Linux system service bug gives you root on every major distro

A vulnerability in the pkexec component that is present in the default configuration of all major Linux distributions can be exploited to gain full root privileges on the system, researchers warn today. [...]

https://www.bleepingcomputer.com/news/security/linux-system-service-bug-gives-you-root-on-every-major-distro/

VMware: Patch Horizon servers against ongoing Log4j attacks!

VMware is urging customers to patch critical Log4j security vulnerabilities impacting Internet-exposed VMware Horizon servers targeted in ongoing attacks. [...]

https://www.bleepingcomputer.com/news/security/vmware-patch-horizon-servers-against-ongoing-log4j-attacks/

New DeadBolt ransomware targets QNAP devices, asks 50 BTC for master key

A new DeadBolt ransomware group is encrypting QNAP NAS devices worldwide using what they claim is a zero-day vulnerability in the device's software. [...]

https://www.bleepingcomputer.com/news/security/new-deadbolt-ransomware-targets-qnap-devices-asks-50-btc-for-master-key/

Windows 10 KB5009596 update released with bug fixes, improvements

Microsoft has released the optional KB5009596 Preview cumulative update for Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5009596-update-released-with-bug-fixes-improvements/

Windows 11 KB5008353 Cumulative Update Preview Released

Microsoft has released the optional KB5008353 Preview cumulative update for Windows 11 with 39 fixes or improvements. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5008353-cumulative-update-preview-released/

QNAP warns of new DeadBolt ransomware encrypting NAS devices

QNAP is warning customers again to secure their Internet-exposed Network Attached Storage (NAS) devices to defend against ongoing and widespread attacks targeting their data with the new DeadBolt ransomware strain. [...]

https://www.bleepingcomputer.com/news/security/qnap-warns-of-new-deadbolt-ransomware-encrypting-nas-devices/

Nobel Foundation site hit by DDoS attack on award day

The Nobel Foundation and the Norwegian Nobel Institute have disclosed a cyber-attack that unfolded during the award ceremony on December 10, 2021. [...]

https://www.bleepingcomputer.com/news/security/nobel-foundation-site-hit-by-ddos-attack-on-award-day/

Let's Encrypt is revoking lots of SSL certificates in two days

Let's Encrypt will begin revoking certain SSL/TLS certificates issued within the last 90 days starting January 28, 2022. The move could impact millions of active Let's Encrypt certificates. [...]

https://www.bleepingcomputer.com/news/security/lets-encrypt-is-revoking-lots-of-ssl-certificates-in-two-days/

German govt warns of APT27 hackers backdooring business networks

The BfV German domestic intelligence services (short for Bun­des­amt für Ver­fas­sungs­schutz) warn of ongoing attacks coordinated by the APT27 Chinese-backed hacking group. [...]

https://www.bleepingcomputer.com/news/security/german-govt-warns-of-apt27-hackers-backdooring-business-networks/

Microsoft fixes Windows 11 HDR color rendering problems

Microsoft has fixed a known issue affecting systems running Windows 11, version 21H2, where applications may have problems rendering colors correctly high dynamic range (HDR) displays when using Win32 APIs. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-11-hdr-color-rendering-problems/

New FluBot and TeaBot campaigns target Android devices worldwide

New FluBot and TeaBot malware distribution campaigns have been spotted, using typical smishing lures or laced apps against Android users in Australia, Germany, Poland, Spain, and Romania. [...]

https://www.bleepingcomputer.com/news/security/new-flubot-and-teabot-campaigns-target-android-devices-worldwide/

Windows 11 adds Android app support for everyone next month

Microsoft announced today that they would be releasing new Windows 11 features next month, including a preview of the long-awaited Android Apps on Windows 11 feature, a new windows sharing feature, taskbar improvements, and redesigned Notepad and Media Player apps. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-adds-android-app-support-for-everyone-next-month/

White House wants US govt to use a Zero Trust security model

A newly released Federal strategy wants the US government to adopt a "zero trust" security model within the next two years to defend against current threats and boost cybersecurity defenses across federal agencies. [...]

https://www.bleepingcomputer.com/news/security/white-house-wants-us-govt-to-use-a-zero-trust-security-model/

Chaes banking trojan hijacks Chrome with malicious extensions

A large-scale campaign involving over 800 compromised WordPress websites is spreading banking trojans that target the credentials of Brazilian e-banking users. [...]

https://www.bleepingcomputer.com/news/security/chaes-banking-trojan-hijacks-chrome-with-malicious-extensions/

Apple fixes new zero-day exploited to hack macOS, iOS devices

Apple has released security updates to fix two zero-day vulnerabilities, with one publicly disclosed and the other exploited in the wild by attackers to hack into iPhones and Macs. [...]

https://www.bleepingcomputer.com/news/apple/apple-fixes-new-zero-day-exploited-to-hack-macos-ios-devices/

Major Discord API outage prevents logins and voice chats

Discord is suffering a 'massive outage' preventing users from logging in to the service or using voice chats. [...]

https://www.bleepingcomputer.com/news/technology/major-discord-api-outage-prevents-logins-and-voice-chats/

Linux version of LockBit ransomware targets VMware ESXi servers

LockBit is the latest ransomware gang whose Linux encryptor has been discovered to be focusing on the encryption of VMware ESXi virtual machines. [...]

https://www.bleepingcomputer.com/news/security/linux-version-of-lockbit-ransomware-targets-vmware-esxi-servers/

105 million Android users targeted by subscription fraud campaign

A premium services subscription scam for Android has been operating for close to two years. Called 'Dark Herring', the operation used 470 Google Play Store apps and affected over 100 million users worldwide, potentially causing hundreds of millions of USD in total losses. [...]

https://www.bleepingcomputer.com/news/security/105-million-android-users-targeted-by-subscription-fraud-campaign/

Microsoft mitigated a record 3.47 Tbps DDoS attack on Azure users

Microsoft says its Azure DDoS protection platform mitigated a massive 3.47 terabits per second (Tbps) distributed denial of service (DDoS) attack targeting an Azure customer from Asia in November. [...]

https://www.bleepingcomputer.com/news/security/microsoft-mitigated-a-record-347-tbps-ddos-attack-on-azure-users/

Russian APT29 hackers' stealthy malware undetected for years

Hackers associated with the Russian Federation Foreign Intelligence Service (SVR) continued their incursions on networks of multiple organizations after the SolarWinds supply-chain compromise using two recently discovered sophisticated threats. [...]

https://www.bleepingcomputer.com/news/security/russian-apt29-hackers-stealthy-malware-undetected-for-years/

Microsoft: Windows 11 now in broad deployment for eligible devices

Microsoft says Windows 11 has now entered the broad deployment phase, making it available for everyone with an eligible device via Windows Update. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-now-in-broad-deployment-for-eligible-devices/