Critical vulnerability fixed in WordPress plugin with 800K installs

The NextGen Gallery development team has addressed two severe CSRF vulnerabilities to protect sites from potential takeover attacks. [...]

https://www.bleepingcomputer.com/news/security/critical-vulnerability-fixed-in-wordpress-plugin-with-800k-installs/

Hackers tried poisoning town after breaching its water facility

A hacker gained access to the water treatment system for the city of Oldsmar, Florida, and attempted to increase the concentration of sodium hydroxide (NaOH), also known as lye and caustic soda, to extremely dangerous levels. [...]

https://www.bleepingcomputer.com/news/security/hackers-tried-poisoning-town-after-breaching-its-water-facility/

CD PROJEKT RED gaming studio hit by ransomware attack

CD PROJEKT RED, the video game development studio behind Cyberpunk 2077 and The Witcher trilogy, has disclosed a ransomware attack that impacted its network. [...]

https://www.bleepingcomputer.com/news/security/cd-projekt-red-gaming-studio-hit-by-ransomware-attack/

Microsoft: Recent Windows 10 gaming issues caused by Discord bug

Microsoft has acknowledged a known issue that was causing Direct3D 12 games to fail to launch or crash with an error on some Windows 10 devices. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-recent-windows-10-gaming-issues-caused-by-discord-bug/

Office 365 will help admins find impersonation attack targets

Microsoft will make it easier for Defender for Office 365 customers to identify users and domains targeted in impersonation-based phishing attacks as recently revealed on the Microsoft 365 roadmap. [...]

https://www.bleepingcomputer.com/news/security/office-365-will-help-admins-find-impersonation-attack-targets/

Adobe fixes critical Reader vulnerability exploited in the wild

Adobe has released security updates that address an actively exploited vulnerability in Adobe Reader and other critical bugs in Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver. [...]

https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-reader-vulnerability-exploited-in-the-wild/

Researcher hacks Microsoft, Apple, more in novel supply chain attack

A researcher managed to hack systems of over 35 major tech companies including Microsoft, Apple, PayPal, Shopify, Netflix, Tesla, Yelp, Tesla, and Uber in a novel software supply chain attack. For his ethical hacking research efforts, the researcher has been awarded over $130,000 in bug bounties. [...]

https://www.bleepingcomputer.com/news/security/researcher-hacks-microsoft-apple-more-in-novel-supply-chain-attack/

New BendyBear APT malware gets linked to Chinese hacking group

Unit 42 researchers today have shared info on a new polymorphic and "highly sophisticated" malware dubbed BendyBear, linked to a hacking group with known ties to the Chinese government. [...]

https://www.bleepingcomputer.com/news/security/new-bendybear-apt-malware-gets-linked-to-chinese-hacking-group/

Microsoft February 2021 Patch Tuesday fixes 56 flaws, 1 zero-day

Today is Microsoft's February 2021 Patch Tuesday, so please be buy your Windows administrators some snacks to keep their energy up throughout the day. [...]

https://www.bleepingcomputer.com/news/security/microsoft-february-2021-patch-tuesday-fixes-56-flaws-1-zero-day/

Windows 10 Cumulative Updates KB4601315 & KB4601319 released

As part of the February Patch cycle, Microsoft is rolling out a new cumulative update for all supported version of Windows. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-updates-kb4601315-and-kb4601319-released/

Microsoft urges customers to patch critical Windows TCP/IP bugs

Microsoft has urged customers today to install security updates for three Windows TCP/IP vulnerabilities rated as critical and high severity as soon as possible. [...]

https://www.bleepingcomputer.com/news/security/microsoft-urges-customers-to-patch-critical-windows-tcp-ip-bugs/

HelloKitty ransomware behind CD Projekt Red cyberattack, data theft

The ransomware attack against CD Projekt Red was conducted by a ransomware group that goes by the name 'HelloKitty,' and yes, that's the name the threat actors utilize. [...]

https://www.bleepingcomputer.com/news/security/hellokitty-ransomware-behind-cd-projekt-red-cyberattack-data-theft/

Apple fixes SUDO root privilege escalation flaw in macOS

Apple has fixed a sudo vulnerability in macOS Big Sur, Catalina, and Mojave, allowing any local user to gain root-level privileges. [...]

https://www.bleepingcomputer.com/news/apple/apple-fixes-sudo-root-privilege-escalation-flaw-in-macos/

Microsoft fixes the Windows 10 console driver crash bug

Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-the-windows-10-console-driver-crash-bug/

Microsoft Office February security updates patch Sharepoint, Excel RCE bugs

Microsoft has addressed important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates. [...]

https://www.bleepingcomputer.com/news/security/microsoft-office-february-security-updates-patch-sharepoint-excel-rce-bugs/

SIM hijackers arrested after stealing millions from US celebrities

Ten men part of a criminal gang involved in series of SIM swapping attacks targeting high-profile victims in the United States were arrested in the UK, Malta, and Belgium. [...]

https://www.bleepingcomputer.com/news/security/sim-hijackers-arrested-after-stealing-millions-from-us-celebrities/

Hackers auction alleged stolen Cyberpunk 2077, Witcher source code

Threat actors are auctioning the alleged source code for CD Projekt Red games, including Witcher 3, Thronebreaker, and Cyberpunk 2077, that they state were stolen in a ransomware attack. [...]

https://www.bleepingcomputer.com/news/security/hackers-auction-alleged-stolen-cyberpunk-2077-witcher-source-code/

Microsoft now forces secure RPC to block Windows ZeroLogon attacks

Microsoft has enabled enforcement mode for updates addressing the Windows Zerologon vulnerability on all devices that installed this month's Patch Tuesday security updates. [...]

https://www.bleepingcomputer.com/news/security/microsoft-now-forces-secure-rpc-to-block-windows-zerologon-attacks/

US Coast Guard orders maritime facilities to report SolarWinds breaches

The U.S. Coast Guard (USCG) has ordered MTSA-regulated facilities and vessels using SolarWinds software for critical functions to report security breaches in case of suspicions of being affected by the SolarWinds supply-chain attack. [...]

https://www.bleepingcomputer.com/news/security/us-coast-guard-orders-maritime-facilities-to-report-solarwinds-breaches/

French MNH health insurance company hit by RansomExx ransomware

French health insurance company Mutuelle Nationale des Hospitaliers (MNH) has suffered a ransomware attack that has severely disrupted the company's operations. BleepingComputer has learned. [...]

https://www.bleepingcomputer.com/news/security/french-mnh-health-insurance-company-hit-by-ransomexx-ransomware/

Network hackers asked for over $1 million in initial access offers

The number of offers for network access and their median prices on the public face of hacker forums dropped in the final quarter of last year but the statistics fail to reflect the real size of the initial access market. [...]

https://www.bleepingcomputer.com/news/security/network-hackers-asked-for-over-1-million-in-initial-access-offers/