Microsoft code-sign check bypassed to drop Zloader malware

A new Zloader campaign exploits Microsoft's e-signature code verification to steal user credentials from over two thousand victims in 111 countries. [...]

https://www.bleepingcomputer.com/news/security/microsoft-code-sign-check-bypassed-to-drop-zloader-malware/

‘Elephant Beetle’ spends months in victim networks to divert transactions

A financially-motivated actor dubbed 'Elephant Beetle' is stealing millions of dollars from organizations worldwide using an arsenal of over 80 unique tools and scripts. [...]

https://www.bleepingcomputer.com/news/security/elephant-beetle-spends-months-in-victim-networks-to-divert-transactions/

iOS malware can fake iPhone shut downs to snoop on camera, microphone

Researchers have developed a new technique that fakes a shutdown or reboot of iPhones, preventing malware from being removed and allowing hackers to secretly snoop on microphones and receive sensitive data via a live network connection. [...]

https://www.bleepingcomputer.com/news/security/ios-malware-can-fake-iphone-shut-downs-to-snoop-on-camera-microphone/

Crypto platform ARBIX flagged as a rugpull, transfers $10 million

Arbix Finance, an audited and supposedly trustworthy yield farming platform, has been flagged as a 'rugpull,' deleting its site, Twitter, and Telegram channel and transferring $10 million worth of deposited cryptocurrency. [...]

https://www.bleepingcomputer.com/news/security/crypto-platform-arbix-flagged-as-a-rugpull-transfers-10-million/

NY OAG: Hackers stole 1.1 million customer accounts from 17 companies

The New York State Office of the Attorney General (NY OAG) has warned 17 well-known companies that roughly 1.1 million of their customers have had their user accounts compromised in credential stuffing attacks. [...]

https://www.bleepingcomputer.com/news/security/ny-oag-hackers-stole-11-million-customer-accounts-from-17-companies/

Microsoft Defender for Endpoint adds zero-touch iOS onboarding

Microsoft says zero-touch onboarding for Microsoft Defender for Endpoint (MDE) on iOS is now available in public preview, allowing enterprise admins to silently install Defender for Endpoint automatically on enrolled devices. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-for-endpoint-adds-zero-touch-ios-onboarding/

70 investors lose $50 million to fraudsters posing as broker-dealers

A California man confirmed his role in a large-scale and long-running Internet-based fraud scheme that allowed him and other fraudsters to siphon roughly $50 million from dozens of investors over eight years, between 2012 to October 2020. [...]

https://www.bleepingcomputer.com/news/security/70-investors-lose-50-million-to-fraudsters-posing-as-broker-dealers/

Honda, Acura cars hit by Y2K22 bug that rolls back clocks to 2002

Honda and Acura cars have been hit with a Year 2022 bug, aka Y2K22, that resets the navigation system's clock to January 1st, 2002, with no way to change it. [...]

https://www.bleepingcomputer.com/news/technology/honda-acura-cars-hit-by-y2k22-bug-that-rolls-back-clocks-to-2002/

Privacy-focused Brave browser records massive growth in 2021

The privacy-focused web browser Brave continues to grow rapidly as the company reached 50 million monthly active users for the first time in 2021. [...]

https://www.bleepingcomputer.com/news/technology/privacy-focused-brave-browser-records-massive-growth-in-2021/

FBI warns about ongoing Google Voice authentication scams

The Federal Bureau of Investigation (FBI) says Americans who share their phone number online are being targeted by Google Voice authentication scams. [...]

https://www.bleepingcomputer.com/news/security/fbi-warns-about-ongoing-google-voice-authentication-scams/

France hits Facebook and Google with $210 million in fines

France's National Commission on Informatics and Liberty (CNIL), the country's data privacy and protection body, has announced a 60 million euro ($68 million) sanction against Facebook and a 150 million euro ($170 million) penalty against Google. [...]

https://www.bleepingcomputer.com/news/legal/france-hits-facebook-and-google-with-210-million-in-fines/

Google Docs commenting feature exploited for spear-phishing

A new trend in phishing attacks emerged in December 2021, with threat actors abusing the commenting feature of Google Docs to send out emails that appear trustworthy. [...]

https://www.bleepingcomputer.com/news/security/google-docs-commenting-feature-exploited-for-spear-phishing/

Swiss army bans all chat apps but locally-developed Threema

The Swiss army has banned foreign instant-messaging apps such as Signal, Telegram, and WhatsApp and requires army members to use the locally-developed Threema messaging app instead. [...]

https://www.bleepingcomputer.com/news/security/swiss-army-bans-all-chat-apps-but-locally-developed-threema/

US online pharmacy Ravkoo links data breach to AWS portal incident

Ravkoo, a US Internet-based pharmacy service, has disclosed a data breach after the company's AWS hosted cloud prescription portal was involved in a security incident that may have led to personal and health information being accessed. [...]

https://www.bleepingcomputer.com/news/security/us-online-pharmacy-ravkoo-links-data-breach-to-aws-portal-incident/

US arrests suspect who stole unpublished books in phishing attacks

An Italian man allegedly involved in a multi-year scheme to fraudulently obtain hundreds of prepublication manuscripts was arrested on Wednesday at the John F. Kennedy International Airport, in New York. [...]

https://www.bleepingcomputer.com/news/security/us-arrests-suspect-who-stole-unpublished-books-in-phishing-attacks/

Microsoft: KB5008212 Windows security update breaks Outlook search

Microsoft has acknowledged an issue triggered by a Windows 10, version 21H2 security update released during the December 2021 Patch Tuesday that causes search issues in Outlook for Microsoft 365. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-kb5008212-windows-security-update-breaks-outlook-search/

FlexBooker discloses data breach, over 3.7 million accounts impacted

Accounts of more than three million users of the U.S.-based FlexBooker appointment scheduling service have been stolen in an attack before the holidays and are now being traded on hacker forums. [...]

https://www.bleepingcomputer.com/news/security/flexbooker-discloses-data-breach-over-37-million-accounts-impacted/

Night Sky is the latest ransomware targeting corporate networks

It's a new year, and with it comes a new ransomware to keep an eye on called 'Night Sky' that targets corporate networks and steals data in double-extortion attacks. [...]

https://www.bleepingcomputer.com/news/security/night-sky-is-the-latest-ransomware-targeting-corporate-networks/

FinalSite ransomware attack shuts down thousands of school websites

FinalSite, a leading school website services provider, has suffered a ransomware attack disrupting access to websites for thousands of schools worldwide. [...]

https://www.bleepingcomputer.com/news/security/finalsite-ransomware-attack-shuts-down-thousands-of-school-websites/

QNAP warns of ransomware targeting Internet-exposed NAS devices

QNAP has warned customers today to secure Internet-exposed network-attached storage (NAS) devices immediately from ongoing ransomware and brute-force attacks. [...]

https://www.bleepingcomputer.com/news/security/qnap-warns-of-ransomware-targeting-internet-exposed-nas-devices/

NHS warns of hackers exploiting Log4Shell in VMware Horizon

UK's National Health Service (NHS) has published a cyber alert warning of an unknown threat group targeting VMware Horizon deployments with Log4Shell exploits. [...]

https://www.bleepingcomputer.com/news/security/nhs-warns-of-hackers-exploiting-log4shell-in-vmware-horizon/