European Medicines Agency fully operational after cyberattack

The European Medicines Agency (EMA) responsible for COVID-19 vaccine approval has suffered a cyberattack of an undisclosed nature, according to a statement posted on their website. [...]

https://www.bleepingcomputer.com/news/security/european-medicines-agency-fully-operational-after-cyberattack/

Qbot malware switched to stealthy new Windows autostart method

A new Qbot malware version now activates its persistence mechanism right before infected Windows devices shutdown and it automatically removes any traces when the system restarts or wakes up from sleep. [...]

https://www.bleepingcomputer.com/news/security/qbot-malware-switched-to-stealthy-new-windows-autostart-method/

Microsoft Edge gets a performance boost with sleeping tabs

Microsoft is rolling out a sleeping tabs feature to the new Chromium-based Edge web browser which will drastically reduce memory and CPU resource usage. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-gets-a-performance-boost-with-sleeping-tabs/

Teen who shook the Internet in 2016 pleads guilty to DDoS attacks

One of the operators behind a Mirai botnet pleaded guilty to their involvement in a huge DDoS attack that caused a massive Internet disruption during October 2016. [...]

https://www.bleepingcomputer.com/news/security/teen-who-shook-the-internet-in-2016-pleads-guilty-to-ddos-attacks/

Hackers can use WinZip insecure server connection to drop malware

The server-client communication in certain versions of the WinZip file compression tool is insecure and could be modified to serve malware or fraudulent content to users. [...]

https://www.bleepingcomputer.com/news/security/hackers-can-use-winzip-insecure-server-connection-to-drop-malware/

Cisco fixes new Jabber for Windows critical code execution bug

Cisco has addressed a new critical severity remote code execution (RCE) vulnerability affecting several versions of Cisco Jabber for Windows, macOS, and mobile platforms after patching a related security bug in September. [...]

https://www.bleepingcomputer.com/news/security/cisco-fixes-new-jabber-for-windows-critical-code-execution-bug/

Windows Kerberos Bronze Bit attack gets public exploit, patch now

Proof-of-concept exploit code and full details on a Windows Kerberos security bypass vulnerability have been published earlier this week by Jake Karnes, the NetSPI security consultant and penetration tester who reported the security bug to Microsoft. [...]

https://www.bleepingcomputer.com/news/security/windows-kerberos-bronze-bit-attack-gets-public-exploit-patch-now/

250,000 stolen MySQL databases for sale on dark web auction site

Hackers have set up an auction site on the dark web to sell 250,000 databases stolen from tens of thousands of breached MySQL servers. [...]

https://www.bleepingcomputer.com/news/security/250-000-stolen-mysql-databases-for-sale-on-dark-web-auction-site/

Sophos fixes SQL injection vulnerability in their Cyberoam OS

Sophos has deployed a hotfix for their line of Cyberoam firewalls and routers to fix a SQL injection vulnerability. [...]

https://www.bleepingcomputer.com/news/security/sophos-fixes-sql-injection-vulnerability-in-their-cyberoam-os/

Fake data breach alerts used to steal Ledger cryptocurrency wallets

A phishing scam is underway that targets Ledger wallet users with fake data breach notifications used to steal cryptocurrency from recipients. [...]

https://www.bleepingcomputer.com/news/security/fake-data-breach-alerts-used-to-steal-ledger-cryptocurrency-wallets/

U.S. warns of increased cyberattacks against K-12 distance learning

K-12 educational institutions in the U.S. are being targeted by malicious actors for extortion, data theft, and general disruption of normal activity. The trend will continue through the 2020/2021 academic year. [...]

https://www.bleepingcomputer.com/news/security/us-warns-of-increased-cyberattacks-against-k-12-distance-learning/

Microsoft adds 64-bit application support to Windows 10 on ARM

Microsoft has announced the long-awaited ability to run emulated 64-bit applications in Windows on ARM. This new feature will allow applications to use more memory and thus gain better performance than their 32-bit counterparts. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-adds-64-bit-application-support-to-windows-10-on-arm/

Massive Subway UK phishing attack is pushing TrickBot malware

A massive phishing campaign pretending to be a Subway order confirmation is underway distributing the notorious TrickBot malware. [...]

https://www.bleepingcomputer.com/news/security/massive-subway-uk-phishing-attack-is-pushing-trickbot-malware/

Microsoft: New malware can infect over 30K Windows PCs a day

Microsoft has warned of an ongoing campaign pushing a new browser hijacking and credential-stealing malware dubbed Adrozek which, at its peak, was able to take over more than 30,000 devices every day. [...]

https://www.bleepingcomputer.com/news/security/microsoft-new-malware-can-infect-over-30k-windows-pcs-a-day/

Facebook unmasks Vietnam’s APT32 hacking group

The Facebook security team has revealed today the real identity of APT32, a Vietnam-backed hacking group active in cyberespionage campaigns targeting foreign government, multi-national corporations, and journalists since at least 2014. [...]

https://www.bleepingcomputer.com/news/security/facebook-unmasks-vietnam-s-apt32-hacking-group/

Ex-Cisco engineer who nuked 16k WebEx accounts sent to prison

Sudhish Kasaba Ramesh, a former Cisco engineer, was sentenced on Wednesday to two years in prison and ordered to pay a $15,000 fine for shutting down more than 16,000 WebEx Teams accounts and over 450 virtual machines in 2018, [...]

https://www.bleepingcomputer.com/news/security/ex-cisco-engineer-who-nuked-16k-webex-accounts-sent-to-prison/

Microsoft Office security updates fix critical SharePoint RCE bugs

Microsoft has addressed critical remote code execution vulnerabilities in multiple SharePoint versions with this month's Office security updates. [...]

https://www.bleepingcomputer.com/news/security/microsoft-office-security-updates-fix-critical-sharepoint-rce-bugs/

Samsung fixes critical Android bugs in December 2020 updates

This week Samsung has started rolling out Android's December security updates to mobile devices to patch critical security vulnerabilities in the operating system. This comes after Android had published their December 2020 security updates bulletin, which includes patches for critical bugs. [...]

https://www.bleepingcomputer.com/news/security/samsung-fixes-critical-android-bugs-in-december-2020-updates/

MountLocker ransomware gets slimmer, now encrypts fewer files

MountLocker ransomware received an update recently that cut its size by half but preserves a weakness that could potentially allow learning the random key used to encrypt files. [...]

https://www.bleepingcomputer.com/news/security/mountlocker-ransomware-gets-slimmer-now-encrypts-fewer-files/

The Week in Ransomware - December 11th 2020 - Targeting K-12

This week we continued to see ransomware target businesses, education, and healthcare with cyberattacks that disrupt operations and lead to school closings. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-11th-2020-targeting-k-12/

Adobe releases final Flash Player update, warns of 2021 kill switch

After 24 years of fun games and abuse by threat actors, Adobe has released their final Flash Player update and thanked everyone for the fantastic content that they have released over the years. [...]

https://www.bleepingcomputer.com/news/software/adobe-releases-final-flash-player-update-warns-of-2021-kill-switch/