QNAP fixes high severity QTS, QES, and QuTS hero vulnerabilities

QNAP has released security updates to fix multiple high severity security vulnerabilities impacting network-attached storage (NAS) devices running the QES, QTS, and QuTS hero operating systems. [...]

https://www.bleepingcomputer.com/news/security/qnap-fixes-high-severity-qts-qes-and-quts-hero-vulnerabilities/

DHS warns of data theft risk when using Chinese products

The US Department of Homeland Security (DHS) warned American businesses of the data theft risks behind using equipment and data services provided by companies linked with the People's Republic of China (PRC). [...]

https://www.bleepingcomputer.com/news/security/dhs-warns-of-data-theft-risk-when-using-chinese-products/

Holiday deal exclusive: Get 20% off Emsisoft Anti-Malware

Emsisoft has provided BleepingComputer visitors an exclusive holiday deal where you can get 20% off Emsisoft Anti-Malware until the end of the year. [...]

https://www.bleepingcomputer.com/news/software/holiday-deal-exclusive-get-20-percent-off-emsisoft-anti-malware/

UK privacy watchdog warns SolarWinds victims to report data breaches

United Kingdom's Information Commissioner's Office (ICO) has warned organizations that fell victim to the SolarWinds hack that they are required to report data breaches within three days after their discovery. [...]

https://www.bleepingcomputer.com/news/security/uk-privacy-watchdog-warns-solarwinds-victims-to-report-data-breaches/

Microsoft 365 admins can now get security incident email alerts

Microsoft has added support for security incident email notifications to the Microsoft 365 Defender enterprise threat protection solution. [...]

https://www.bleepingcomputer.com/news/security/microsoft-365-admins-can-now-get-security-incident-email-alerts/

Windows zero-day with bad patch gets new public exploit code

Back in June, Microsoft released a fix for a vulnerability in the Windows operating system that enabled attackers to increase their permissions to kernel level on a compromised machine. The patch did not stick. [...]

https://www.bleepingcomputer.com/news/security/windows-zero-day-with-bad-patch-gets-new-public-exploit-code/

PSA: Active Chase phishing scam pretends to be fraud alerts

A large scale phishing scam is underway that pretends to be a security notice from Chase stating that fraudulent activity has been detected and caused the recipient's account to be blocked. [...]

https://www.bleepingcomputer.com/news/security/psa-active-chase-phishing-scam-pretends-to-be-fraud-alerts/

FBI: Iran behind pro-Trump ‘enemies of the people’ doxing site

Iranian cyber actors are likely behind a campaign that encouraged deadly violence against U.S. state officials certifying the 2020 election results. [...]

https://www.bleepingcomputer.com/news/security/fbi-iran-behind-pro-trump-enemies-of-the-people-doxing-site/

Citrix confirms ongoing DDoS attack impacting NetScaler ADCs

Citrix has confirmed today that an ongoing 'DDoS attack pattern' using DTLS as an amplification vector is affecting Citrix Application Delivery Controller (ADC) networking appliances with EDT enabled. [...]

https://www.bleepingcomputer.com/news/security/citrix-confirms-ongoing-ddos-attack-impacting-netscaler-adcs/

Hacker earns $2 million in bug bounties on HackerOne

Cosmin Iordache is the first bug bounty hunter to earn more than $2,000,000 in bounty awards through the vulnerability coordination and bug bounty program HackerOne. [...]

https://www.bleepingcomputer.com/news/security/hacker-earns-2-million-in-bug-bounties-on-hackerone/

NetGalley discloses data breach after website was hacked

The NetGalley book promotion site has suffered a data breach that allowed threat actors to access a database with members' personal information. [...]

https://www.bleepingcomputer.com/news/security/netgalley-discloses-data-breach-after-website-was-hacked/

Google Chrome is testing larger cache sizes to increase performance

Google is experimenting with increased storage for the browser cache to reduce the performance hit caused by the recently added partitioned cache feature. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-is-testing-larger-cache-sizes-to-increase-performance/

North Korean state hackers breach COVID-19 research entities

North Korean nation-state hackers tracked as the Lazarus Group have recently compromised organizations involved in COVID-19 research and vaccine development. [...]

https://www.bleepingcomputer.com/news/security/north-korean-state-hackers-breach-covid-19-research-entities/

FreePBX developer Sangoma hit with Conti ransomware attack

Sangoma disclosed a data breach after files were stolen during a recent Conti ransomware attack and published online. [...]

https://www.bleepingcomputer.com/news/security/freepbx-developer-sangoma-hit-with-conti-ransomware-attack/

Fake Amazon gift card emails deliver the Dridex malware

The Dridex malware gang is delivering a nasty gift for the holidays using a spam campaign pretending to be Amazon Gift Cards. [...]

https://www.bleepingcomputer.com/news/security/fake-amazon-gift-card-emails-deliver-the-dridex-malware/

CrowdStrike releases free Azure security tool after failed hack

Leading cybersecurity firm CrowdStrike was notified by Microsoft that threat actors had attempted to read the company's emails through compromised by Microsoft Azure credentials. [...]

https://www.bleepingcomputer.com/news/security/crowdstrike-releases-free-azure-security-tool-after-failed-hack/

SolarWinds releases updated advisory for new SUPERNOVA malware

SolarWinds has released an updated advisory for the additional SuperNova malware discovered to have been distributed through the company's network management platform. [...]

https://www.bleepingcomputer.com/news/security/solarwinds-releases-updated-advisory-for-new-supernova-malware/

Apple iCloud outage prevents device activations, access to data

Apple users are experiencing problems setting up new devices or accessing files stored on the cloud due to an ongoing iCloud outage that has lasted for more than 24 hours. [...]

https://www.bleepingcomputer.com/news/apple/apple-icloud-outage-prevents-device-activations-access-to-data/

Koei Tecmo discloses data breach after hacker leaks stolen data

Japanese game developer Koei Tecmo has disclosed a data breach and taken their European and American websites offline after stolen data was posted to a hacker forum. [...]

https://www.bleepingcomputer.com/news/security/koei-tecmo-discloses-data-breach-after-hacker-leaks-stolen-data/

Windows 10 Cloud PC: What is known about Microsoft's new service

With Cloud PC, Microsoft would handle your device configuration in your organization with regular updates, security improvements, and managed support. Cloud PC appears to be a part of the company's "Windows as a Service" tagline, which has become more apparent this year. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cloud-pc-what-is-known-about-microsofts-new-service/

GitHub-based malware calculates Cobalt Strike payload from Imgur pic

A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script. [...]

https://www.bleepingcomputer.com/news/security/github-based-malware-calculates-cobalt-strike-payload-from-imgur-pic/