New Zealand Reserve Bank suffers data breach via hacked storage partner

The Reserve Bank of New Zealand, known as Te Pūtea Matua, has suffered a data breach after threat actors hacked a third-party hosting partner. [...]

https://www.bleepingcomputer.com/news/security/new-zealand-reserve-bank-suffers-data-breach-via-hacked-storage-partner/

How to integrate Everything search in the Windows 10 taskbar

Windows 10 users can now integrate the Everything search engine directly into the Windows taskbar using the new 'Everything Toolbar' application. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-integrate-everything-search-in-the-windows-10-taskbar/

What to expect from Microsoft and Windows in 2021

With 2021 finally here, Microsoft is planning on releasing some exciting new features and updates this year for Windows 10 operating system and other products. [...]

https://www.bleepingcomputer.com/news/microsoft/what-to-expect-from-microsoft-and-windows-in-2021/

United Nations data breach exposed over 100k UNEP staff records

This week, researchers have responsibly disclosed a vulnerability by exploiting which they could access over 100K private records of United Nations Environmental Programme (UNEP).
The data breach stemmed from exposed Git directories which let researchers clone Git repositories and gather PII of a large number of employees. [...]

https://www.bleepingcomputer.com/news/security/united-nations-data-breach-exposed-over-100k-unep-staff-records/

Sunburst backdoor shares features with Russian APT malware

Kaspersky researchers found that the Sunburst backdoor, the malware deployed during the SolarWinds supply-chain attack, shows feature overlaps with Kazuar, a .NET backdoor tentatively linked to the Russian Turla hacking group. [...]

https://www.bleepingcomputer.com/news/security/sunburst-backdoor-shares-features-with-russian-apt-malware/

Typeform fixes Zendesk Sell form data hijacking vulnerability

Online survey and form creator Typeform has quietly patched a data hijacking vulnerability in its Zendesk Sell integration. If exploited, the vulnerability could let attacks redirect the form submissions containing potentially sensitive information to themselves. [...]

https://www.bleepingcomputer.com/news/security/typeform-fixes-zendesk-sell-form-data-hijacking-vulnerability/

DarkSide ransomware decryptor recovers victims' files for free

Romanian cybersecurity firm Bitdefender has released a free decryptor for the DarkSide ransomware to allow victims to recover their files without paying a ransom. [...]

https://www.bleepingcomputer.com/news/security/darkside-ransomware-decryptor-recovers-victims-files-for-free/

Mac malware uses 'run-only' AppleScripts to evade analysis

A cryptocurrency mining campaign targeting macOS is using malware that has evolved into a complex variant giving researchers a lot of trouble analyzing it. [...]

https://www.bleepingcomputer.com/news/security/mac-malware-uses-run-only-applescripts-to-evade-analysis/

Windows 10 hardware security enabled by default on new Surface PC

Microsoft has unveiled today the new Surface Pro 7+ for enterprise and educational customers, an ultra-light 2-in-1 device which comes with Windows Enhanced Hardware Security features enabled by default. [...]

https://www.bleepingcomputer.com/news/security/windows-10-hardware-security-enabled-by-default-on-new-surface-pc/

Networking giant Ubiquiti alerts customers of potential data breach

Networking device maker Ubiquiti has announced a security incident that may have exposed its customers' data. [...]

https://www.bleepingcomputer.com/news/security/networking-giant-ubiquiti-alerts-customers-of-potential-data-breach/

Microsoft releases Linux endpoint detection and response features

Microsoft announced today that Microsoft Defender for Endpoint's detection and response (EDR) capabilities are now generally available on Linux servers. [...]

https://www.bleepingcomputer.com/news/security/microsoft-releases-linux-endpoint-detection-and-response-features/

Microsoft Sysmon now detects malware process tampering attempts

Microsoft has released Sysmon 13 with a new security feature that detects if a process has been tampered using process hollowing or process herpaderping techniques. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-sysmon-now-detects-malware-process-tampering-attempts/

Intel adds hardware-based ransomware detection to 11th gen CPUs

Intel announced today at CES 2021 that they have added hardware-based ransomware detection to their newly announced 11th generation Core vPro business-class processors. [...]

https://www.bleepingcomputer.com/news/security/intel-adds-hardware-based-ransomware-detection-to-11th-gen-cpus/

New Sunspot malware found while investigating SolarWinds hack

Cybersecurity firm CrowdStrike has discovered the malware used by the SolarWinds hackers to inject backdoors in Orion platform builds during the supply-chain attack that led to the compromise of several companies and government agencies. [...]

https://www.bleepingcomputer.com/news/security/new-sunspot-malware-found-while-investigating-solarwinds-hack/

Mimecast discloses Microsoft 365 SSL certificate compromise

Email security company Mimecast has disclosed today that a "sophisticated threat actor" compromised one of the certificates the company issues for customers to securely connect Microsoft 365 Exchange to their services. [...]

https://www.bleepingcomputer.com/news/security/mimecast-discloses-microsoft-365-ssl-certificate-compromise/

Hackers leak stolen Pfizer COVID-19 vaccine data online

The European Medicines Agency (EMA) today revealed that some of the Pfizer/BioNTech COVID-19 vaccine data stolen from its servers in December was leaked online. [...]

https://www.bleepingcomputer.com/news/security/hackers-leak-stolen-pfizer-covid-19-vaccine-data-online/

New Zealand Reserve Bank breached using bug patched on Xmas Eve

A recent data breach at the Reserve Bank of New Zealand, known as Te Pūtea Matua, was caused by attackers exploiting a critical vulnerability patched the same day. [...]

https://www.bleepingcomputer.com/news/security/new-zealand-reserve-bank-breached-using-bug-patched-on-xmas-eve/

Microsoft January 2021 Patch Tuesday fixes 83 vulnerabilities, 1 zero-day

Today is Microsoft's January 2021 Patch Tuesday, and it is the first Microsoft security update release in 2021, so please be very nice to your Windows administrators today. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-january-2021-patch-tuesday-fixes-83-vulnerabilities-1-zero-day/

Windows 10 Cumulative Updates KB4598229 & KB4598242 released

Today is first Patch Tuesday of 2021 and Microsoft is rolling out a new cumulative update for all supported version of Windows. The cumulative update with security fixes is rolling out to PCs with October 2020 Update, May 2020 Update, November 2019 Update, and May 2019 Update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-updates-kb4598229-and-kb4598242-released/

Microsoft patches Defender antivirus zero-day exploited in the wild

Microsoft has addressed a zero-day vulnerability in the Microsoft Defender antivirus, exploited in the wild by threat actors before the patch was released. [...]

https://www.bleepingcomputer.com/news/security/microsoft-patches-defender-antivirus-zero-day-exploited-in-the-wild/

Capcom: 390,000 people may be affected by ransomware data breach

Capcom has released a new update for their data breach investigation and state that up to 390,000 people may now be affected by their November ransomware attack. [...]

https://www.bleepingcomputer.com/news/security/capcom-390-000-people-may-be-affected-by-ransomware-data-breach/