking-feature/

Microsoft Azure App Service flaw exposed customer source code

A security flaw found in Azure App Service, a Microsoft-managed platform for building and hosting web apps, led to the exposure of PHP, Node, Python, Ruby, or Java customer source code deployed on Microsoft's cloud infrastructure. [...]

https://www.bleepingcomputer.com/news/security/microsoft-azure-app-service-flaw-exposed-customer-source-code/

Rideshare account hacker faces up to 22 years in prison

A man pleaded guilty to fraudulently opening rideshare and delivery service accounts using stolen identity information sold on dark web marketplaces. [...]

https://www.bleepingcomputer.com/news/legal/rideshare-account-hacker-faces-up-to-22-years-in-prison/

‘Hack DHS’ bug bounty program expands to Log4j security flaws

The Department of Homeland Security (DHS) has announced that the 'Hack DHS' program is now also open to bug bounty hunters willing to track down DHS systems impacted by Log4j vulnerabilities. [...]

https://www.bleepingcomputer.com/news/security/hack-dhs-bug-bounty-program-expands-to-log4j-security-flaws/

Honeypot experiment reveals what hackers want from IoT devices

​A three-year-long honeypot experiment featuring simulated low-interaction IoT devices of various types and locations gives a clear idea of why actors target specific devices. [...]

https://www.bleepingcomputer.com/news/security/honeypot-experiment-reveals-what-hackers-want-from-iot-devices/