Meta and Chime sue Nigerians behind Facebook, Instagram phishing

Meta (formerly known as Facebook) has filed a joint lawsuit with Chime, a financial technology and digital banking company, against two Nigerian individuals who allegedly used Instagram and Facebook accounts to impersonate Chime and target its users in phishing attacks. [...]

https://www.bleepingcomputer.com/news/security/meta-and-chime-sue-nigerians-behind-facebook-instagram-phishing/

Ransomware dev releases Egregor, Maze master decryption keys

The master decryption keys for the Maze, Egregor, and Sekhmet ransomware operations were released last night on the BleepingComputer forums by the alleged malware developer. [...]

https://www.bleepingcomputer.com/news/security/ransomware-dev-releases-egregor-maze-master-decryption-keys/

CISA warns admins to patch maximum severity SAP vulnerability

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned admins to patch a set of severe security flaws dubbed ICMAD (Internet Communication Manager Advanced Desync) and impacting SAP business apps using Internet Communication Manager (ICM). [...]

https://www.bleepingcomputer.com/news/security/cisa-warns-admins-to-patch-maximum-severity-sap-vulnerability/

Wave of MageCart attacks target hundreds of outdated Magento sites

Analysts have found the source of a mass breach of over 500 e-commerce stores running the Magento 1 platform and involves a single domain loading a credit card skimmer on all of them. [...]

https://www.bleepingcomputer.com/news/security/wave-of-magecart-attacks-target-hundreds-of-outdated-magento-sites/

Microsoft Teams now needs 50% less power during meetings

Microsoft has drastically reduced Microsoft Teams' power requirements in calls and meetings since June 2020, improving experience consistency and making it more friendly with low-end devices. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-teams-now-needs-50-percent-less-power-during-meetings/

PHP Everywhere RCE flaws threaten thousands of WordPress sites

Researchers found three critical remote code execution (RCE) vulnerabilities in the PHP Everywhere plugin for WordPress, used by over 30,000 websites worldwide. [...]

https://www.bleepingcomputer.com/news/security/php-everywhere-rce-flaws-threaten-thousands-of-wordpress-sites/

Spain dismantles SIM swapping group who emptied bank accounts

Spanish National Police has arrested eight suspects allegedly part of a crime ring who drained bank accounts in a series of SIM swapping attacks. [...]

https://www.bleepingcomputer.com/news/security/spain-dismantles-sim-swapping-group-who-emptied-bank-accounts/

FritzFrog botnet grows 10x, hits healthcare, edu, and govt systems

The FritzFrog botnet that's been active for more than two years has resurfaced with an alarming infection rate, growing ten times in just a month of hitting healthcare, education, and government systems with an exposed SSH server. [...]

https://www.bleepingcomputer.com/news/security/fritzfrog-botnet-grows-10x-hits-healthcare-edu-and-govt-systems/

FTC says Americans lost $547 million to romance scams in 2021

The US Federal Trade Commission (FTC) said that Americans reported record high losses of $547 million to romance scams in 2021, up almost 80% compared to 2020 and over six times compared to losses reported in 2017. [...]

https://www.bleepingcomputer.com/news/security/ftc-says-americans-lost-547-million-to-romance-scams-in-2021/

Qbot, Lokibot malware switch back to Windows Regsvr32 delivery

Malware distributors have turned to an older trick known as Squiblydoo to spread Qbot and Lokibot via Microsoft Office document using regsvr32.exe. [...]

https://www.bleepingcomputer.com/news/security/qbot-lokibot-malware-switch-back-to-windows-regsvr32-delivery/

Apple patches new zero-day exploited to hack iPhones, iPads, Macs

Apple has released security updates to fix a new zero-day vulnerability exploited in the wild by attackers to hack iPhones, iPads, and Macs. [...]

https://www.bleepingcomputer.com/news/security/apple-patches-new-zero-day-exploited-to-hack-iphones-ipads-macs/

Hacking group 'ModifiedElephant' evaded discovery for a decade

Threat analysts have linked a decade of activity to an APT (advanced persistent threat) actor called 'ModifiedElephant', who has managed to remain elusive to all threat intelligence firms since 2012. [...]

https://www.bleepingcomputer.com/news/security/hacking-group-modifiedelephant-evaded-discovery-for-a-decade/

Microsoft starts killing off WMIC in Windows, will thwart attacks

Microsoft is moving forward with removing the Windows Management Instrumentation Command-line (WMIC) tool, wmic.exe, starting with the latest Windows 11 preview builds in the Dev channel. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-starts-killing-off-wmic-in-windows-will-thwart-attacks/

Microsoft: Support for Windows 10 20H2 ending in May 2022

Microsoft reminded customers today that multiple editions of Windows 10, version 20H2 and Windows 10, version 1909 are quickly approaching end of servicing (EOS). [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-support-for-windows-10-20h2-ending-in-may-2022/

Microsoft fixes Defender flaw letting hackers bypass antivirus scans

Microsoft has recently addressed a weakness in the Microsoft Defender Antivirus on Windows that allowed attackers to plant and execute malicious payloads without triggering Defender's malware detection engine. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-defender-flaw-letting-hackers-bypass-antivirus-scans/

CISA urges orgs to patch actively exploited Windows SeriousSAM bug

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added to the catalog of vulnerabilities another 15 security issues actively used in cyberattacks. [...]

https://www.bleepingcomputer.com/news/security/cisa-urges-orgs-to-patch-actively-exploited-windows-serioussam-bug/

Google Project Zero: Vendors are now quicker at fixing zero-days

Google's Project Zero has published a report showing that organizations took less time to address the zero-day vulnerabilities that the team reported last year. [...]

https://www.bleepingcomputer.com/news/security/google-project-zero-vendors-are-now-quicker-at-fixing-zero-days/

CISA orders federal agencies to update iPhones until Feb 25th

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new flaw to its catalog of vulnerabilities exploited in the wild, an Apple WebKit bug used to target iPhones, iPads, and Macs. [...]

https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-update-iphones-until-feb-25th/

Twitter is down with "Something went wrong" errors

Twitter is currently experiencing a worldwide service disruption that makes it impossible for users to read tweets on the web and load threads using the mobile app. [...]

https://www.bleepingcomputer.com/news/technology/twitter-is-down-with-something-went-wrong-errors/

Croatian phone carrier data breach impacts 200,000 clients

Croatian phone carrier 'A1 Hrvatska' has disclosed a data breach exposing the personal information of 10% of its customers, roughly 200,000 people. [...]

https://www.bleepingcomputer.com/news/security/croatian-phone-carrier-data-breach-impacts-200-000-clients/

The Week in Ransomware - February 11th 2022 - Maze, Egregor decryptors

We saw the Maze ransomware developers reemerge briefly this week as they shared the master decryption keys for the Egregor, Maze, and Sekhmet ransomware operations. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-11th-2022-maze-egregor-decryptors/