Tor Project removes relays because of for-profit, risky activity

The Tor Project has explained its recent decision to remove multiple network relays that represented a threat to the safety and security of all Tor network users. [...]

https://www.bleepingcomputer.com/news/security/tor-project-removes-relays-because-of-for-profit-risky-activity/

 Black Friday deal: Get 50% off Malwarebytes Premium + Privacy VPN

Malwarebytes' is running a Black Friday 2023 deal now through Cyber Monday, offering a 50% discount to the Malwarebytes Premium + Privacy VPN bundle until November 30th. [...]

https://www.bleepingcomputer.com/news/security/black-friday-deal-get-50-percent-off-malwarebytes-premium-plus-privacy-vpn/

 Criminal IP Becomes VirusTotal IP and URL Scan Contributor

The Criminal IP Threat Intelligence (CTI) search engine has integrated its IP address and URL scans into VirusTotal. Learn more from Criminal IP about how this integration can help you. [...]

https://www.bleepingcomputer.com/news/security/criminal-ip-becomes-virustotal-ip-and-url-scan-contributor/

 DarkGate and Pikabot malware emerge as Qakbot’s successors

A sophisticated phishing campaign pushing the DarkGate malware infections has recently added the PikaBot malware into the mix, making it the most advanced phishing campaign since the Qakbot operation was dismantled. [...]

https://www.bleepingcomputer.com/news/security/darkgate-and-pikabot-malware-emerge-as-qakbots-successors/

 Citrix warns admins to kill NetScaler user sessions to block hackers

Citrix reminded admins today that they must take additional measures after patching their NetScaler appliances against the CVE-2023-4966 'Citrix Bleed' vulnerability to secure vulnerable devices against attacks. [...]

https://www.bleepingcomputer.com/news/security/citrix-warns-admins-to-kill-netscaler-user-sessions-to-block-hackers/

 CISA orders federal agencies to patch Looney Tunables Linux bug

Today, CISA ordered U.S. federal agencies to secure their systems against an actively exploited vulnerability that lets attackers gain root privileges on many major Linux distributions. [...]

https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-patch-looney-tunables-linux-bug/

 Auto parts giant AutoZone warns of MOVEit data breach

AutoZone is warning tens of thousands of its customers that it suffered a data breach as part of the Clop MOVEit file transfer attacks. [...]

https://www.bleepingcomputer.com/news/security/auto-parts-giant-autozone-warns-of-moveit-data-breach/

 Microsoft launches Defender Bounty Program with $20,000 rewards

Microsoft has unveiled a new bug bounty program aimed at the Microsoft Defender security platform, with rewards between $500 and $20,000. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-launches-defender-bounty-program-with-20-000-rewards/

 Lumma malware can allegedly restore expired Google auth cookies

The Lumma information-stealer malware (aka 'LummaC2') is promoting a new feature that allegedly allows cybercriminals to restore expired Google cookies, which can be used to hijack Google accounts. [...]

https://www.bleepingcomputer.com/news/security/lumma-malware-can-allegedly-restore-expired-google-auth-cookies/

 Hacktivists breach U.S. nuclear research lab, steal employee data

The Idaho National Laboratory (INL) confirms they suffered a cyberattack after 'SiegedSec' hacktivists leaked stolen human resources data online. [...]

https://www.bleepingcomputer.com/news/security/hacktivists-breach-us-nuclear-research-lab-steal-employee-data/

 Microsoft now rolling out Copilot to Windows 10 devices

Microsoft is now rolling out the Copilot AI assistant to eligible non-managed systems enrolled in the Windows Insider program and running Windows 10 22H2 Home and Pro editions. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-now-rolling-out-copilot-to-windows-10-devices/

 Open-source Blender project battling DDoS attacks since Saturday

Blender has confirmed that recent site outages have been caused by ongoing DDoS (distributed denial of service) attacks that started on Saturday. [...]

https://www.bleepingcomputer.com/news/security/open-source-blender-project-battling-ddos-attacks-since-saturday/

 The Black Friday 2023 Security, IT, VPN, & Antivirus Deals

Black Friday 2023 is here, and great deals are live in computer security, software, online courses, system admin services, antivirus, and VPN software. [...]

https://www.bleepingcomputer.com/news/security/the-black-friday-2023-security-it-vpn-and-antivirus-deals/

 New botnet malware exploits two zero-days to infect NVRs and routers

A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution (RCE) vulnerabilities to infect routers and video recorder (NVR) devices. [...]

https://www.bleepingcomputer.com/news/security/new-botnet-malware-exploits-two-zero-days-to-infect-nvrs-and-routers/

 Microsoft: Lazarus hackers breach CyberLink in supply chain attack

Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide. [...]

https://www.bleepingcomputer.com/news/security/microsoft-lazarus-hackers-breach-cyberlink-in-supply-chain-attack/

 Welltok data breach exposes data of 8.5 million US patients

Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack. [...]

https://www.bleepingcomputer.com/news/security/welltok-data-breach-exposes-data-of-85-million-us-patients/

 Windows Hello auth bypassed on Microsoft, Dell, Lenovo laptops

Security researchers bypassed Windows Hello fingerprint authentication on Dell Inspiron, Lenovo ThinkPad, and Microsoft Surface Pro X laptops in attacks exploiting security flaws found in the embedded fingerprint sensors. [...]

https://www.bleepingcomputer.com/news/security/windows-hello-auth-bypassed-on-microsoft-dell-lenovo-laptops/

 Kansas courts confirm data theft, ransom demand after cyberattack

The Kansas Judicial Branch has published an update on a cybersecurity incident it suffered last month, confirming that hackers stole sensitive files containing confidential information from its systems. [...]

https://www.bleepingcomputer.com/news/security/kansas-courts-confirm-data-theft-ransom-demand-after-cyberattack/

 Black Friday 2023: Get 25% off the Zero2Automated malware analysis course

The popular Zero2Automated malware analysis and reverse-engineering course has a Black Friday 2023 through Cyber Monday sale, where you can get 25% off sitewide, including gift certificates and courses. [...]

https://www.bleepingcomputer.com/news/security/black-friday-2023-get-25-percent-off-the-zero2automated-malware-analysis-course/

 Cyberattack on IT provider CTS impacts dozens of UK law firms

A cyberattack on CTS, a leading managed service provider (MSP) for law firms and other organizations in the UK legal sector, is behind a major outage impacting numerous law firms and home buyers in the country since Wednesday. [...]

https://www.bleepingcomputer.com/news/security/cyberattack-on-it-provider-cts-impacts-dozens-of-uk-law-firms/

 UK and South Korea: Hackers use zero-day in supply-chain attack

A joint advisory by the National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) discloses a supply-chain attack executed by North Korean hackers involving the MagicLineThe National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) warn that the North Korean Lazarus hacking grou [...]

https://www.bleepingcomputer.com/news/security/uk-and-south-korea-hackers-use-zero-day-in-supply-chain-attack/