Apple iCloud outage prevents device activations, access to data

Apple users are experiencing problems setting up new devices or accessing files stored on the cloud due to an ongoing iCloud outage that has lasted for more than 24 hours. [...]

https://www.bleepingcomputer.com/news/apple/apple-icloud-outage-prevents-device-activations-access-to-data/

Koei Tecmo discloses data breach after hacker leaks stolen data

Japanese game developer Koei Tecmo has disclosed a data breach and taken their European and American websites offline after stolen data was posted to a hacker forum. [...]

https://www.bleepingcomputer.com/news/security/koei-tecmo-discloses-data-breach-after-hacker-leaks-stolen-data/

Windows 10 Cloud PC: What is known about Microsoft's new service

With Cloud PC, Microsoft would handle your device configuration in your organization with regular updates, security improvements, and managed support. Cloud PC appears to be a part of the company's "Windows as a Service" tagline, which has become more apparent this year. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cloud-pc-what-is-known-about-microsofts-new-service/

GitHub-based malware calculates Cobalt Strike payload from Imgur pic

A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script. [...]

https://www.bleepingcomputer.com/news/security/github-based-malware-calculates-cobalt-strike-payload-from-imgur-pic/

Multi-platform card skimmer found on Shopify, BigCommerce stores

A recently discovered multi-platform credit card skimmer can harvest payment info on compromised stores powered by Shopify, BigCommerce, Zencart, and Woocommerce. [...]

https://www.bleepingcomputer.com/news/security/multi-platform-card-skimmer-found-on-shopify-bigcommerce-stores/

UK NCA visits WeLeakInfo users to warn of using stolen data

21 WeLeakInfo customers have been arrested across the UK for using stolen credentials downloaded from WeLeakInfo following an operation coordinated by the UK National Crime Agency (NCA). [...]

https://www.bleepingcomputer.com/news/security/uk-nca-visits-weleakinfo-users-to-warn-of-using-stolen-data/

Home appliance giant Whirlpool hit in Nefilim ransomware attack

Home appliances giant Whirlpool suffered a ransomware attack by the Nefilim ransomware gang who stole data before encrypting devices. [...]

https://www.bleepingcomputer.com/news/security/home-appliance-giant-whirlpool-hit-in-nefilim-ransomware-attack/

CISA releases Azure, Microsoft 365 malicious activity detection tool

The Cybersecurity and Infrastructure Security Agency (CISA) has released a PowerShell-based tool that helps detect potentially compromised applications and accounts in Azure/Microsoft 365 environments. [...]

https://www.bleepingcomputer.com/news/security/cisa-releases-azure-microsoft-365-malicious-activity-detection-tool/

Finnish Parliament attackers hack lawmakers’ email accounts

The email accounts of multiple members of parliament (MPs) were compromised following a cyberattack as revealed today by the Parliament of Finland. [...]

https://www.bleepingcomputer.com/news/security/finnish-parliament-attackers-hack-lawmakers-email-accounts/

Aida Cruises cancels trips due to mysterious "IT restrictions"

German cruise line AIDA Cruises is dealing with mysterious "IT restrictions" that have led to the cancellation of New Year's Eve cruises embarking this past weekend. [...]

https://www.bleepingcomputer.com/news/security/aida-cruises-cancels-trips-due-to-mysterious-it-restrictions/

Kawasaki discloses security breach, potential data leak

Japan's Kawasaki Heavy Industries announced a security breach and potential data leak after unauthorized access to a Japanese company server from multiple overseas offices. [...]

https://www.bleepingcomputer.com/news/security/kawasaki-discloses-security-breach-potential-data-leak/

US Treasury warns of ransomware targeting COVID-19 vaccine research

The US Treasury Department's Financial Crimes Enforcement Network (FinCEN) warned financial institutions of ransomware actively targeting vaccine research organizations. [...]

https://www.bleepingcomputer.com/news/security/us-treasury-warns-of-ransomware-targeting-covid-19-vaccine-research/

Voyager cryptocurrency broker halted trading due to cyberattack

The Voyager cryptocurrency brokerage platform halted trading yesterday after suffering a cyberattack targeting their DNS configuration. [...]

https://www.bleepingcomputer.com/news/security/voyager-cryptocurrency-broker-halted-trading-due-to-cyberattack/

Microsoft: SolarWinds hackers' goal was the victims' cloud data

Microsoft says that the end goal of the SolarWinds supply chain compromise was to pivot to the victims' cloud assets after deploying the Sunburst/Solorigate backdoor on their local networks. [...]

https://www.bleepingcomputer.com/news/security/microsoft-solarwinds-hackers-goal-was-the-victims-cloud-data/

Swatters hijack smart home devices to watch emergency responders

Weak credentials and login protections come with the risk of swatting for owners of connected devices with video and voice capabilities, warns the U.S. Federal Bureau of Investigation (FBI). [...]

https://www.bleepingcomputer.com/news/security/swatters-hijack-smart-home-devices-to-watch-emergency-responders/

Wasabi cloud storage service knocked offline for hosting malware

Cloud storage provider Wasabi suffered an outage after a domain used for storage endpoints was suspended for hosting malware. [...]

https://www.bleepingcomputer.com/news/security/wasabi-cloud-storage-service-knocked-offline-for-hosting-malware/

New worm turns Windows, Linux servers into Monero miners

A newly discovered and self-spreading Golang-based malware has been actively dropping XMRig cryptocurrency miners on Windows and Linux servers since early December. [...]

https://www.bleepingcomputer.com/news/security/new-worm-turns-windows-linux-servers-into-monero-miners/

Emotet malware hits Lithuania's National Public Health Center

The internal networks of Lithuania's National Center for Public Health (NVSC) and several municipalities have been infected with Emotet malware following a large campaign targeting the country's state institutions. [...]

https://www.bleepingcomputer.com/news/security/emotet-malware-hits-lithuanias-national-public-health-center/

T-Mobile data breach exposed phone numbers, call records

T-Mobile has announced a data breach exposing customers' proprietary network information (CPNI), including phone numbers and call records. [...]

https://www.bleepingcomputer.com/news/security/t-mobile-data-breach-exposed-phone-numbers-call-records/

DHS orders federal agencies to update SolarWinds Orion platform

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered all US federal agencies to update the SolarWinds Orion platform to the latest version by the end of business hours on December 31, 2020. [...]

https://www.bleepingcomputer.com/news/security/dhs-orders-federal-agencies-to-update-solarwinds-orion-platform/

Adobe now shows alerts in Windows 10 to uninstall Flash Player

With the Flash Player officially reaching the end of life tomorrow, Adobe has started to display alerts on Windows computers recommending that users uninstall Flash Player. [...]

https://www.bleepingcomputer.com/news/software/adobe-now-shows-alerts-in-windows-10-to-uninstall-flash-player/