Bouncy Castle fixes cryptography API authentication bypass flaw

A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. When exploited, the vulnerability (CVE-2020-28052) can allow an attacker to gain access to user and administrator accounts due to a cryptographic weakness in the manner passwords are checked. [...]

https://www.bleepingcomputer.com/news/security/bouncy-castle-fixes-cryptography-api-authentication-bypass-flaw/

SolarWinds hackers breach agency in charge of US nuclear weapons

Nation-state hackers have breached the networks of the National Nuclear Security Administration (NNSA) and the US Department of Energy (DOE). [...]

https://www.bleepingcomputer.com/news/security/solarwinds-hackers-breach-agency-in-charge-of-us-nuclear-weapons/

Microsoft confirms breach in SolarWinds hack, denies infecting others

Microsoft has confirmed that they were hacked in the recent SolarWinds attacks but denied that their software was compromised in a supply-chain attack to infect customers. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-breach-in-solarwinds-hack-denies-infecting-others/

Microsoft identifies 40+ victims of SolarWinds hack, 80% from US

Microsoft said that over 40 of its customers had their networks infiltrated by hackers following the SolarWinds supply chain attack after they installed backdoored versions of the Orion IT monitoring platform. [...]

https://www.bleepingcomputer.com/news/security/microsoft-identifies-40-plus-victims-of-solarwinds-hack-80-percent-from-us/

Google Chrome disables insecure form warnings after complaints

Google has disabled a feature that displays a warning when submitting insecure forms after receiving many complaints from users and website administrators. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-disables-insecure-form-warnings-after-complaints/

NSA warns of hackers forging cloud authentication information

An advisory from the U.S. National Security Agency is providing Microsoft Azure administrators guidance to detect and protect against threat actors looking to access resources in the cloud by forging authentication information. [...]

https://www.bleepingcomputer.com/news/security/nsa-warns-of-hackers-forging-cloud-authentication-information/

Windows 10 updates cause CorsairVBusDriver BSOD crash loop

Microsoft's December 2020 Windows 10 updates are conflicting with the Corsair Utility Engine software and causing the operating system to go into a BSOD crash loop. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-updates-cause-corsairvbusdriver-bsod-crash-loop/

Europol launches new decryption platform for law enforcement

Europol and the European Commission have launched a new decryption platform that will help boost Europol's ability to gain access to information stored in encrypted media collected during criminal investigations. [...]

https://www.bleepingcomputer.com/news/security/europol-launches-new-decryption-platform-for-law-enforcement/

Stealthy Magecart malware mistakenly leaks list of hacked stores

A list of dozens of online stores hacked by a web skimming group was inadvertently leaked by a dropper used to deploy a stealthy remote access trojan (RAT) on compromised e-commerce sites. [...]

https://www.bleepingcomputer.com/news/security/stealthy-magecart-malware-mistakenly-leaks-list-of-hacked-stores/

The Week in Ransomware - December 18th 2020 - Targeting Israel

The SolarWinds supply chain attack has dominated this week's cybersecurity news, but there was still plenty of ransomware news this week. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-18th-2020-targeting-israel/

The SolarWinds cyberattack: The hack, the victims, and what we know

Since the SolarWinds supply chain attack was disclosed last Sunday, there has been a whirlwind of news, technical details, and analysis released about the hack. Because the amount of information that was released in such a short time is definitely overwhelming, we have published this as a roundup of this week's SolarWinds news. [...]

https://www.bleepingcomputer.com/news/security/the-solarwinds-cyberattack-the-hack-the-victims-and-what-we-know/

Google explains the cause of the recent YouTube, Gmail outage

Google says that the global authentication system outage which affected most consumer-facing series on Monday was caused by a bug in the automated quota management system impacting the Google User ID Service. [...]

https://www.bleepingcomputer.com/news/google/google-explains-the-cause-of-the-recent-youtube-gmail-outage/

Gitpaste-12 worm botnet returns with 30+ vulnerability exploits

Recently discovered Gitpaste-12 worm that spreads via GitHub and also hosts malicious payload on Pastebin, has returned with over 30 vulnerability exploits, according to researchers at Juniper Labs. [...]

https://www.bleepingcomputer.com/news/security/gitpaste-12-worm-botnet-returns-with-30-plus-vulnerability-exploits/

New Windows 10 tool lets you group your taskbar shortcuts

A new Windows 10 utility called TaskbarGroups lets you group shortcuts on the taskbar so they can easily be launched without taking up a lot of space. [...]

https://www.bleepingcomputer.com/news/microsoft/new-windows-10-tool-lets-you-group-your-taskbar-shortcuts/

Windows Hello is now being used by 84% of Windows 10 users

Windows Hello, which is an all-in-one biometric authentication process integrated into Windows 10, is slowly growing in popularity. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-hello-is-now-being-used-by-84-percent-of-windows-10-users/

Flavors designer Symrise halts production after Clop ransomware attack

Flavor and fragrance developer Symrise has suffered a Clop ransomware attack where the attackers allegedly stole 500 GB of unencrypted files and encrypted close to 1,000 devices. [...]

https://www.bleepingcomputer.com/news/security/flavors-designer-symrise-halts-production-after-clop-ransomware-attack/

Physical addresses of 270K Ledger owners leaked on hacker forum

A threat actor has leaked the stolen email and mailing addresses for Ledger cryptocurrency wallet users on a hacker forum for free. [...]

https://www.bleepingcomputer.com/news/security/physical-addresses-of-270k-ledger-owners-leaked-on-hacker-forum/

Microsoft fixes Windows 10 chkdsk bug causing boot failures

Microsoft has acknowledged a new issue impacting Windows 10 customers that might cause booting to fail on devices where the chkdsk tool has been used to repair logical file system errors. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-chkdsk-bug-causing-boot-failures/

New SUPERNOVA backdoor found in SolarWinds cyberattack analysis

While analyzing artifacts from the SolarWinds Orion supply-chain attack, security researchers discovered another backdoor that is likely from a second threat actor. [...]

https://www.bleepingcomputer.com/news/security/new-supernova-backdoor-found-in-solarwinds-cyberattack-analysis/

Google is bringing Discover to other Chromium browsers

According to new code references found in the open-source Chromium platform, Chromium-based browsers should soon be able to take advantage of Google's personalized news feed called 'Discover'. [...]

https://www.bleepingcomputer.com/news/google/google-is-bringing-discover-to-other-chromium-browsers/

VMware latest to confirm breach in SolarWinds hacking campaign

VMware is the latest company to confirm that it had its systems breached in the recent SolarWinds attacks and said that the hackers did not make any attempts of further exploitation after gaining access through the deployed backdoor. [...]

https://www.bleepingcomputer.com/news/security/vmware-latest-to-confirm-breach-in-solarwinds-hacking-campaign/