Microsoft Defender to enable full auto-remediation by default

Microsoft will enable fully automated threat remediation by default for Microsoft Defender for Endpoint customers who have opted into public previews starting next month, on February 16, 2021. [...]

https://www.bleepingcomputer.com/news/security/microsoft-defender-to-enable-full-auto-remediation-by-default/

IObit forums hacked in widespread DeroHE ransomware attack

Windows utility developer IObit was hacked over the weekend to perform a widespread attack to distribute the strange DeroHE ransomware to its forum members. [...]

https://www.bleepingcomputer.com/news/security/iobit-forums-hacked-in-widespread-derohe-ransomware-attack/

FreakOut malware exploits critical bugs to infect Linux hosts

An active malicious campaign is currently targeting Linux devices running software with critical vulnerabilities that is powering network-attached storage (NAS) devices or for developing web applications and portals. [...]

https://www.bleepingcomputer.com/news/security/freakout-malware-exploits-critical-bugs-to-infect-linux-hosts/

DNSpooq bugs let attackers hijack DNS on millions of devices

Israel-based security consultancy firm JSOF disclosed today seven Dnsmasq vulnerabilities, collectively known as DNSpooq, that can be exploited to launch DNS cache poisoning and remote code execution against millions of affected devices. [...]

https://www.bleepingcomputer.com/news/security/dnspooq-bugs-let-attackers-hijack-dns-on-millions-of-devices/

Interpol: Trading scammers lure love-struck victims via dating apps

The Interpol (International Criminal Police Organisation) warns of fraudsters targeting dating app users and attempting to trick them into investing through fake trading apps. [...]

https://www.bleepingcomputer.com/news/security/interpol-trading-scammers-lure-love-struck-victims-via-dating-apps/

Google Chrome 88 released: RIP Flash Player and FTP support

Google has released Chrome 88 today, January 19th, 2021, to the Stable desktop channel, and it includes security improvements and the long-awaited removal of Adobe Flash Player. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-88-released-rip-flash-player-and-ftp-support/

SolarWinds hackers used 7-Zip code to hide Raindrop Cobalt Strike loader

The ongoing analysis of the SolarWinds supply-chain attack uncovered a fourth malicious tool that researchers call Raindrop and was used for distribution across computers on the victim network. [...]

https://www.bleepingcomputer.com/news/security/solarwinds-hackers-used-7-zip-code-to-hide-raindrop-cobalt-strike-loader/

Malwarebytes says SolarWinds hackers accessed its internal emails

Cybersecurity firm Malwarebytes today confirmed that the threat actor behind the SolarWinds supply-chain attack were able to gain access to some company emails. [...]

https://www.bleepingcomputer.com/news/security/malwarebytes-says-solarwinds-hackers-accessed-its-internal-emails/

Google search bug freezes tabs when using a custom date range

​A bug in Google Search is causing a browser tab to freeze when searching between a specified range of dates. [...]

https://www.bleepingcomputer.com/news/google/google-search-bug-freezes-tabs-when-using-a-custom-date-range/

Bugs in Signal, Facebook, Google chat apps let attackers spy on users

Vulnerabilities found in multiple video conferencing mobile applications allowed attackers to listen to users' surroundings without permission before the person on the other end picked up the calls. [...]

https://www.bleepingcomputer.com/news/security/bugs-in-signal-facebook-google-chat-apps-let-attackers-spy-on-users/

List of DNSpooq vulnerability advisories, patches, and updates

Yesterday, seven Dnsmasq vulnerabilities were disclosed, collectively known as DNSPooq, that attackers can use to launch DNS Cache Poisoning, denial of service, and possibly remote code execution attacks, on affected devices. In this article we list all the available security advisories related to these vulnerabilities. [...]

https://www.bleepingcomputer.com/news/security/list-of-dnspooq-vulnerability-advisories-patches-and-updates/

Hacker posts 1.4 million Pixlr user records for free on forum

A hacker has leaked 1.4 million Pixlr user records containing information that could be used to perform targeted phishing and credential stuffing attacks. [...]

https://www.bleepingcomputer.com/news/security/hacker-posts-14-million-pixlr-user-records-for-free-on-forum/

Hacker leaks full database of 77 million Nitro PDF user records

A stolen database containing the email addresses, names, and passwords of more than 77 million records of Nitro PDF service users was leaked today for free. [...]

https://www.bleepingcomputer.com/news/security/hacker-leaks-full-database-of-77-million-nitro-pdf-user-records/

Google Chrome now checks for weak passwords, helps fix them

Google has added a new feature to the Chrome web browser that will make it easier for users to check if their stored passwords are weak and easy to guess. [...]

https://www.bleepingcomputer.com/news/security/google-chrome-now-checks-for-weak-passwords-helps-fix-them/

Cisco fixes critical pre-auth bugs in SD-WAN, cloud license manager

Cisco has released security updates to address pre-auth remote code execution (RCE) vulnerabilities affecting multiple SD-WAN products and the Cisco Smart Software Manager software. [...]

https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-pre-auth-bugs-in-sd-wan-cloud-license-manager/

VLC Media Player 3.0.12 fixes multiple remote code execution flaws

VideoLan released VLC Media Player 3.0.12 for Windows, Mac, and Linux last week with numerous improvements, features, and security fixes. [...]

https://www.bleepingcomputer.com/news/software/vlc-media-player-3012-fixes-multiple-remote-code-execution-flaws/

Microsoft shares how SolarWinds hackers evaded detection

Microsoft today shared details on how the SolarWinds hackers were able to remain undetected by hiding their malicious activity inside the networks of breached companies. [...]

https://www.bleepingcomputer.com/news/security/microsoft-shares-how-solarwinds-hackers-evaded-detection/

Hacker blunder leaves stolen passwords exposed via Google search

Hackers hitting thousands of organizations worldwide in a massive phishing campaign forgot to protect their loot and let Google the stolen passwords for public searches. [...]

https://www.bleepingcomputer.com/news/security/hacker-blunder-leaves-stolen-passwords-exposed-via-google-search/

QNAP warns users to secure NAS devices against Dovecat malware

QNAP urges customers to secure their network-attached storage (NAS) devices against an ongoing malware campaign that infects and exploits them to mine bitcoin without their knowledge. [...]

https://www.bleepingcomputer.com/news/security/qnap-warns-users-to-secure-nas-devices-against-dovecat-malware/

CHwapi hospital hit by Windows BitLocker encryption cyberattack

The CHwapi hospital in Belgium is suffering from a cyberattack where threat actors claim to have encrypted 40 servers and 100 TB of data using Windows Bitlocker. [...]

https://www.bleepingcomputer.com/news/security/chwapi-hospital-hit-by-windows-bitlocker-encryption-cyberattack/

UK govt gives malware infected laptops to vulnerable students

Some of the laptops distributed by the UK Department for Education (DfE) to vulnerable students have been found to be infected with malware as reported by the BBC. [...]

https://www.bleepingcomputer.com/news/security/uk-govt-gives-malware-infected-laptops-to-vulnerable-students/