FireEye reveals that it was hacked by a nation state APT group

Leading cybersecurity company FireEye disclosed today that it was hacked by a threat actor showing all the signs of a state-sponsored hacking group. [...]

https://www.bleepingcomputer.com/news/security/fireeye-reveals-that-it-was-hacked-by-a-nation-state-apt-group/

Ransomware forces hosting provider Netgain to take down data centers

Cloud hosting and IT services provider Netgain was forced to take some of their data centers offline after suffering a ransomware attack in late November. [...]

https://www.bleepingcomputer.com/news/security/ransomware-forces-hosting-provider-netgain-to-take-down-data-centers/

Microsoft fixes new Windows Kerberos security bug in staged rollout

Microsoft has issued security updates to address a Kerberos security feature bypass vulnerability impacting multiple Windows Server versions in a two-phase staged rollout. [...]

https://www.bleepingcomputer.com/news/security/microsoft-fixes-new-windows-kerberos-security-bug-in-staged-rollout/

Adobe fixes critical security vulnerabilities in Lightroom, Prelude

Adobe has released security updates to address critical severity security bugs affecting Windows and macOS versions of Adobe Lightroom and Adobe Prelude. [...]

https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-security-vulnerabilities-in-lightroom-prelude/

Russian hackers hide Zebrocy malware in virtual disk images

Russian-speaking hackers behind Zebrocy malware have changed their technique for delivering malware to high-profile victims and started to pack the threats in Virtual Hard Drives (VHD) to avoid detection. [...]

https://www.bleepingcomputer.com/news/security/russian-hackers-hide-zebrocy-malware-in-virtual-disk-images/

Credit card stealer hides in CSS files of hacked online stores

Credit card stealer scripts are evolving and become increasingly harder to detect due to novel hiding tactics. The latest example is a web skimmer that uses CSS code to blend within the pages of a compromised store and to steal customers' personal and payment information. [...]

https://www.bleepingcomputer.com/news/security/credit-card-stealer-hides-in-css-files-of-hacked-online-stores/

DHS-CISA urges admins to patch OpenSSL DoS vulnerability

This week OpenSSL has released fixes for a high severity Denial of Service (DoS) vulnerability, CVE-2020-1971. U.S. DHS Cybersecurity and Infrastructure Security Agency (CISA) has warned admins to upgrade their vulnerable OpenSSL instances immediately. [...]

https://www.bleepingcomputer.com/news/security/dhs-cisa-urges-admins-to-patch-openssl-dos-vulnerability/

European Medicines Agency fully operational after cyberattack

The European Medicines Agency (EMA) responsible for COVID-19 vaccine approval has suffered a cyberattack of an undisclosed nature, according to a statement posted on their website. [...]

https://www.bleepingcomputer.com/news/security/european-medicines-agency-fully-operational-after-cyberattack/

Qbot malware switched to stealthy new Windows autostart method

A new Qbot malware version now activates its persistence mechanism right before infected Windows devices shutdown and it automatically removes any traces when the system restarts or wakes up from sleep. [...]

https://www.bleepingcomputer.com/news/security/qbot-malware-switched-to-stealthy-new-windows-autostart-method/

Microsoft Edge gets a performance boost with sleeping tabs

Microsoft is rolling out a sleeping tabs feature to the new Chromium-based Edge web browser which will drastically reduce memory and CPU resource usage. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-gets-a-performance-boost-with-sleeping-tabs/

Teen who shook the Internet in 2016 pleads guilty to DDoS attacks

One of the operators behind a Mirai botnet pleaded guilty to their involvement in a huge DDoS attack that caused a massive Internet disruption during October 2016. [...]

https://www.bleepingcomputer.com/news/security/teen-who-shook-the-internet-in-2016-pleads-guilty-to-ddos-attacks/

Hackers can use WinZip insecure server connection to drop malware

The server-client communication in certain versions of the WinZip file compression tool is insecure and could be modified to serve malware or fraudulent content to users. [...]

https://www.bleepingcomputer.com/news/security/hackers-can-use-winzip-insecure-server-connection-to-drop-malware/

Cisco fixes new Jabber for Windows critical code execution bug

Cisco has addressed a new critical severity remote code execution (RCE) vulnerability affecting several versions of Cisco Jabber for Windows, macOS, and mobile platforms after patching a related security bug in September. [...]

https://www.bleepingcomputer.com/news/security/cisco-fixes-new-jabber-for-windows-critical-code-execution-bug/

Windows Kerberos Bronze Bit attack gets public exploit, patch now

Proof-of-concept exploit code and full details on a Windows Kerberos security bypass vulnerability have been published earlier this week by Jake Karnes, the NetSPI security consultant and penetration tester who reported the security bug to Microsoft. [...]

https://www.bleepingcomputer.com/news/security/windows-kerberos-bronze-bit-attack-gets-public-exploit-patch-now/

250,000 stolen MySQL databases for sale on dark web auction site

Hackers have set up an auction site on the dark web to sell 250,000 databases stolen from tens of thousands of breached MySQL servers. [...]

https://www.bleepingcomputer.com/news/security/250-000-stolen-mysql-databases-for-sale-on-dark-web-auction-site/

Sophos fixes SQL injection vulnerability in their Cyberoam OS

Sophos has deployed a hotfix for their line of Cyberoam firewalls and routers to fix a SQL injection vulnerability. [...]

https://www.bleepingcomputer.com/news/security/sophos-fixes-sql-injection-vulnerability-in-their-cyberoam-os/

Fake data breach alerts used to steal Ledger cryptocurrency wallets

A phishing scam is underway that targets Ledger wallet users with fake data breach notifications used to steal cryptocurrency from recipients. [...]

https://www.bleepingcomputer.com/news/security/fake-data-breach-alerts-used-to-steal-ledger-cryptocurrency-wallets/

U.S. warns of increased cyberattacks against K-12 distance learning

K-12 educational institutions in the U.S. are being targeted by malicious actors for extortion, data theft, and general disruption of normal activity. The trend will continue through the 2020/2021 academic year. [...]

https://www.bleepingcomputer.com/news/security/us-warns-of-increased-cyberattacks-against-k-12-distance-learning/

Microsoft adds 64-bit application support to Windows 10 on ARM

Microsoft has announced the long-awaited ability to run emulated 64-bit applications in Windows on ARM. This new feature will allow applications to use more memory and thus gain better performance than their 32-bit counterparts. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-adds-64-bit-application-support-to-windows-10-on-arm/

Massive Subway UK phishing attack is pushing TrickBot malware

A massive phishing campaign pretending to be a Subway order confirmation is underway distributing the notorious TrickBot malware. [...]

https://www.bleepingcomputer.com/news/security/massive-subway-uk-phishing-attack-is-pushing-trickbot-malware/

Microsoft: New malware can infect over 30K Windows PCs a day

Microsoft has warned of an ongoing campaign pushing a new browser hijacking and credential-stealing malware dubbed Adrozek which, at its peak, was able to take over more than 30,000 devices every day. [...]

https://www.bleepingcomputer.com/news/security/microsoft-new-malware-can-infect-over-30k-windows-pcs-a-day/