Microsoft tests new method to release Windows 10 features and fixes

Microsoft is testing a way to quickly bring new features and improvements to Windows 10 outside of the regularly scheduled Windows updates. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-tests-new-method-to-release-windows-10-features-and-fixes/

Hands on with Cortana's new file finder feature on Windows 10

A new Windows 10 feature lets you use the digital assistant to open and find files and save time spent navigating File Explorer or OneDrive. [...]

https://www.bleepingcomputer.com/news/microsoft/hands-on-with-cortanas-new-file-finder-feature-on-windows-10/

QNAP patches QTS vulnerabilities allowing NAS device takeover

Network-attached storage (NAS) maker QNAP today released security updates to address vulnerabilities that could enable attackers to take control of unpatched NAS devices following successful exploitation. [...]

https://www.bleepingcomputer.com/news/security/qnap-patches-qts-vulnerabilities-allowing-nas-device-takeover/

NSA: Russian state hackers exploit new VMware vulnerability to steal data

The National Security Agency (NSA) warns that Russian state-sponsored threat actors are exploiting a recently patched VMware vulnerability to steal sensitive information after deploying web shells on vulnerable servers. [...]

https://www.bleepingcomputer.com/news/security/nsa-russian-state-hackers-exploit-new-vmware-vulnerability-to-steal-data/

NortonLifeLock purchases Avira for $360 million

NortonLifeLock announced today that they have agreed to acquire Avira in an all-cash transaction for approximately $360 million. [...]

https://www.bleepingcomputer.com/news/security/nortonlifelock-purchases-avira-for-360-million/

Microsoft announces Azure cloud for top secret government data

Microsoft today announced the launch of a new offering for its mission-critical Azure Government cloud targeted at government customers and partners that regularly work with top-secret classified data. [...]

https://www.bleepingcomputer.com/news/security/microsoft-announces-azure-cloud-for-top-secret-government-data/

Foxconn electronics giant hit by ransomware, $34 million ransom

Foxconn electronics giant suffered a ransomware attack at a Mexican facility over the Thanksgiving weekend, where attackers stole unencrypted files before encrypting devices. [...]

https://www.bleepingcomputer.com/news/security/foxconn-electronics-giant-hit-by-ransomware-34-million-ransom/

Cisco fixes Security Manager vulnerabilities with public exploits

Cisco has released security updates to address multiple pre-authentication vulnerabilities with public exploits affecting Cisco Security Manager that could allow for remote code execution after successful exploitation. [...]

https://www.bleepingcomputer.com/news/security/cisco-fixes-security-manager-vulnerabilities-with-public-exploits/

PlayStation Now bugs let sites run malicious code on Windows PCs

Security bugs found in the PlayStation Now (PS Now) cloud gaming Windows application allowed attackers to execute arbitrary code on Windows devices running vulnerable app versions. [...]

https://www.bleepingcomputer.com/news/security/playstation-now-bugs-let-sites-run-malicious-code-on-windows-pcs/

Monster Azure VM used to play Tetris in Windows Task Manager

Microsoft Azure CTO Mark Russinovich utilized a monster 420 logical processor virtual machine to play Tetris using the CPU core list in Windows Task Manager. [...]

https://www.bleepingcomputer.com/news/microsoft/monster-azure-vm-used-to-play-tetris-in-windows-task-manager/

D-Link VPN routers get patch for remote command injection bugs

An vulnerability in D-link firmware powering multiple routers with VPN passthrough functionality allows attackers to take full control of the device. [...]

https://www.bleepingcomputer.com/news/security/d-link-vpn-routers-get-patch-for-remote-command-injection-bugs/

All Kubernetes versions affected by unpatched MiTM vulnerability

The Kubernetes Product Security Committee has provided advice on how to temporarily block attackers from exploiting a vulnerability that could enable them to intercept traffic from other pods in multi-tenant Kubernetes clusters in man-in-the-middle (MiTM) attacks. [...]

https://www.bleepingcomputer.com/news/security/all-kubernetes-versions-affected-by-unpatched-mitm-vulnerability/

Scammers spoof Target's gift card balance checking page

It's the giving season, and cybercriminals are more actively looking to steal gift cards. One of the most popular brands in their sight is giant retailer Target. [...]

https://www.bleepingcomputer.com/news/security/scammers-spoof-targets-gift-card-balance-checking-page/

Credit card stealing malware bundles backdoor for easy reinstall

An almost impossible to remove malware set to automatically activate on Black Friday was deployed on multiple Magento-powered online stores by threat actors according to researchers at Dutch cyber-security company Sansec. [...]

https://www.bleepingcomputer.com/news/security/credit-card-stealing-malware-bundles-backdoor-for-easy-reinstall/

Severe MDHexRay bug affects 100+ GE Healthcare imaging systems

A vulnerability in GE Healthcare's proprietary management software used for medical imaging devices could put patients' health privacy at risk, potentially their lives. [...]

https://www.bleepingcomputer.com/news/security/severe-mdhexray-bug-affects-100-plus-ge-healthcare-imaging-systems/

Norway: Russian APT28 state hackers likely behind Parliament attack

Russian-backed hacking group APT28 has likely brute-forced multiple Norwegian Parliament (Stortinget) email accounts on August 24, 2020, according to the Norwegian Police Security Service (PST, short for Politiets Sikkerhetstjeneste). [...]

https://www.bleepingcomputer.com/news/security/norway-russian-apt28-state-hackers-likely-behind-parliament-attack/

Windows 10 Cumulative Updates KB4592449 & KB4592438 released

The first batch of security updates or 'B' updates for the month of 'December 2020' is now available for all supported versions of Windows 10 including version 20H2. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-updates-kb4592449-and-kb4592438-released/

Microsoft December 2020 Patch Tuesday fixes 58 vulnerabilities

Today is Microsoft's December 2020 Patch Tuesday, and Windows administrators will be scrambling to put out fires, so be kind to them. As part of this Patch Tuesday, Microsoft fixed 58 security vulnerabilities and release a DNS cache poisoning vulnerability advisory. [...]

https://www.bleepingcomputer.com/news/security/microsoft-december-2020-patch-tuesday-fixes-58-vulnerabilities/

Microsoft issues guidance for DNS cache poisoning vulnerability

Microsoft issued guidance on how to mitigate a DNS cache poisoning vulnerability reported by security researchers from the University of California and Tsinghua University. [...]

https://www.bleepingcomputer.com/news/security/microsoft-issues-guidance-for-dns-cache-poisoning-vulnerability/

FireEye reveals that it was hacked by a nation state APT group

Leading cybersecurity company FireEye disclosed today that it was hacked by a threat actor showing all the signs of a state-sponsored hacking group. [...]

https://www.bleepingcomputer.com/news/security/fireeye-reveals-that-it-was-hacked-by-a-nation-state-apt-group/

Ransomware forces hosting provider Netgain to take down data centers

Cloud hosting and IT services provider Netgain was forced to take some of their data centers offline after suffering a ransomware attack in late November. [...]

https://www.bleepingcomputer.com/news/security/ransomware-forces-hosting-provider-netgain-to-take-down-data-centers/