UK’s Cyber Security Center publishes new guidance to fight smishing

UK's National Cyber Security Center (NCSC) has published new guidance for organizations to follow when communicating with customers via SMS or phone calls. [...]

https://www.bleepingcomputer.com/news/security/uk-s-cyber-security-center-publishes-new-guidance-to-fight-smishing/

CISA urges US orgs to prepare for data-wiping cyberattacks

The Cybersecurity and Infrastructure Security Agency (CISA) urges U.S. organizations to strengthen their cybersecurity defenses against data-wiping attacks recently seen targeting Ukrainian government agencies and businesses. [...]

https://www.bleepingcomputer.com/news/security/cisa-urges-us-orgs-to-prepare-for-data-wiping-cyberattacks/

Marketing giant RRD confirms data theft in Conti ransomware attack

RR Donnelly has confirmed that threat actors stole data in a December cyberattack, confirmed by BleepingComputer to be a Conti ransomware attack. [...]

https://www.bleepingcomputer.com/news/security/marketing-giant-rrd-confirms-data-theft-in-conti-ransomware-attack/

Microsoft: SolarWinds fixes Serv-U bug exploited for Log4j attacks

SolarWinds has patched a Serv-U vulnerability discovered by Microsoft that threat actors actively used to propagate Log4j attacks to internal devices on a network. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-solarwinds-fixes-serv-u-bug-exploited-for-log4j-attacks/

Red Cross cyberattack exposes data of 515,000 people seeking missing family

A cyberattack on a Red Cross contactor has led to the theft of personal data for more than 515,000 people in 'Restoring Family Links,' a program that helps reunite families separated by war, disaster, and migration. [...]

https://www.bleepingcomputer.com/news/security/red-cross-cyberattack-exposes-data-of-515-000-people-seeking-missing-family/

483 Crypto.com accounts compromised in $34 million hack

Crypto.com has confirmed that a multi-million dollar cyber attack led to the compromise of 400 of its customer accounts. Although, the company's CEO stresses that customer funds are not at risk. Crypto.com is reportedly the world's third-largest cryptocurrency trading platform. [...]

https://www.bleepingcomputer.com/news/security/483-cryptocom-accounts-compromised-in-34-million-hack/

Microsoft fixes Windows 10 search issues in Outlook desktop app

Microsoft has fixed a known issue causing search issues for Outlook users after installing Windows 10 security updates released since November 2021. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-search-issues-in-outlook-desktop-app/

New MoonBounce UEFI malware used by APT41 in targeted attacks

Security analysts have discovered and linked MoonBounce, "the most advanced" UEFI firmware implant found so far in the wild, to the Chinese-speaking APT41 hacker group (also known as Winnti). [...]

https://www.bleepingcomputer.com/news/security/new-moonbounce-uefi-malware-used-by-apt41-in-targeted-attacks/

Cisco bug gives remote attackers root privileges via debug mode

Cisco has fixed a critical security flaw discovered in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software during internal security testing. [...]

https://www.bleepingcomputer.com/news/security/cisco-bug-gives-remote-attackers-root-privileges-via-debug-mode/

Biden signs memo to boost US national security systems’ defenses

President Joe Biden signed a national security memorandum (NSM) on Wednesday to increase the security of national security systems part of critical US government networks used in military and intelligence activities when storing or transferring classified info. [...]

https://www.bleepingcomputer.com/news/security/biden-signs-memo-to-boost-us-national-security-systems-defenses/

Indonesia's central bank confirms ransomware attack, Conti leaks data

Bank Indonesia (BI), the central bank of the Republic of Indonesia, has confirmed today that a ransomware attack hit its networks last month. [...]

https://www.bleepingcomputer.com/news/security/indonesias-central-bank-confirms-ransomware-attack-conti-leaks-data/

WordPress plugin flaw puts users of 20,000 sites at phishing risk

The WordPress WP HTML Mail plugin, installed in over 20,000 sites, is vulnerable to a high-severity flaw that can lead to code injection and the distribution of convincing phishing emails. [...]

https://www.bleepingcomputer.com/news/security/wordpress-plugin-flaw-puts-users-of-20-000-sites-at-phishing-risk/

ProtonMail introduces a new email tracker blocking system

ProtonMail has introduced an enhanced email tracking protection system for its web-based email solution that prevents senders from being tracked by recipients who open their messages. [...]

https://www.bleepingcomputer.com/news/security/protonmail-introduces-a-new-email-tracker-blocking-system/

US sanctions former Ukrainian official for helping Russian cyberspies

The U.S. Treasury Department announced today sanctions against Volodymyr Oliynyk, a former Ukrainian official, for collecting and sharing info on critical Ukrainian infrastructure with Russia's Federal Security Service (FSB). [...]

https://www.bleepingcomputer.com/news/security/us-sanctions-former-ukrainian-official-for-helping-russian-cyberspies/

FBI links Diavol ransomware to the TrickBot cybercrime group

The FBI has formally linked the Diavol ransomware operation to the TrickBot Group, the malware developers behind the notorious TrickBot banking trojan. [...]

https://www.bleepingcomputer.com/news/security/fbi-links-diavol-ransomware-to-the-trickbot-cybercrime-group/

‘Anomalous’ spyware stealing credentials in industrial firms

Researchers have uncovered several spyware campaigns that target industrial enterprises, aiming to steal email account credentials and conduct financial fraud or resell them to other actors. [...]

https://www.bleepingcomputer.com/news/security/anomalous-spyware-stealing-credentials-in-industrial-firms/

Microsoft lists the Windows 10 group policies to avoid

Microsoft released a list of twenty-five group policies that admins should not use in Windows 10 and Windows 11 as they do not provide optimal behavior or cause unexpected results. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-lists-the-windows-10-group-policies-to-avoid/

Microsoft starts force installing Windows 10 21H2 on more devices

Microsoft has started the forced rollout of Windows 10, version 21H2 to more devices approaching the end of service (EOS) as part of a first machine learning (ML) training phase. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-starts-force-installing-windows-10-21h2-on-more-devices/

SonicWall shares temp fix for firewalls stuck in reboot loop

Following a stream of customer reports that started yesterday evening, security hardware manufacturer SonicWall has provided a temporary workaround for reviving next-gen firewalls running SonicOS 7.0 stuck in a reboot loop. [...]

https://www.bleepingcomputer.com/news/technology/sonicwall-shares-temp-fix-for-firewalls-stuck-in-reboot-loop/

McAfee Agent bug lets hackers run code with Windows SYSTEM privileges

McAfee has patched a security vulnerability discovered in the company's McAfee Agent software for Windows enabling attackers to escalate privileges and execute arbitrary code with SYSTEM privileges. [...]

https://www.bleepingcomputer.com/news/security/mcafee-agent-bug-lets-hackers-run-code-with-windows-system-privileges/

Over 90 WordPress themes, plugins backdoored in supply chain attack

A massive supply chain attack compromised 93 WordPress themes and plugins to contain a backdoor, giving threat-actors full access to websites. [...]

https://www.bleepingcomputer.com/news/security/over-90-wordpress-themes-plugins-backdoored-in-supply-chain-attack/