Ukranian police arrests ransomware gang that hit over 50 firms

Ukrainian police officers have arrested a ransomware affiliate group responsible for attacking at least 50 companies in the U.S. and Europe. [...]

https://www.bleepingcomputer.com/news/security/ukranian-police-arrests-ransomware-gang-that-hit-over-50-firms/

Carding site UniCC retires after generating $358 million in sales

​UniCC, the largest carding site operating on the dark web at the moment, has announced its retirement, claiming reasons of tiredness. [...]

https://www.bleepingcomputer.com/news/security/carding-site-unicc-retires-after-generating-358-million-in-sales/

Windows 'RemotePotato0' zero-day gets an unofficial patch

A privilege escalation vulnerability impacting all Windows versions that can let threat actors gain domain admin privileges through an NTLM relay attack has received unofficial patches after Microsoft tagged it as "won't fix." [...]

https://www.bleepingcomputer.com/news/security/windows-remotepotato0-zero-day-gets-an-unofficial-patch/

Microsoft Defender weakness lets hackers bypass malware detection

Threat actors can take advantage of a weakness that affects Microsoft Defender antivirus on Windows to learn locations excluded from scanning and plant malware there. [...]

https://www.bleepingcomputer.com/news/security/microsoft-defender-weakness-lets-hackers-bypass-malware-detection/

Microsoft pulls new Windows Server updates due to critical bugs

Microsoft has pulled the January Windows Server cumulative updates after critical bugs caused domain controllers to reboot, Hyper-V to not work, and ReFS volume systems to become unavailable. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-new-windows-server-updates-due-to-critical-bugs/

AWS fixes security flaws that exposed AWS customer data

Amazon Web Services (AWS) has addressed an AWS Glue security issue that allowed attackers to access and alter data linked to other AWS customer accounts. [...]

https://www.bleepingcomputer.com/news/security/aws-fixes-security-flaws-that-exposed-aws-customer-data/

BlueNoroff hackers steal crypto using fake MetaMask extension

The North Korean threat actor group known as 'BlueNoroff' has been spotted targeting cryptocurrency startups with malicious documents and fake MetaMask browser extensions. [...]

https://www.bleepingcomputer.com/news/security/bluenoroff-hackers-steal-crypto-using-fake-metamask-extension/

FCC wants new data breach reporting rules for telecom carriers

The Federal Communications Commission (FCC) has proposed more rigorous data breach reporting requirements for telecom carriers in response to breaches that recently hit the telecommunications industry. [...]

https://www.bleepingcomputer.com/news/security/fcc-wants-new-data-breach-reporting-rules-for-telecom-carriers/

Android users can now disable 2G to block Stingray attacks

Google has finally rolled out an option on Android allowing users to disable 2G connections, which come with a host of privacy and security problems exploited by cell-site simulators. [...]

https://www.bleepingcomputer.com/news/security/android-users-can-now-disable-2g-to-block-stingray-attacks/

Russian government arrests REvil ransomware gang members

The Federal Security Service (FSB) of the Russian Federation has announced today that they shut down the REvil ransomware gang after U.S. authorities reported on the leader. [...]

https://www.bleepingcomputer.com/news/security/russian-government-arrests-revil-ransomware-gang-members/

Multiple Ukrainian government websites hacked and defaced

At least 15 websites belonging to various Ukrainian public institutions were compromised, defaced, and subsequently taken offline. [...]

https://www.bleepingcomputer.com/news/security/multiple-ukrainian-government-websites-hacked-and-defaced/

New Intel chips won't play Blu-ray disks due to SGX deprecation

Intel has removed support for SGX (software guard extension) in 12th Generation Intel Core 11000 and 12000 processors, rendering modern PCs unable to playback Blu-ray disks in 4K resolution. [...]

https://www.bleepingcomputer.com/news/security/new-intel-chips-wont-play-blu-ray-disks-due-to-sgx-deprecation/

Defense contractor Hensoldt confirms Lorenz ransomware attack

Hensoldt, a multinational defense contractor headquartered in Germany, has confirmed that some of its UK subsidiary's systems were compromised in a ransomware attack. [...]

https://www.bleepingcomputer.com/news/security/defense-contractor-hensoldt-confirms-lorenz-ransomware-attack/

Researchers develop CAPTCHA solver to aid dark web research

A team of researchers at the Universities of Arizona, Georgia, and South Florida, have developed a machine-learning-based CAPTCHA solver that they claim can overcome 94.4% of real challenges on dark websites. [...]

https://www.bleepingcomputer.com/news/security/researchers-develop-captcha-solver-to-aid-dark-web-research/

White House reminds tech giants open source is a national security issue

The White House wants government and private sector organizations to rally their efforts and resources to secure open-source software and its supply chain after the Log4J vulnerabilities exposed critical infrastructure to threat actors' attacks. [...]

https://www.bleepingcomputer.com/news/security/white-house-reminds-tech-giants-open-source-is-a-national-security-issue/

Former DHS official charged with stealing govt employees' PII

A former Department of Homeland Security official pleaded guilty today to stealing confidential and proprietary software and sensitive databases from the US government containing employees' personal identifying information. [...]

https://www.bleepingcomputer.com/news/security/former-dhs-official-charged-with-stealing-govt-employees-pii/

Goodwill discloses data breach on its ShopGoodwill platform

American nonprofit Goodwill has disclosed a data breach that affected the accounts of customers using its ShopGoodwill.com e-commerce auction platform. [...]

https://www.bleepingcomputer.com/news/security/goodwill-discloses-data-breach-on-its-shopgoodwill-platform/

Microsoft brings back January 2022 Windows Server updates

The January 2022 Windows Server cumulative updates are once again available via Windows Update after being pulled yesterday without an official reason from Microsoft. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-brings-back-january-2022-windows-server-updates/

The Week in Ransomware - January 14th 2022 - Russia finally takes action

Today, the Russian government announced that they arrested fourteen members of the REvil ransomware gang on behalf of US authorities. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-14th-2022-russia-finally-takes-action/

Linux malware sees 35% growth during 2021

The number of malware infections on Linux-based IoT (internet of things) devices rose by 35% in 2021 compared to the previous year's numbers. The principal goal was recruiting devices to be part of DDoS (distributed denial of service) attacks. [...]

https://www.bleepingcomputer.com/news/security/linux-malware-sees-35-percent-growth-during-2021/

Qlocker ransomware returns to target QNAP NAS devices worldwide

Threat actors behind the Qlocker ransomware are once again targeting Internet-exposed QNAP Network Attached Storage (NAS) devices worldwide. [...]

https://www.bleepingcomputer.com/news/security/qlocker-ransomware-returns-to-target-qnap-nas-devices-worldwide/