Critical Oracle WebLogic flaw actively exploited by DarkIRC malware

A botnet known as DarkIRC is actively targeting thousands of exposed Oracle WebLogic servers in attacks designed to exploit the CVE-2020-14882 remote code execution (RCE) vulnerability fixed by Oracle two months ago. [...]

https://www.bleepingcomputer.com/news/security/critical-oracle-weblogic-flaw-actively-exploited-by-darkirc-malware/

Microsoft Teams Calling gets CarPlay support, SPAM id service, more

The new Microsoft Teams additions include call transfer, spam reduction, CarPlay support, streamlined calling experience, and more. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-teams-calling-gets-carplay-support-spam-id-service-more/

Malicious NPM packages used to install njRAT remote access trojan

New malicious NPM packages have been discovered that install the njRAT remote access trojan that allows hackers to gain control over a computer. [...]

https://www.bleepingcomputer.com/news/microsoft/malicious-npm-packages-used-to-install-njrat-remote-access-trojan/

Alabama school district shut down by ransomware attack

Ransomware operators have attacked the Huntsville City Schools district in Alabama, forcing them to shut down schools for the rest of the week and possibly next week. [...]

https://www.bleepingcomputer.com/news/security/alabama-school-district-shut-down-by-ransomware-attack/

Cyberespionage APT group hides behind cryptomining campaigns

An advanced threat group called Bismuth recently used cryptocurrency mining as a way to hide the purpose of their activity and to avoid triggering high-priority alerts. [...]

https://www.bleepingcomputer.com/news/security/cyberespionage-apt-group-hides-behind-cryptomining-campaigns/

Russian hacking group uses Dropbox to store malware-stolen data

Russian-backed hacking group Turla has used a previously undocumented malware toolset to deploy backdoors and steal sensitive documents in targeted cyber-espionage campaigns directed at high-profile targets such as the Ministry of Foreign Affairs of European Union countries. [...]

https://www.bleepingcomputer.com/news/security/russian-hacking-group-uses-dropbox-to-store-malware-stolen-data/

FBI and Homeland Security warn of APT attacks on US think tanks

The FBI and DHS-CISA warned of state-sponsored hacking groups targeting U.S. think tank organizations in a joint alert published on Tuesday evening. [...]

https://www.bleepingcomputer.com/news/security/fbi-and-homeland-security-warn-of-apt-attacks-on-us-think-tanks/

Microsoft Office November 2020 updates fix Outlook, Skype issues

Microsoft has released the November 2020 non-security Microsoft Office updates with performance enhancements and fixes for known issues impacting Windows Installer (MSI) editions of Office 2016 products. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-office-november-2020-updates-fix-outlook-skype-issues/

Phishing targets US brokerage firms using FINRA lookalike domain

US securities industry regulator FINRA warned brokerage firms earlier this week of ongoing phishing attacks using a recently registered web domain spoofing a legitimate FINRA website. [...]

https://www.bleepingcomputer.com/news/security/phishing-targets-us-brokerage-firms-using-finra-lookalike-domain/

Google Chrome will soon warn you when using weak passwords

​Your online accounts' security is heavily dependent on how strong your passwords are, and if they are too easy, attackers could hack into your account by brute-forcing your password. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-will-soon-warn-you-when-using-weak-passwords/

K12 online schooling giant pays Ryuk ransomware to stop data leak

Online education giant K12 Inc. has paid a ransom after their systems were hit by Ryuk ransomware in the middle of November. [...]

https://www.bleepingcomputer.com/news/security/k12-online-schooling-giant-pays-ryuk-ransomware-to-stop-data-leak/

HMRC phishing scam abuses mail service to bypass spam filters

Threat actors are exploiting legitimate SendGrid mailing service to send HMRC phishing emails that bypass spam filters. [...]

https://www.bleepingcomputer.com/news/security/hmrc-phishing-scam-abuses-mail-service-to-bypass-spam-filters/

Google is closing 3D model site Poly to focus on AR experiences

Google is shutting down its 3D model sharing site Poly in 2021 to focus their resources on building AR experiences. [...]

https://www.bleepingcomputer.com/news/google/google-is-closing-3d-model-site-poly-to-focus-on-ar-experiences/

Ransomware gang says they stole 2 million credit cards from E-Land

Clop ransomware is claiming to have stolen 2 million credit cards from E-Land Retail over a one-year period ending with last months ransomware attack. [...]

https://www.bleepingcomputer.com/news/security/ransomware-gang-says-they-stole-2-million-credit-cards-from-e-land/

Android apps with 250M downloads still vulnerable to patched bug

Android apps with over 250 million downloads are still susceptible to a severe vulnerability in a Google library that was patched in August 2020. [...]

https://www.bleepingcomputer.com/news/security/android-apps-with-250m-downloads-still-vulnerable-to-patched-bug/

TrickBot's new module aims to infect your UEFI firmware

The developers of TrickBot have created a new module that probes for UEFI vulnerabilities, demonstrating the actor's effort to take attacks at a level that would give them ultimate control over infected machines. [...]

https://www.bleepingcomputer.com/news/security/trickbots-new-module-aims-to-infect-your-uefi-firmware/

Intel driver updates fix Windows 10 BSODs, Bluetooth issues

Intel has released updated Wireless Bluetooth and Wi-Fi drivers for Windows 10 customers to address known issues causing blue screen of death (BSOD) errors and Bluetooth devices to lose connection or stop working. [...]

https://www.bleepingcomputer.com/news/software/intel-driver-updates-fix-windows-10-bsods-bluetooth-issues/

Hackers target EU Commission, COVID-19 cold chain supply orgs

IBM X-Force warned of threat actors actively targeting organizations associated with the COVID-19 vaccine cold chain in a large scale spear-phishing campaign that has started three months ago, in September 2020. [...]

https://www.bleepingcomputer.com/news/security/hackers-target-eu-commission-covid-19-cold-chain-supply-orgs/

Hacker-for-hire group develops new stealthy Windows backdoor

Kaspersky researchers discovered a previously undocumented Windows PowerShell malware dubbed PowerPepper and developed by the hacker-for-hire group DeathStalker. [...]

https://www.bleepingcomputer.com/news/security/hacker-for-hire-group-develops-new-stealthy-windows-backdoor/

Kmart nationwide retailer suffers a ransomware attack

US department store retailer Kmart has suffered a ransomware attack that impacts back-end services at the company, BleepingComputer has learned. [...]

https://www.bleepingcomputer.com/news/security/kmart-nationwide-retailer-suffers-a-ransomware-attack/

Credit card stealing malware hides in social media sharing icons

Newly discovered web skimming malware is capable of hiding in plain sight to inject payment card skimmer scripts into compromised online stores. [...]

https://www.bleepingcomputer.com/news/security/credit-card-stealing-malware-hides-in-social-media-sharing-icons/