Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps

Users of popular open-source libraries 'colors' and 'faker' were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking. Some surmised if the NPM libraries had been compromised, but it turns out there's more to the story. [...]

https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/

WordPress 5.8.3 security update fixes SQL injection, XSS flaws

The WordPress development team released version 5.8.3, a short-cycle security release that addresses four vulnerabilities, three of which are rated of high importance. [...]

https://www.bleepingcomputer.com/news/security/wordpress-583-security-update-fixes-sql-injection-xss-flaws/

Europol ordered to erase data on those not linked to crime

The European Data Protection Supervisor (EDPS), an EU privacy and data protection independent supervisory authority, has ordered Europol to erase personal data on individuals that haven't been linked to criminal activity. [...]

https://www.bleepingcomputer.com/news/security/europol-ordered-to-erase-data-on-those-not-linked-to-crime/

Linux Mint 20.3 released promising security updates until 2025

Linux Mint has released version 20.3, codenamed 'Una,' as a long-term support version that will receive security updates until 2025. [...]

https://www.bleepingcomputer.com/news/linux/linux-mint-203-released-promising-security-updates-until-2025/

Microsoft: powerdir bug gives access to protected macOS user data

Microsoft says threat actors could use a macOS vulnerability to bypass Transparency, Consent, and Control (TCC) technology to access users' protected data. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-powerdir-bug-gives-access-to-protected-macos-user-data/

Oops: Cyberspies infect themselves with their own malware

After infecting themselves with their own custom remote access trojan (RAT), an Indian-linked cyber-espionage group has accidentally exposed its operations to security researchers. [...]

https://www.bleepingcomputer.com/news/security/oops-cyberspies-infect-themselves-with-their-own-malware/

Linux version of AvosLocker ransomware targets VMware ESXi servers

AvosLocker is the latest ransomware gang that has added support for encrypting Linux systems to its recent malware variants, specifically targeting VMware ESXi virtual machines. [...]

https://www.bleepingcomputer.com/news/security/linux-version-of-avoslocker-ransomware-targets-vmware-esxi-servers/

Extortion DDoS attacks grow stronger and more common

The end of 2021 saw a rise in the number of distributed denial-of-service incidents that came with a ransom demand from the attackers to stop the assault. [...]

https://www.bleepingcomputer.com/news/security/extortion-ddos-attacks-grow-stronger-and-more-common/

FinalSite: No school data stolen in ransomware attack behind site outages

FinalSite announced today the findings of a six-day investigation into last week's ransomware attack, stating it found no evidence schools' data accessed or stolen by hackers. [...]

https://www.bleepingcomputer.com/news/security/finalsite-no-school-data-stolen-in-ransomware-attack-behind-site-outages/

Night Sky ransomware uses Log4j bug to hack VMware Horizon servers

The Night Sky ransomware gang has started to exploit the critical CVE-2021-4422 vulnerability in the Log4j logging library, also known as Log4Shell, to gain access to VMware Horizon systems. [...]

https://www.bleepingcomputer.com/news/security/night-sky-ransomware-uses-log4j-bug-to-hack-vmware-horizon-servers/

KCodes NetUSB bug exposes millions of routers to RCE attacks

A high-severity remote code execution flaw tracked as CVE-2021-45388 has been discovered in the KCodes NetUSB kernel module, used by millions of router devices from various vendors. [...]

https://www.bleepingcomputer.com/news/security/kcodes-netusb-bug-exposes-millions-of-routers-to-rce-attacks/

New SysJocker backdoor targets Windows, macOS, and Linux

A new multi-platform backdoor malware named 'SysJocker' has emerged in the wild, targeting Windows, Linux, and macOS with the ability to evade detection on all three operating systems. [...]

https://www.bleepingcomputer.com/news/security/new-sysjocker-backdoor-targets-windows-macos-and-linux/

US govt warns of Russian hackers targeting critical infrastructure

The FBI, CISA, and the NSA have warned critical infrastructure network defenders to be ready to detect and block incoming attacks targeting organizations from US critical infrastructure sectors, orchestrated by Russian-backed hacking groups. [...]

https://www.bleepingcomputer.com/news/security/us-govt-warns-of-russian-hackers-targeting-critical-infrastructure/

New RedLine malware version spread as fake Omicron stat counter

A new variant of the RedLine info-stealer is distributed via emails using a fake COVID-19 Omicron stat counter app as a lure. [...]

https://www.bleepingcomputer.com/news/security/new-redline-malware-version-spread-as-fake-omicron-stat-counter/

Microsoft January 2022 Patch Tuesday fixes 6 zero-days, 97 flaws

Today is Microsoft's January 2022 Patch Tuesday, and with it comes fixes for six zero-day vulnerabilities and a total of 97 flaws. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-january-2022-patch-tuesday-fixes-6-zero-days-97-flaws/

Windows 11 KB5009566 update released with security fixes

Microsoft has released the Windows 11 KB5009566 cumulative update with security updates, performance improvements, and fixes for known bugs. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5009566-update-released-with-security-fixes/

Microsoft fixes critical Office bug, delays macOS security updates

During this year's first Patch Tuesday, Microsoft has addressed a critical severity Office vulnerability that can let attackers execute malicious code remotely on vulnerable systems. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-critical-office-bug-delays-macos-security-updates/

Windows 10 KB5009543 & KB5009545 updates released

The new update is now available for Windows 10 version 21H2, version 21H1, and version 20H2 As per the official release notes, Microsoft has published two main cumulative updates for Windows 10 - KB5009543 and KB5009545. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5009543-and-kb5009545-updates-released/

CISA alerts federal agencies of ancient bugs still being exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its list of known exploited vulnerabilities with 15 new security issues that serve as a frequent attack vector against federal enterprises. [...]

https://www.bleepingcomputer.com/news/security/cisa-alerts-federal-agencies-of-ancient-bugs-still-being-exploited/

Firefox Focus now blocks cross-site tracking on Android devices

Mozilla's Firefox Focus web browser can now protect Android users against cross-site tracking while browsing the Internet by preventing cookies from being used for advertising and monitoring your activity. [...]

https://www.bleepingcomputer.com/news/security/firefox-focus-now-blocks-cross-site-tracking-on-android-devices/

Microsoft: New critical Windows HTTP vulnerability is wormable

Microsoft has patched a critical flaw tagged as wormable and found to impact the latest desktop and server Windows versions, including Windows 11 and Windows Server 2022. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-new-critical-windows-http-vulnerability-is-wormable/