Popular stock photo service hit by data breach, 8.3M records for sale

Stock photo site 123RF has suffered a data breach after a hacker began selling a database containing 8.3 million user records on a hacker forum. [...]

https://www.bleepingcomputer.com/news/security/popular-stock-photo-service-hit-by-data-breach-83m-records-for-sale/

New tool lets attackers easily create reply-chain phishing emails

A new email tool advertised on a cybercriminal forum provides a stealthier method for carrying out fraud or malware attacks by allowing messages to be injected directly into the victim's inbox. [...]

https://www.bleepingcomputer.com/news/security/new-tool-lets-attackers-easily-create-reply-chain-phishing-emails/

Google fixes more Chrome zero-days exploited in the wild

Google has released Chrome 86.0.4240.198 for Windows, Mac, and Linux to address two zero-day vulnerabilities exploited in the wild. [...]

https://www.bleepingcomputer.com/news/security/google-fixes-more-chrome-zero-days-exploited-in-the-wild/

DNS cache poisoning attacks return due to Linux weakness

Researchers from Tsinghua University and the University of California have identified a new method that can be used to conduct DNS cache poisoning attacks.
The findings reopen a vulnerability that had been discovered by Kaminsky in 2008 and thought to have been resolved. [...]

https://www.bleepingcomputer.com/news/security/dns-cache-poisoning-attacks-return-due-to-linux-weakness/

Luxottica data breach exposes 820K EyeMed, LensCrafters patients

A Luxottica data breach has exposed the personal and protected health information of 829,454 patients at LensCrafters, Target Optical, EyeMed, and other eye care practices. [...]

https://www.bleepingcomputer.com/news/security/luxottica-data-breach-exposes-820k-eyemed-lenscrafters-patients/

The North Face resets passwords after credential stuffing attack

Outdoor retail giant The North Face has reset the passwords of an undisclosed number of customers following a successful credential stuffing attack that took place last month, on October 9th. [...]

https://www.bleepingcomputer.com/news/security/the-north-face-resets-passwords-after-credential-stuffing-attack/

DarkSide ransomware is creating a secure data leak service in Iran

The DarkSide Ransomware operation claims they are creating a distributed storage system in Iran to store and leak data stolen from victims. To show they mean business, the ransomware gang has deposited $320 thousand on a hacker forum. [...]

https://www.bleepingcomputer.com/news/security/darkside-ransomware-is-creating-a-secure-data-leak-service-in-iran/

New Jupyter malware steals browser data, opens backdoor

Russian-speaking hackers have been using a new malware to steal information from their victims. Named Jupyter, the threat has kept a low profile and benefited from a fast development cycle. [...]

https://www.bleepingcomputer.com/news/security/new-jupyter-malware-steals-browser-data-opens-backdoor/

New stealthy hacker-for-hire group mimics state-backed attackers

A new mercenary hacker group tracked as CostaRicto by BlackBerry researchers is selling its services to entities requiring APT-level hacking expertise in cyber-espionage campaigns spanning the globe and targeting a multitude of industry sectors.  [...]

https://www.bleepingcomputer.com/news/security/new-stealthy-hacker-for-hire-group-mimics-state-backed-attackers/

New TroubleGrabber Discord malware steals passwords, system info

TroubleGrabber, a new credential stealer discovered by Netskope security researchers, spreads via Discord attachments and uses Discord webhooks to deliver stolen information to its operators. [...]

https://www.bleepingcomputer.com/news/security/new-troublegrabber-discord-malware-steals-passwords-system-info/

Biotech research firm Miltenyi Biotec hit by ransomware, data leaked

Biomedical and clinical research company Miltenyi Biotec says that it has fully restored systems after a malware attack that took place last month and affected the firm's global IT infrastructure. [...]

https://www.bleepingcomputer.com/news/security/biotech-research-firm-miltenyi-biotec-hit-by-ransomware-data-leaked/

IRS announces move to protect businesses from identity theft

The U.S. Internal Revenue Service (IRS) has announced today that sensitive information will be masked on all business tax transcripts starting next month to protect companies from identity theft. [...]

https://www.bleepingcomputer.com/news/security/irs-announces-move-to-protect-businesses-from-identity-theft/

The Week in Ransomware - November 13th 2020 - Extortion gone wild

There were not many known large ransomware attacks this week, but we have seen ransomware operations evolving their tactics to extort their victims further. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-13th-2020-extortion-gone-wild/

Apple iOS Safari feature can be used to share "fake news" headlines

A link-sharing feature in mobile versions of the Apple Safari browser makes it possible for users of iPhone, iPad, and iPod Touch to alter headlines when sharing excerpts from webpages.
A researcher has raised concerns this feature can be abused not only for pulling harmless pranks but for sharing "fake news." [...]

https://www.bleepingcomputer.com/news/security/apple-ios-safari-feature-can-be-used-to-share-fake-news-headlines/

Hacker shares 3.2 million Pluto TV accounts for free on forum

A hacker is sharing what they state are 3.2 million Pluto TV user records that were stolen during a data breach. [...]

https://www.bleepingcomputer.com/news/security/hacker-shares-32-million-pluto-tv-accounts-for-free-on-forum/

Malwarebytes is kicking Windows printers offline

Over the past few weeks, Malwarebytes consumer and business users have complained that their Windows network printers keep getting kicked offline. [...]

https://www.bleepingcomputer.com/news/software/malwarebytes-is-kicking-windows-printers-offline/

Closer look at Windows 10's new modern disk management tool

Windows 10's modern disk management tool is Microsoft's latest effort to migrate legacy tools into modern versions found in the Settings app. Earlier this year, Microsoft announced a new disk management tool that it calls a "modern" take on Windows 10's "snap-in" disk management tool. [...]

https://www.bleepingcomputer.com/news/microsoft/closer-look-at-windows-10s-new-modern-disk-management-tool/

Retail giant Cencosud hit by Egregor Ransomware attack, stores impacted

Chilean-based multinational retail company Cencosud has suffered a cyberattack by the Egregor ransomware operation that impacts services at stores. [...]

https://www.bleepingcomputer.com/news/security/retail-giant-cencosud-hit-by-egregor-ransomware-attack-stores-impacted/

DarkSide ransomware's Iranian hosting raises U.S. sanction concerns

Ransomware negotiation firm Coveware has placed the DarkSide operation on an internal restricted list after the threat actors announced plans to host infrastructure in Iran. [...]

https://www.bleepingcomputer.com/news/security/darkside-ransomwares-iranian-hosting-raises-us-sanction-concerns/

How to autostart PWAs after logging into Windows

​As more users begin to use a website as a progressive web app (PWA), Chromium-based browsers have added the ability to automatically launch your favorite PWAs when you log in to Windows 10. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-autostart-pwas-after-logging-into-windows/

Microsoft pauses Windows cumulative update previews for December

Microsoft has announced that they will not be releasing preview cumulative updates in December 2020 due to limited staff and operations during the upcoming holidays. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-pauses-windows-cumulative-update-previews-for-december/