France hits Facebook and Google with $210 million in fines

France's National Commission on Informatics and Liberty (CNIL), the country's data privacy and protection body, has announced a 60 million euro ($68 million) sanction against Facebook and a 150 million euro ($170 million) penalty against Google. [...]

https://www.bleepingcomputer.com/news/legal/france-hits-facebook-and-google-with-210-million-in-fines/

Google Docs commenting feature exploited for spear-phishing

A new trend in phishing attacks emerged in December 2021, with threat actors abusing the commenting feature of Google Docs to send out emails that appear trustworthy. [...]

https://www.bleepingcomputer.com/news/security/google-docs-commenting-feature-exploited-for-spear-phishing/

Swiss army bans all chat apps but locally-developed Threema

The Swiss army has banned foreign instant-messaging apps such as Signal, Telegram, and WhatsApp and requires army members to use the locally-developed Threema messaging app instead. [...]

https://www.bleepingcomputer.com/news/security/swiss-army-bans-all-chat-apps-but-locally-developed-threema/

US online pharmacy Ravkoo links data breach to AWS portal incident

Ravkoo, a US Internet-based pharmacy service, has disclosed a data breach after the company's AWS hosted cloud prescription portal was involved in a security incident that may have led to personal and health information being accessed. [...]

https://www.bleepingcomputer.com/news/security/us-online-pharmacy-ravkoo-links-data-breach-to-aws-portal-incident/

US arrests suspect who stole unpublished books in phishing attacks

An Italian man allegedly involved in a multi-year scheme to fraudulently obtain hundreds of prepublication manuscripts was arrested on Wednesday at the John F. Kennedy International Airport, in New York. [...]

https://www.bleepingcomputer.com/news/security/us-arrests-suspect-who-stole-unpublished-books-in-phishing-attacks/

Microsoft: KB5008212 Windows security update breaks Outlook search

Microsoft has acknowledged an issue triggered by a Windows 10, version 21H2 security update released during the December 2021 Patch Tuesday that causes search issues in Outlook for Microsoft 365. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-kb5008212-windows-security-update-breaks-outlook-search/

FlexBooker discloses data breach, over 3.7 million accounts impacted

Accounts of more than three million users of the U.S.-based FlexBooker appointment scheduling service have been stolen in an attack before the holidays and are now being traded on hacker forums. [...]

https://www.bleepingcomputer.com/news/security/flexbooker-discloses-data-breach-over-37-million-accounts-impacted/

Night Sky is the latest ransomware targeting corporate networks

It's a new year, and with it comes a new ransomware to keep an eye on called 'Night Sky' that targets corporate networks and steals data in double-extortion attacks. [...]

https://www.bleepingcomputer.com/news/security/night-sky-is-the-latest-ransomware-targeting-corporate-networks/

FinalSite ransomware attack shuts down thousands of school websites

FinalSite, a leading school website services provider, has suffered a ransomware attack disrupting access to websites for thousands of schools worldwide. [...]

https://www.bleepingcomputer.com/news/security/finalsite-ransomware-attack-shuts-down-thousands-of-school-websites/

QNAP warns of ransomware targeting Internet-exposed NAS devices

QNAP has warned customers today to secure Internet-exposed network-attached storage (NAS) devices immediately from ongoing ransomware and brute-force attacks. [...]

https://www.bleepingcomputer.com/news/security/qnap-warns-of-ransomware-targeting-internet-exposed-nas-devices/

NHS warns of hackers exploiting Log4Shell in VMware Horizon

UK's National Health Service (NHS) has published a cyber alert warning of an unknown threat group targeting VMware Horizon deployments with Log4Shell exploits. [...]

https://www.bleepingcomputer.com/news/security/nhs-warns-of-hackers-exploiting-log4shell-in-vmware-horizon/

US counterintelligence shares tips to block spyware attacks

The US National Counterintelligence and Security Center (NCSC) and the Department of State have jointly published guidance on defending against attacks using commercial surveillance tools. [...]

https://www.bleepingcomputer.com/news/security/us-counterintelligence-shares-tips-to-block-spyware-attacks/

Diversity job board Canvas.com ordered to stop using domain name

Diversity recruiting site Canvas.com has been ordered by a U.S. District judge to drop the use of the domain name over a trademark dispute. [...]

https://www.bleepingcomputer.com/news/legal/diversity-job-board-canvascom-ordered-to-stop-using-domain-name/

FluBot malware now targets Europe posing as Flash Player app

The widely distributed FluBot malware continues to evolve, with new campaigns distributing the malware as Flash Player and the developers adding new features. [...]

https://www.bleepingcomputer.com/news/security/flubot-malware-now-targets-europe-posing-as-flash-player-app/

FBI: Hackers target US defense firms with malicious USB packages

The Federal Bureau of Investigation (FBI) warned US companies in a recently updated flash alert that the financially motivated FIN7 cybercriminals group is targeting the US defense industry with packages containing malicious USB devices. [...]

https://www.bleepingcomputer.com/news/security/fbi-hackers-target-us-defense-firms-with-malicious-usb-packages/

SonicWall: Y2K22 bug hits Email Security, firewall products

SonicWall has confirmed today that some of its Email Security and firewall products have been hit by the Y2K22 bug, causing message log updates and junk box failures starting with January 1, 2022. [...]

https://www.bleepingcomputer.com/news/security/sonicwall-y2k22-bug-hits-email-security-firewall-products/

The Week in Ransomware - January 7th 2022 - Watch out for USB drives

With the holidays these past two weeks, there have been only a few known ransomware attacks and little research released. Here is what we know. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-7th-2022-watch-out-for-usb-drives/

Rapid window title changes cause ‘white screen of death’

Experimentation with ANSI escape characters on terminal emulators has led to the discovery of multiple high-severity DoS (denial of service) vulnerabilities on Windows terminals and Chrome-based web browsers. [...]

https://www.bleepingcomputer.com/news/security/rapid-window-title-changes-cause-white-screen-of-death-/

Trojanized dnSpy app drops malware cocktail on researchers, devs

Hackers targeted cybersecurity researchers and developers this week in a sophisticated malware campaign distributing a malicious version of the dnSpy .NET application to install cryptocurrency stealers, remote access trojans, and miners. [...]

https://www.bleepingcomputer.com/news/security/trojanized-dnspy-app-drops-malware-cocktail-on-researchers-devs/

Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps

Users of popular open-source libraries 'colors' and 'faker' were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking. Some surmised if the NPM libraries had been compromised, but it turns out there's more to the story. [...]

https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/

WordPress 5.8.3 security update fixes SQL injection, XSS flaws

The WordPress development team released version 5.8.3, a short-cycle security release that addresses four vulnerabilities, three of which are rated of high importance. [...]

https://www.bleepingcomputer.com/news/security/wordpress-583-security-update-fixes-sql-injection-xss-flaws/