New phishing attack uses Morse code to hide malicious URLs

A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment. [...]

https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/

Ziggy ransomware shuts down and releases victims' decryption keys

The Ziggy ransomware operation has shut down and released the victims' decryption keys after concerns about recent law enforcement activity and guilt for encrypting victims. [...]

https://www.bleepingcomputer.com/news/security/ziggy-ransomware-shuts-down-and-releases-victims-decryption-keys/

Microsoft to alert Office 365 users of nation-state hacking activity

Microsoft will soon notify Office 365 of suspected nation-state hacking activity detected within their tenants according to a new listing on the company's Microsoft 365 roadmap. [...]

https://www.bleepingcomputer.com/news/security/microsoft-to-alert-office-365-users-of-nation-state-hacking-activity/

Android app joins the dark side, sends malware update to millions

Google has removed a popular Android barcode scanner app with over 10 million installs from the Play Store after researchers found that it turned malicious following a December 2020 update. [...]

https://www.bleepingcomputer.com/news/security/android-app-joins-the-dark-side-sends-malware-update-to-millions/

Microsoft: Keep your guard up even after Emotet’s disruption

Microsoft warns customers not to let their guard down even after hundreds of Emotet botnet servers were taken down in late January 2021. [...]

https://www.bleepingcomputer.com/news/security/microsoft-keep-your-guard-up-even-after-emotet-s-disruption/

Cyberpunk 2077 fixes bug that let malicious mods take over PCs

CD Projekt Red has released a hotfix for Cyberpunk 2077 to fix a remote code execution vulnerability that could be exploited by third-party data file modifications and save games files. [...]

https://www.bleepingcomputer.com/news/security/cyberpunk-2077-fixes-bug-that-let-malicious-mods-take-over-pcs/

Critical vulnerability fixed in WordPress plugin with 800K installs

The NextGen Gallery development team has addressed two severe CSRF vulnerabilities to protect sites from potential takeover attacks. [...]

https://www.bleepingcomputer.com/news/security/critical-vulnerability-fixed-in-wordpress-plugin-with-800k-installs/

Hackers tried poisoning town after breaching its water facility

A hacker gained access to the water treatment system for the city of Oldsmar, Florida, and attempted to increase the concentration of sodium hydroxide (NaOH), also known as lye and caustic soda, to extremely dangerous levels. [...]

https://www.bleepingcomputer.com/news/security/hackers-tried-poisoning-town-after-breaching-its-water-facility/

CD PROJEKT RED gaming studio hit by ransomware attack

CD PROJEKT RED, the video game development studio behind Cyberpunk 2077 and The Witcher trilogy, has disclosed a ransomware attack that impacted its network. [...]

https://www.bleepingcomputer.com/news/security/cd-projekt-red-gaming-studio-hit-by-ransomware-attack/

Microsoft: Recent Windows 10 gaming issues caused by Discord bug

Microsoft has acknowledged a known issue that was causing Direct3D 12 games to fail to launch or crash with an error on some Windows 10 devices. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-recent-windows-10-gaming-issues-caused-by-discord-bug/

Office 365 will help admins find impersonation attack targets

Microsoft will make it easier for Defender for Office 365 customers to identify users and domains targeted in impersonation-based phishing attacks as recently revealed on the Microsoft 365 roadmap. [...]

https://www.bleepingcomputer.com/news/security/office-365-will-help-admins-find-impersonation-attack-targets/

Adobe fixes critical Reader vulnerability exploited in the wild

Adobe has released security updates that address an actively exploited vulnerability in Adobe Reader and other critical bugs in Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver. [...]

https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-reader-vulnerability-exploited-in-the-wild/

Researcher hacks Microsoft, Apple, more in novel supply chain attack

A researcher managed to hack systems of over 35 major tech companies including Microsoft, Apple, PayPal, Shopify, Netflix, Tesla, Yelp, Tesla, and Uber in a novel software supply chain attack. For his ethical hacking research efforts, the researcher has been awarded over $130,000 in bug bounties. [...]

https://www.bleepingcomputer.com/news/security/researcher-hacks-microsoft-apple-more-in-novel-supply-chain-attack/

New BendyBear APT malware gets linked to Chinese hacking group

Unit 42 researchers today have shared info on a new polymorphic and "highly sophisticated" malware dubbed BendyBear, linked to a hacking group with known ties to the Chinese government. [...]

https://www.bleepingcomputer.com/news/security/new-bendybear-apt-malware-gets-linked-to-chinese-hacking-group/

Microsoft February 2021 Patch Tuesday fixes 56 flaws, 1 zero-day

Today is Microsoft's February 2021 Patch Tuesday, so please be buy your Windows administrators some snacks to keep their energy up throughout the day. [...]

https://www.bleepingcomputer.com/news/security/microsoft-february-2021-patch-tuesday-fixes-56-flaws-1-zero-day/

Windows 10 Cumulative Updates KB4601315 & KB4601319 released

As part of the February Patch cycle, Microsoft is rolling out a new cumulative update for all supported version of Windows. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-updates-kb4601315-and-kb4601319-released/

Microsoft urges customers to patch critical Windows TCP/IP bugs

Microsoft has urged customers today to install security updates for three Windows TCP/IP vulnerabilities rated as critical and high severity as soon as possible. [...]

https://www.bleepingcomputer.com/news/security/microsoft-urges-customers-to-patch-critical-windows-tcp-ip-bugs/

HelloKitty ransomware behind CD Projekt Red cyberattack, data theft

The ransomware attack against CD Projekt Red was conducted by a ransomware group that goes by the name 'HelloKitty,' and yes, that's the name the threat actors utilize. [...]

https://www.bleepingcomputer.com/news/security/hellokitty-ransomware-behind-cd-projekt-red-cyberattack-data-theft/

Apple fixes SUDO root privilege escalation flaw in macOS

Apple has fixed a sudo vulnerability in macOS Big Sur, Catalina, and Mojave, allowing any local user to gain root-level privileges. [...]

https://www.bleepingcomputer.com/news/apple/apple-fixes-sudo-root-privilege-escalation-flaw-in-macos/

Microsoft fixes the Windows 10 console driver crash bug

Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-the-windows-10-console-driver-crash-bug/

Microsoft Office February security updates patch Sharepoint, Excel RCE bugs

Microsoft has addressed important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates. [...]

https://www.bleepingcomputer.com/news/security/microsoft-office-february-security-updates-patch-sharepoint-excel-rce-bugs/