VLC Media Player 3.0.12 fixes multiple remote code execution flaws

VideoLan released VLC Media Player 3.0.12 for Windows, Mac, and Linux last week with numerous improvements, features, and security fixes. [...]

https://www.bleepingcomputer.com/news/software/vlc-media-player-3012-fixes-multiple-remote-code-execution-flaws/

Microsoft shares how SolarWinds hackers evaded detection

Microsoft today shared details on how the SolarWinds hackers were able to remain undetected by hiding their malicious activity inside the networks of breached companies. [...]

https://www.bleepingcomputer.com/news/security/microsoft-shares-how-solarwinds-hackers-evaded-detection/

Hacker blunder leaves stolen passwords exposed via Google search

Hackers hitting thousands of organizations worldwide in a massive phishing campaign forgot to protect their loot and let Google the stolen passwords for public searches. [...]

https://www.bleepingcomputer.com/news/security/hacker-blunder-leaves-stolen-passwords-exposed-via-google-search/

QNAP warns users to secure NAS devices against Dovecat malware

QNAP urges customers to secure their network-attached storage (NAS) devices against an ongoing malware campaign that infects and exploits them to mine bitcoin without their knowledge. [...]

https://www.bleepingcomputer.com/news/security/qnap-warns-users-to-secure-nas-devices-against-dovecat-malware/

CHwapi hospital hit by Windows BitLocker encryption cyberattack

The CHwapi hospital in Belgium is suffering from a cyberattack where threat actors claim to have encrypted 40 servers and 100 TB of data using Windows Bitlocker. [...]

https://www.bleepingcomputer.com/news/security/chwapi-hospital-hit-by-windows-bitlocker-encryption-cyberattack/

UK govt gives malware infected laptops to vulnerable students

Some of the laptops distributed by the UK Department for Education (DfE) to vulnerable students have been found to be infected with malware as reported by the BBC. [...]

https://www.bleepingcomputer.com/news/security/uk-govt-gives-malware-infected-laptops-to-vulnerable-students/

Microsoft Edge gets a password generator, leaked credentials monitor

Microsoft is rolling out a built-in password generator and a leaked credentials monitoring feature on Windows and macOS systems running the latest Microsoft Edge version. [...]

https://www.bleepingcomputer.com/news/security/microsoft-edge-gets-a-password-generator-leaked-credentials-monitor/

DDoS booters use Windows Remote Desktop servers to amplify attacks

Windows Remote Desktop Protocol (RDP) servers are being abused as an amplification vector by DDoS-for-hire services (aka booters or stressers) to launch Distributed Denial of Service (DDoS) attacks. [...]

https://www.bleepingcomputer.com/news/security/ddos-booters-use-windows-remote-desktop-servers-to-amplify-attacks/

MyFreeCams site hacked to steal info of 2 million paying users

A hacker is selling a database with login details for two million high-paying users of the MyFreeCams adult video streaming and chat service. [...]

https://www.bleepingcomputer.com/news/security/myfreecams-site-hacked-to-steal-info-of-2-million-paying-users/

New Windows 10 update leaks info on upcoming 21H1 feature update

A Windows 10 20H2 cumulative update released to Insiders on the 'Release' channel leaked that the next feature updated will be 21H1. [...]

https://www.bleepingcomputer.com/news/microsoft/new-windows-10-update-leaks-info-on-upcoming-21h1-feature-update/

Windows 10 KB4598298 update fixes crashes and restart issues

​Microsoft has released the KB4598298 update for all editions of Windows 10 and Windows Server versions 1809 and 1909, with fixes for unexpected system restart issues, system crashes due to BitLocker, and multiple LSASS issues. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4598298-update-fixes-crashes-and-restart-issues/

Drupal releases fix for critical vulnerability with known exploits

Drupal has released a security update to address a critical vulnerability in a third-party library with documented or deployed exploits available in the wild. [...]

https://www.bleepingcomputer.com/news/security/drupal-releases-fix-for-critical-vulnerability-with-known-exploits/

Intel: Hackers stole unpublished earnings info from corporate site

Intel disclosed on Thursday that unknown threat actors stole an infographic containing info on the company's fourth-quarter and full-year 2020 financial results. [...]

https://www.bleepingcomputer.com/news/security/intel-hackers-stole-unpublished-earnings-info-from-corporate-site/

Bonobos clothing store confirms breach after hacker leaks 70GB database

Bonobos men's clothing store has suffered a massive data breach exposing millions of customers' personal information. [...]

https://www.bleepingcomputer.com/news/security/bonobos-clothing-store-confirms-breach-after-hacker-leaks-70gb-database/

SAP SolMan exploit released for max severity pre-auth flaw

Fully-functional exploit code is now publicly available for a maximum severity pre-auth vulnerability impacting default configurations of an SAP Solution Manager (SolMan) component. [...]

https://www.bleepingcomputer.com/news/security/sap-solman-exploit-released-for-max-severity-pre-auth-flaw/

The Week in Ransomware - January 22nd 2021 - Calm before the storm

Ransomware news is slow this week, with mostly small ransomware variants being released and a small number of attacks reported. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-22nd-2021-calm-before-the-storm/

Facebook users were mass-logged out Friday by configuration change

If you were logged out of Facebook tonight, you are not alone. Facebook states that users were logged out of the social site due to a "configuration change." [...]

https://www.bleepingcomputer.com/news/technology/facebook-users-were-mass-logged-out-friday-by-configuration-change/

Russian government warns of US retaliatory cyberattacks

The Russian government has issued a security warning to organizations in Russia about possible retaliatory cyberattacks by the USA for the SolarWinds breach. [...]

https://www.bleepingcomputer.com/news/security/russian-government-warns-of-us-retaliatory-cyberattacks/

SonicWall firewall maker hacked using zero-day in its VPN device

Security hardware manufacturer SonicWall has issued an urgent security notice about threat actors exploiting a zero-day vulnerability in their VPN products to perform attacks on their internal systems. [...]

https://www.bleepingcomputer.com/news/security/sonicwall-firewall-maker-hacked-using-zero-day-in-its-vpn-device/

Windows 10X feature will prevent unauthorized factory resets

In addition to a new user interface, Windows 10X also comes with a new feature called "Anti-theft protection", which is a measure designed to prevent thieves from wiping and re-using stolen devices. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10x-feature-will-prevent-unauthorized-factory-resets/

Another ransomware now uses DDoS attacks to force victims to pay

Another ransomware gang is now using DDoS attacks to force a victim to contact them and negotiate a ransom. [...]

https://www.bleepingcomputer.com/news/security/another-ransomware-now-uses-ddos-attacks-to-force-victims-to-pay/