Segway store hacked to steal customers' credit cards

Segway's online store was compromised to include a malicious Magecart script that potentially allowed threat actors to steal credit cards and customer information during checkout. [...]

https://www.bleepingcomputer.com/news/security/segway-store-hacked-to-steal-customers-credit-cards/

Google Drive now warns you of suspicious phishing, malware docs

Google is rolling out new warning banners in Google Drive to alert users of potentially suspicious files that threat actors could use for malware delivery and in phishing attacks. [...]

https://www.bleepingcomputer.com/news/google/google-drive-now-warns-you-of-suspicious-phishing-malware-docs/

Linux kernel bug can let hackers escape Kubernetes containers

A vulnerability affecting Linux kernel and tracked as CVE-2022-0185 can be used to escape Kubernetes containers, giving access to resources on the host system. [...]

https://www.bleepingcomputer.com/news/security/linux-kernel-bug-can-let-hackers-escape-kubernetes-containers/

New DazzleSpy malware targets macOS users in watering hole attack

A new watering hole attack has been discovered targeting macOS users and visitors of a pro-democracy radio station website in Hong Kong and infecting them with the DazzleSpy malware [...]

https://www.bleepingcomputer.com/news/security/new-dazzlespy-malware-targets-macos-users-in-watering-hole-attack/

UK govt releasing Nmap scripts to find unpatched vulnerabilities

The United Kingdom's National Cyber Security Centre (NCSC), the government agency that leads UK's cyber security mission, is releasing NMAP Scripting Engine scripts to help defenders scan for and remediate vulnerable systems on their networks. [...]

https://www.bleepingcomputer.com/news/security/uk-govt-releasing-nmap-scripts-to-find-unpatched-vulnerabilities/

TrickBot now crashes researchers' browsers to block malware analysis

The notorious TrickBot malware has received new features that make it more challenging to research, analyze, and detect in the latest variants, including crashing browser tabs when it detects beautified scripts. [...]

https://www.bleepingcomputer.com/news/security/trickbot-now-crashes-researchers-browsers-to-block-malware-analysis/

Linux system service bug gives you root on every major distro

A vulnerability in the pkexec component that is present in the default configuration of all major Linux distributions can be exploited to gain full root privileges on the system, researchers warn today. [...]

https://www.bleepingcomputer.com/news/security/linux-system-service-bug-gives-you-root-on-every-major-distro/

VMware: Patch Horizon servers against ongoing Log4j attacks!

VMware is urging customers to patch critical Log4j security vulnerabilities impacting Internet-exposed VMware Horizon servers targeted in ongoing attacks. [...]

https://www.bleepingcomputer.com/news/security/vmware-patch-horizon-servers-against-ongoing-log4j-attacks/

New DeadBolt ransomware targets QNAP devices, asks 50 BTC for master key

A new DeadBolt ransomware group is encrypting QNAP NAS devices worldwide using what they claim is a zero-day vulnerability in the device's software. [...]

https://www.bleepingcomputer.com/news/security/new-deadbolt-ransomware-targets-qnap-devices-asks-50-btc-for-master-key/

Windows 10 KB5009596 update released with bug fixes, improvements

Microsoft has released the optional KB5009596 Preview cumulative update for Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5009596-update-released-with-bug-fixes-improvements/

Windows 11 KB5008353 Cumulative Update Preview Released

Microsoft has released the optional KB5008353 Preview cumulative update for Windows 11 with 39 fixes or improvements. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5008353-cumulative-update-preview-released/

QNAP warns of new DeadBolt ransomware encrypting NAS devices

QNAP is warning customers again to secure their Internet-exposed Network Attached Storage (NAS) devices to defend against ongoing and widespread attacks targeting their data with the new DeadBolt ransomware strain. [...]

https://www.bleepingcomputer.com/news/security/qnap-warns-of-new-deadbolt-ransomware-encrypting-nas-devices/

Nobel Foundation site hit by DDoS attack on award day

The Nobel Foundation and the Norwegian Nobel Institute have disclosed a cyber-attack that unfolded during the award ceremony on December 10, 2021. [...]

https://www.bleepingcomputer.com/news/security/nobel-foundation-site-hit-by-ddos-attack-on-award-day/

Let's Encrypt is revoking lots of SSL certificates in two days

Let's Encrypt will begin revoking certain SSL/TLS certificates issued within the last 90 days starting January 28, 2022. The move could impact millions of active Let's Encrypt certificates. [...]

https://www.bleepingcomputer.com/news/security/lets-encrypt-is-revoking-lots-of-ssl-certificates-in-two-days/

German govt warns of APT27 hackers backdooring business networks

The BfV German domestic intelligence services (short for Bun­des­amt für Ver­fas­sungs­schutz) warn of ongoing attacks coordinated by the APT27 Chinese-backed hacking group. [...]

https://www.bleepingcomputer.com/news/security/german-govt-warns-of-apt27-hackers-backdooring-business-networks/

Microsoft fixes Windows 11 HDR color rendering problems

Microsoft has fixed a known issue affecting systems running Windows 11, version 21H2, where applications may have problems rendering colors correctly high dynamic range (HDR) displays when using Win32 APIs. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-11-hdr-color-rendering-problems/

New FluBot and TeaBot campaigns target Android devices worldwide

New FluBot and TeaBot malware distribution campaigns have been spotted, using typical smishing lures or laced apps against Android users in Australia, Germany, Poland, Spain, and Romania. [...]

https://www.bleepingcomputer.com/news/security/new-flubot-and-teabot-campaigns-target-android-devices-worldwide/

Windows 11 adds Android app support for everyone next month

Microsoft announced today that they would be releasing new Windows 11 features next month, including a preview of the long-awaited Android Apps on Windows 11 feature, a new windows sharing feature, taskbar improvements, and redesigned Notepad and Media Player apps. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-adds-android-app-support-for-everyone-next-month/

White House wants US govt to use a Zero Trust security model

A newly released Federal strategy wants the US government to adopt a "zero trust" security model within the next two years to defend against current threats and boost cybersecurity defenses across federal agencies. [...]

https://www.bleepingcomputer.com/news/security/white-house-wants-us-govt-to-use-a-zero-trust-security-model/

Chaes banking trojan hijacks Chrome with malicious extensions

A large-scale campaign involving over 800 compromised WordPress websites is spreading banking trojans that target the credentials of Brazilian e-banking users. [...]

https://www.bleepingcomputer.com/news/security/chaes-banking-trojan-hijacks-chrome-with-malicious-extensions/

Apple fixes new zero-day exploited to hack macOS, iOS devices

Apple has released security updates to fix two zero-day vulnerabilities, with one publicly disclosed and the other exploited in the wild by attackers to hack into iPhones and Macs. [...]

https://www.bleepingcomputer.com/news/apple/apple-fixes-new-zero-day-exploited-to-hack-macos-ios-devices/