Cyber espionage campaign targets renewable energy companies

A large-scale cyber-espionage campaign targeting primarily renewable energy and industrial technology organizations have been discovered to be active since at least 2019, targeting over fifteen entities worldwide. [...]

https://www.bleepingcomputer.com/news/security/cyber-espionage-campaign-targets-renewable-energy-companies/

Nintendo warns of spoofed sites pushing fake Switch discounts

Nintendo has warned customers of multiple sites impersonating the Japanese video game company's official website and pretending to sell Nintendo Switch consoles at significant discounts. [...]

https://www.bleepingcomputer.com/news/security/nintendo-warns-of-spoofed-sites-pushing-fake-switch-discounts/

DHL dethrones Microsoft as most imitated brand in phishing attacks

DHL was the most imitated brand in phishing campaigns throughout Q4 2021, pushing Microsoft to second place, and Google to fourth. [...]

https://www.bleepingcomputer.com/news/security/dhl-dethrones-microsoft-as-most-imitated-brand-in-phishing-attacks/

Zoho patches new critical authentication bypass in Desktop Central

Zoho has addressed a new critical severity vulnerability found to affect the company's Desktop Central and Desktop Central MSP  unified endpoint management (UEM) solutions. [...]

https://www.bleepingcomputer.com/news/security/zoho-patches-new-critical-authentication-bypass-in-desktop-central/

Firefox Relay's addition to disposable email blocklist upsets users

The maintainers of a "disposable email service" blocklist have decided to add Firefox Relay to the list, leaving many users of the service upset. Firefox Relay is a privacy-centric email service that enables users to protect their real email addresses and hence limit spam. [...]

https://www.bleepingcomputer.com/news/security/firefox-relays-addition-to-disposable-email-blocklist-upsets-users/

Microsoft: Edge will mitigate 'unforeseen active' zero day bugs

Microsoft Edge has added a new feature to the Beta channel that will be able to mitigate future in-the-wild exploitation of unknown zero-day vulnerabilities. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-will-mitigate-unforeseen-active-zero-day-bugs/

Microsoft releases OOB updates for January Windows update issues

Microsoft has released emergency out-of-band (OOB) updates to address multiple issues caused by Windows Updates issued during the January 2021 Patch Tuesday. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-oob-updates-for-january-windows-update-issues/

Europol shuts down VPN service used by ransomware groups

Law enforcement authorities from 10 countries took down VPNLab.net, a VPN service provider used by ransomware operators and malware actors. [...]

https://www.bleepingcomputer.com/news/security/europol-shuts-down-vpn-service-used-by-ransomware-groups/

Beijing 2022 Winter Olympics app bursting with privacy risks

The official app for Beijing 2022 Winter Olympics, 'My 2022,' was found to be insecure when it comes to protecting the sensitive data of its users. [...]

https://www.bleepingcomputer.com/news/security/beijing-2022-winter-olympics-app-bursting-with-privacy-risks/

New White Rabbit ransomware linked to FIN8 hacking group

A new ransomware family called 'White Rabbit' appeared in the wild recently, and according to recent research findings, could be a side-operation of the FIN8 hacking group. [...]

https://www.bleepingcomputer.com/news/security/new-white-rabbit-ransomware-linked-to-fin8-hacking-group/

Fashion giant Moncler confirms data breach after ransomware attack

Italian luxury fashion giant Moncler confirmed that they suffered a data breach after files were stolen by the AlphV/BlackCat ransomware operation in December and published today on the dark web. [...]

https://www.bleepingcomputer.com/news/security/fashion-giant-moncler-confirms-data-breach-after-ransomware-attack/

Microsoft leak: Third-party widgets coming soon to Windows 11

A Microsoft developer document has leaked the company's plans for third-party widgets coming soon to the Windows 11 Widgets feature. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-leak-third-party-widgets-coming-soon-to-windows-11/

Telegram is a hotspot for the sale of stolen financial accounts

Telegram is increasingly abused by cybercriminals to set up underground channels to sell stolen financial details to pseudonymous users. [...]

https://www.bleepingcomputer.com/news/security/telegram-is-a-hotspot-for-the-sale-of-stolen-financial-accounts/

Windows Server 2019 OOB update fixes reboots, Hyper-V, ReFS bugs

Microsoft has released an emergency out-of-band (OOB) update for Windows Server 2019 that fixes numerous critical bugs introduced during the January 2022 Patch Tuesday. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-server-2019-oob-update-fixes-reboots-hyper-v-refs-bugs/

Office 365 phishing attack impersonates the US Department of Labor

A new phishing campaign impersonating the United States Department of Labor asks recipients to submit bids to steal Office 365 credentials. [...]

https://www.bleepingcomputer.com/news/security/office-365-phishing-attack-impersonates-the-us-department-of-labor/

Interpol arrests 11 BEC gang members linked to 50,000 targets

Interpol, in coordination with the Nigerian Police Force, have arrested eleven individuals who are suspects of participating in an international BEC (business email compromise) ring. [...]

https://www.bleepingcomputer.com/news/security/interpol-arrests-11-bec-gang-members-linked-to-50-000-targets/

New BHUNT malware targets your crypto wallets and passwords

A novel modular crypto-wallet stealing malware dubbed 'BHUNT' has been spotted targeting cryptocurrency wallet contents, passwords, and security phrases. [...]

https://www.bleepingcomputer.com/news/security/new-bhunt-malware-targets-your-crypto-wallets-and-passwords/

UK’s Cyber Security Center publishes new guidance to fight smishing

UK's National Cyber Security Center (NCSC) has published new guidance for organizations to follow when communicating with customers via SMS or phone calls. [...]

https://www.bleepingcomputer.com/news/security/uk-s-cyber-security-center-publishes-new-guidance-to-fight-smishing/

CISA urges US orgs to prepare for data-wiping cyberattacks

The Cybersecurity and Infrastructure Security Agency (CISA) urges U.S. organizations to strengthen their cybersecurity defenses against data-wiping attacks recently seen targeting Ukrainian government agencies and businesses. [...]

https://www.bleepingcomputer.com/news/security/cisa-urges-us-orgs-to-prepare-for-data-wiping-cyberattacks/

Marketing giant RRD confirms data theft in Conti ransomware attack

RR Donnelly has confirmed that threat actors stole data in a December cyberattack, confirmed by BleepingComputer to be a Conti ransomware attack. [...]

https://www.bleepingcomputer.com/news/security/marketing-giant-rrd-confirms-data-theft-in-conti-ransomware-attack/

Microsoft: SolarWinds fixes Serv-U bug exploited for Log4j attacks

SolarWinds has patched a Serv-U vulnerability discovered by Microsoft that threat actors actively used to propagate Log4j attacks to internal devices on a network. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-solarwinds-fixes-serv-u-bug-exploited-for-log4j-attacks/