Black Friday 2020 deal: 20% off Zero2Automated reverse engineering courses

The popular Zero2Automated malware reverse-engineering course is having Black Friday promotion where you can get 20% off all courses on their site. [...]

https://www.bleepingcomputer.com/news/security/black-friday-2020-deal-20-percent-off-zero2automated-reverse-engineering-courses/

Passwords exposed for almost 50,000 vulnerable Fortinet VPNs

A hacker has now leaked the credentials of almost 50,000 Fortinet SSL VPNs vulnerable to CVE-2018-13379. Exploits for these VPNs had been posted over the weekend on hacker forums, as reported by BleepingComputer. [...]

https://www.bleepingcomputer.com/news/security/passwords-exposed-for-almost-50-000-vulnerable-fortinet-vpns/

Google Chrome now lets you execute commands via the address bar

Google is slowly rolling out a new feature to Google Chrome 87 that allows you to type commands in the address bar that perform specific browser actions. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-now-lets-you-execute-commands-via-the-address-bar/

Belden networking giant's company data stolen in cyberattack

Network device manufacturer Belden was hit with a cyberattack that allowed threat actors to steal files containing information about employees and business partners. [...]

https://www.bleepingcomputer.com/news/security/belden-networking-giants-company-data-stolen-in-cyberattack/

Baltimore County Public Schools hit by ransomware attack

Baltimore County Public Schools has been hit today by a ransomware attack that led to a systemic shutdown of its network due to the number of systems impacted in the attack. [...]

https://www.bleepingcomputer.com/news/security/baltimore-county-public-schools-hit-by-ransomware-attack/

Windows 7 and Server 2008 zero-day bug gets a free patch

An unpatched local privilege escalation (LPE) vulnerability affecting all Windows 7 and Server 2008 R2 devices received a free and temporary fix today through the 0patch platform. [...]

https://www.bleepingcomputer.com/news/security/windows-7-and-server-2008-zero-day-bug-gets-a-free-patch/

Danish news agency Ritzau refuses to pay after ransomware attack

Ritzau, the largest independent news agency in Denmark founded in 1866 by Erik Ritzau, said in a statement that it will not pay the ransom demanded by a ransomware gang that hit its network on Tuesday morning. [...]

https://www.bleepingcomputer.com/news/security/danish-news-agency-ritzau-refuses-to-pay-after-ransomware-attack/

The Best Black Friday 2020 Security, IT, VPN, & Antivirus Deals

Black Friday is almost here and great deals are already available for computer security, system admin, antivirus, and VPN software. [...]

https://www.bleepingcomputer.com/news/security/the-best-black-friday-2020-security-it-vpn-and-antivirus-deals/

TMT BEC scammers arrested after compromising 50,000 companies

Following a year-long investigation led by Interpol, three members of a prolific cybergang with a confirmed victim count of about 50,000 organizations have been arrested recently in Lagos, Nigeria. [...]

https://www.bleepingcomputer.com/news/security/tmt-bec-scammers-arrested-after-compromising-50-000-companies/

Sopra Steria expects €50 million loss after Ryuk ransomware attack

French IT services giant Sopra Steria said today in an official statement that the October Ryuk ransomware attack will lead to a loss of between €40 million and €50 million. [...]

https://www.bleepingcomputer.com/news/security/sopra-steria-expects-50-million-loss-after-ryuk-ransomware-attack/

Sophos alerts customers of info exposure after security breach

British cybersecurity and hardware company Sophos has emailed a small group of customers to alert them that their personal information was exposed following a security breach discovered on Tuesday. [...]

https://www.bleepingcomputer.com/news/security/sophos-alerts-customers-of-info-exposure-after-security-breach/

cPanel 2FA bypassed in minutes via brute-force attacks

A security flaw in the cPanel web hosting control panel allows attackers to circumvent two-factor authentication (2FA) checks via brute-force attacks for domains managed using vulnerable cPanel & WebHost Manager (WHM) versions. [...]

https://www.bleepingcomputer.com/news/security/cpanel-2fa-bypassed-in-minutes-via-brute-force-attacks/

Google Chrome will let you search through your open tabs

Google Chrome will soon let you search through your open web pages to find that missing page lost among a sea of tabs. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-will-let-you-search-through-your-open-tabs/

Ransomware hits largest US fertility network, patient data stolen

US Fertility, the largest network of fertility centers in the U.S., says that some of its systems were encrypted in a ransomware attack that affected the company two months ago, in September 2020. [...]

https://www.bleepingcomputer.com/news/security/ransomware-hits-largest-us-fertility-network-patient-data-stolen/

Warning: Massive Zoom phishing targets Thanksgiving meetings

Everyone should be on the lookout for a massive ongoing phishing attack today, pretending to be an invite for a Zoom meeting. Hosted on numerous landing pages, BleepingComputer has learned that thousands of users' credentials have already been stolen by the attack. [...]

https://www.bleepingcomputer.com/news/security/warning-massive-zoom-phishing-targets-thanksgiving-meetings/

Truck routing provider Rand McNally hit by cyberattack

Chicago-based transportation technology firm Rand McNally is working on restoring network functionality following a cyberattack that hit its systems earlier this week. [...]

https://www.bleepingcomputer.com/news/security/truck-routing-provider-rand-mcnally-hit-by-cyberattack/

Canon publicly confirms August ransomware attack, data theft

Canon has finally confirmed publicly that the cyberattack suffered in early August was caused by ransomware and that the hackers stole data from company servers. [...]

https://www.bleepingcomputer.com/news/security/canon-publicly-confirms-august-ransomware-attack-data-theft/

CBS Last.fm fixes admin password leakage via Symfony profiler

This week, British music streaming service, Last.fm has fixed a credentials leak on their systems. The leak occurred due to a misconfigured Symfony profiler, exposing admin username and password. [...]

https://www.bleepingcomputer.com/news/security/cbs-lastfm-fixes-admin-password-leakage-via-symfony-profiler/

Phishing lures employees with fake 'back to work' internal memos

Scammers are trying to steal email credentials from employees by impersonating their organization's human resources (HR) department in phishing emails camouflaged as internal 'back to work' company memos. [...]

https://www.bleepingcomputer.com/news/security/phishing-lures-employees-with-fake-back-to-work-internal-memos/

MasterChef, Big Brother producer discloses potential data breach

French multinational production and distribution firm Banijay Group SAS has publicly confirmed a cyber incident that led to employee and commercially sensitive data potentially being compromised. [...]

https://www.bleepingcomputer.com/news/security/masterchef-big-brother-producer-discloses-potential-data-breach/

Drupal issues emergency fix for critical bug with known exploits

Drupal has released emergency security updates to address a critical vulnerability with known exploits that could allow for arbitrary PHP code execution on some CMS versions. [...]

https://www.bleepingcomputer.com/news/security/drupal-issues-emergency-fix-for-critical-bug-with-known-exploits/