SolarLeaks site claims to sell data stolen in SolarWinds attacks

A website named 'SolarLeaks' is selling data they claim was stolen from companies confirmed to have been breached in the SolarWinds attack. [...]

https://www.bleepingcomputer.com/news/security/solarleaks-site-claims-to-sell-data-stolen-in-solarwinds-attacks/

Google discloses hacking campaign targeting Windows, Android users

Project Zero, Google's 0day bug-hunting team, revealed a hacking campaign coordinated by "a highly sophisticated actor" and targeting Windows and Android users with zero-day and n-day exploits. [...]

https://www.bleepingcomputer.com/news/security/google-discloses-hacking-campaign-targeting-windows-android-users/

Skype is down worldwide - Microsoft working on issues

Skype users are currently experiencing issues around the world, with users reporting that they are getting signed out of their Skype account and company accounts automatically. [...]

https://www.bleepingcomputer.com/news/microsoft/skype-is-down-worldwide-microsoft-working-on-issues/

Microsoft fixes Secure Boot bug allowing Windows rootkit installation

Microsoft has fixed a security feature bypass vulnerability in Secure Boot that allows attackers to compromise the operating system's booting process even when Secure Boot is enabled. [...]

https://www.bleepingcomputer.com/news/security/microsoft-fixes-secure-boot-bug-allowing-windows-rootkit-installation/

Microsoft addresses issue breaking Windows 10 'Reset this PC'

Microsoft has resolved a known issue that caused the Windows 10 "Reset this PC" feature to fail in some cases, on both client and server platforms. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-addresses-issue-breaking-windows-10-reset-this-pc/

It's finally over! Time to uninstall Adobe Flash Player

​It's over, kaput, done. Adobe Flash Player is officially non-functional, and it's time to uninstall the program once and for all. [...]

https://www.bleepingcomputer.com/news/software/its-finally-over-time-to-uninstall-adobe-flash-player/

CISA: Hackers bypassed MFA to access cloud service accounts

The US Cybersecurity and Infrastructure Security Agency (CISA) said today that threat actors bypassed multi-factor authentication (MFA) authentication protocols to compromise cloud service accounts. [...]

https://www.bleepingcomputer.com/news/security/cisa-hackers-bypassed-mfa-to-access-cloud-service-accounts/

Windows 10 bug corrupts your hard drive on seeing this file's icon

An unpatched zero-day in Microsoft Windows 10 allows attackers to corrupt an NTFS-formatted hard drive with a one-line command. [...]

https://www.bleepingcomputer.com/news/security/windows-10-bug-corrupts-your-hard-drive-on-seeing-this-files-icon/

Telegram-based phishing service Classiscam hits European marketplaces

Dozens of cybercriminal gangs are publishing fake ads on popular online marketplaces to lure interested users to fraudulent merchant sites or to phishing pages that steal payment data. [...]

https://www.bleepingcomputer.com/news/security/telegram-based-phishing-service-classiscam-hits-european-marketplaces/

Office January security updates fix remote code execution bugs

Microsoft addresses important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates released during this month's Patch Tuesday. [...]

https://www.bleepingcomputer.com/news/security/office-january-security-updates-fix-remote-code-execution-bugs/

NSA advises companies to avoid third party DNS resolvers

The US National Security Agency (NSA) says that companies should avoid using third party DNS resolvers to block threat actors' DNS traffic eavesdropping and manipulation attempts and to block access to internal network information. [...]

https://www.bleepingcomputer.com/news/security/nsa-advises-companies-to-avoid-third-party-dns-resolvers/

Facebook sues makers of malicious Chrome extensions for scraping data

Facebook has taken legal action against the makers of malicious Chrome extensions used for scraping user-profiles and other information from Facebook's website and from users' systems without authorization. [...]

https://www.bleepingcomputer.com/news/security/facebook-sues-makers-of-malicious-chrome-extensions-for-scraping-data/

Verified Twitter accounts hacked in $580k ‘Elon Musk’ crypto scam

Threat actors are hacking verified Twitter accounts in an Elon Musk cryptocurrency giveaway scam that has recently become widely active. [...]

https://www.bleepingcomputer.com/news/security/verified-twitter-accounts-hacked-in-580k-elon-musk-crypto-scam/

Undisclosed Apache Velocity XSS vulnerability impacts GOV sites

An undisclosed XSS vulnerability in Apache Velocity Tools can be exploited by unauthenticated attackers to target government sites, including NASA. [...]

https://www.bleepingcomputer.com/news/security/undisclosed-apache-velocity-xss-vulnerability-impacts-gov-sites/

Microsoft warns of incoming Windows Zerologon patch enforcement

Microsoft today warned admins that updates addressing the Windows Zerologon vulnerability will transition into the enforcement phase starting next month. [...]

https://www.bleepingcomputer.com/news/security/microsoft-warns-of-incoming-windows-zerologon-patch-enforcement/

Signal down after getting flooded with new users

Signal users are currently experiencing issues around the world, with users unable to send and receive messages. When attempting to send messages via Signal, users are seeing loading screen and error message "502". [...]

https://www.bleepingcomputer.com/news/software/signal-down-after-getting-flooded-with-new-users/

Scotland environmental regulator hit by ‘ongoing’ ransomware attack

The Scottish Environment Protection Agency confirmed on Thursday that some of its contact center, internal systems, processes and internal communications were affected following a ransomware attack that took place on Christmas Eve. [...]

https://www.bleepingcomputer.com/news/security/scotland-environmental-regulator-hit-by-ongoing-ransomware-attack/

Hackers leaked altered Pfizer data to sabotage trust in vaccines

The European Medicines Agency (EMA) today revealed that some of the stolen Pfizer/BioNTech vaccine candidate data was doctored by threat actors before being leaked online with the end goal of undermining the public's trust in COVID-19 vaccines. [...]

https://www.bleepingcomputer.com/news/security/hackers-leaked-altered-pfizer-data-to-sabotage-trust-in-vaccines/

Windows Finger command abused by phishing to download malware

Attackers are using the normally harmless Windows Finger command to download and install a malicious backdoor on victims' devices. [...]

https://www.bleepingcomputer.com/news/security/windows-finger-command-abused-by-phishing-to-download-malware/

Google to kill Chrome Sync feature in third-party browsers

Google says that it will block third-party Chromium web browsers from using private Google APIs after discovering that they were integrating them although they're intended to be used only in Chrome. [...]

https://www.bleepingcomputer.com/news/google/google-to-kill-chrome-sync-feature-in-third-party-browsers/

The Week in Ransomware - January 15th 2021 - Locking you up

It has been another quiet week for ransomware, though we did have some interesting stories come out this week. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-15th-2021-locking-you-up/