SolarWinds victims revealed after cracking the Sunburst malware DGA

Security researchers have shared lists of organizations where threat actors deployed Sunburst/Solarigate malware, after ongoing investigations of the SolarWinds supply chain attack. [...]

https://www.bleepingcomputer.com/news/security/solarwinds-victims-revealed-after-cracking-the-sunburst-malware-dga/

FBI warns of ongoing COVID-19 vaccine related fraud schemes

US federal agencies have warned about scammers exploiting the public's interest in the COVID-19 vaccine to harvest personal information and steal money through multiple ongoing and emerging fraud schemes. [...]

https://www.bleepingcomputer.com/news/security/fbi-warns-of-ongoing-covid-19-vaccine-related-fraud-schemes/

SolarWinds hackers breached US Treasury officials’ email accounts

US Senator Ron Wyden said that dozens of US Treasury email accounts were compromised by the threat actors behind the SolarWinds hack. [...]

https://www.bleepingcomputer.com/news/security/solarwinds-hackers-breached-us-treasury-officials-email-accounts/

Microsoft: Don't delete Windows 10 root certificate expiring this month

A Microsoft root certificate is expiring at the end of this month, and Microsoft warns that removing it could cause problems with the operating system. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-dont-delete-windows-10-root-certificate-expiring-this-month/

Safe-Inet, Insorg VPN services shut down by law enforcement

Law enforcement agencies around the world in a coordinated effort took down and seized the infrastructure supporting Safe-Inet and Insorg VPN and proxy services known for catering cybercriminal activity. [...]

https://www.bleepingcomputer.com/news/security/safe-inet-insorg-vpn-services-shut-down-by-law-enforcement/

Roanoke College delays spring semester after cyberattack

Roanoke College has delayed their spring semester by almost a month after a cyberattack has impacted files and data access. [...]

https://www.bleepingcomputer.com/news/security/roanoke-college-delays-spring-semester-after-cyberattack/

Biden blasts Trump administration over SolarWinds attack response

U.S. President-Elect Joe Biden has criticized the Trump administration over the lack of response regarding the SolarWinds response and for failing to officially attribute the attacks. [...]

https://www.bleepingcomputer.com/news/security/biden-blasts-trump-administration-over-solarwinds-attack-response/

QNAP fixes high severity QTS, QES, and QuTS hero vulnerabilities

QNAP has released security updates to fix multiple high severity security vulnerabilities impacting network-attached storage (NAS) devices running the QES, QTS, and QuTS hero operating systems. [...]

https://www.bleepingcomputer.com/news/security/qnap-fixes-high-severity-qts-qes-and-quts-hero-vulnerabilities/

DHS warns of data theft risk when using Chinese products

The US Department of Homeland Security (DHS) warned American businesses of the data theft risks behind using equipment and data services provided by companies linked with the People's Republic of China (PRC). [...]

https://www.bleepingcomputer.com/news/security/dhs-warns-of-data-theft-risk-when-using-chinese-products/

Holiday deal exclusive: Get 20% off Emsisoft Anti-Malware

Emsisoft has provided BleepingComputer visitors an exclusive holiday deal where you can get 20% off Emsisoft Anti-Malware until the end of the year. [...]

https://www.bleepingcomputer.com/news/software/holiday-deal-exclusive-get-20-percent-off-emsisoft-anti-malware/

UK privacy watchdog warns SolarWinds victims to report data breaches

United Kingdom's Information Commissioner's Office (ICO) has warned organizations that fell victim to the SolarWinds hack that they are required to report data breaches within three days after their discovery. [...]

https://www.bleepingcomputer.com/news/security/uk-privacy-watchdog-warns-solarwinds-victims-to-report-data-breaches/

Microsoft 365 admins can now get security incident email alerts

Microsoft has added support for security incident email notifications to the Microsoft 365 Defender enterprise threat protection solution. [...]

https://www.bleepingcomputer.com/news/security/microsoft-365-admins-can-now-get-security-incident-email-alerts/

Windows zero-day with bad patch gets new public exploit code

Back in June, Microsoft released a fix for a vulnerability in the Windows operating system that enabled attackers to increase their permissions to kernel level on a compromised machine. The patch did not stick. [...]

https://www.bleepingcomputer.com/news/security/windows-zero-day-with-bad-patch-gets-new-public-exploit-code/

PSA: Active Chase phishing scam pretends to be fraud alerts

A large scale phishing scam is underway that pretends to be a security notice from Chase stating that fraudulent activity has been detected and caused the recipient's account to be blocked. [...]

https://www.bleepingcomputer.com/news/security/psa-active-chase-phishing-scam-pretends-to-be-fraud-alerts/

FBI: Iran behind pro-Trump ‘enemies of the people’ doxing site

Iranian cyber actors are likely behind a campaign that encouraged deadly violence against U.S. state officials certifying the 2020 election results. [...]

https://www.bleepingcomputer.com/news/security/fbi-iran-behind-pro-trump-enemies-of-the-people-doxing-site/

Citrix confirms ongoing DDoS attack impacting NetScaler ADCs

Citrix has confirmed today that an ongoing 'DDoS attack pattern' using DTLS as an amplification vector is affecting Citrix Application Delivery Controller (ADC) networking appliances with EDT enabled. [...]

https://www.bleepingcomputer.com/news/security/citrix-confirms-ongoing-ddos-attack-impacting-netscaler-adcs/

Hacker earns $2 million in bug bounties on HackerOne

Cosmin Iordache is the first bug bounty hunter to earn more than $2,000,000 in bounty awards through the vulnerability coordination and bug bounty program HackerOne. [...]

https://www.bleepingcomputer.com/news/security/hacker-earns-2-million-in-bug-bounties-on-hackerone/

NetGalley discloses data breach after website was hacked

The NetGalley book promotion site has suffered a data breach that allowed threat actors to access a database with members' personal information. [...]

https://www.bleepingcomputer.com/news/security/netgalley-discloses-data-breach-after-website-was-hacked/

Google Chrome is testing larger cache sizes to increase performance

Google is experimenting with increased storage for the browser cache to reduce the performance hit caused by the recently added partitioned cache feature. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-is-testing-larger-cache-sizes-to-increase-performance/

North Korean state hackers breach COVID-19 research entities

North Korean nation-state hackers tracked as the Lazarus Group have recently compromised organizations involved in COVID-19 research and vaccine development. [...]

https://www.bleepingcomputer.com/news/security/north-korean-state-hackers-breach-covid-19-research-entities/

FreePBX developer Sangoma hit with Conti ransomware attack

Sangoma disclosed a data breach after files were stolen during a recent Conti ransomware attack and published online. [...]

https://www.bleepingcomputer.com/news/security/freepbx-developer-sangoma-hit-with-conti-ransomware-attack/