Apple fixes SUDO root privilege escalation flaw in macOS

Apple has fixed a sudo vulnerability in macOS Big Sur, Catalina, and Mojave, allowing any local user to gain root-level privileges. [...]

https://www.bleepingcomputer.com/news/apple/apple-fixes-sudo-root-privilege-escalation-flaw-in-macos/

Microsoft fixes the Windows 10 console driver crash bug

Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-the-windows-10-console-driver-crash-bug/

Microsoft Office February security updates patch Sharepoint, Excel RCE bugs

Microsoft has addressed important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates. [...]

https://www.bleepingcomputer.com/news/security/microsoft-office-february-security-updates-patch-sharepoint-excel-rce-bugs/

SIM hijackers arrested after stealing millions from US celebrities

Ten men part of a criminal gang involved in series of SIM swapping attacks targeting high-profile victims in the United States were arrested in the UK, Malta, and Belgium. [...]

https://www.bleepingcomputer.com/news/security/sim-hijackers-arrested-after-stealing-millions-from-us-celebrities/

Hackers auction alleged stolen Cyberpunk 2077, Witcher source code

Threat actors are auctioning the alleged source code for CD Projekt Red games, including Witcher 3, Thronebreaker, and Cyberpunk 2077, that they state were stolen in a ransomware attack. [...]

https://www.bleepingcomputer.com/news/security/hackers-auction-alleged-stolen-cyberpunk-2077-witcher-source-code/

Microsoft now forces secure RPC to block Windows ZeroLogon attacks

Microsoft has enabled enforcement mode for updates addressing the Windows Zerologon vulnerability on all devices that installed this month's Patch Tuesday security updates. [...]

https://www.bleepingcomputer.com/news/security/microsoft-now-forces-secure-rpc-to-block-windows-zerologon-attacks/

US Coast Guard orders maritime facilities to report SolarWinds breaches

The U.S. Coast Guard (USCG) has ordered MTSA-regulated facilities and vessels using SolarWinds software for critical functions to report security breaches in case of suspicions of being affected by the SolarWinds supply-chain attack. [...]

https://www.bleepingcomputer.com/news/security/us-coast-guard-orders-maritime-facilities-to-report-solarwinds-breaches/

French MNH health insurance company hit by RansomExx ransomware

French health insurance company Mutuelle Nationale des Hospitaliers (MNH) has suffered a ransomware attack that has severely disrupted the company's operations. BleepingComputer has learned. [...]

https://www.bleepingcomputer.com/news/security/french-mnh-health-insurance-company-hit-by-ransomexx-ransomware/

Network hackers asked for over $1 million in initial access offers

The number of offers for network access and their median prices on the public face of hacker forums dropped in the final quarter of last year but the statistics fail to reflect the real size of the initial access market. [...]

https://www.bleepingcomputer.com/news/security/network-hackers-asked-for-over-1-million-in-initial-access-offers/

TrickBot's BazarBackdoor malware is now coded in Nim to evade antivirus

TrickBot's stealthy BazarBackdoor malware has been rewritten in the Nim programming language, likely to evade detection by security software. [...]

https://www.bleepingcomputer.com/news/security/trickbots-bazarbackdoor-malware-is-now-coded-in-nim-to-evade-antivirus/

12-year-old Windows Defender bug gives hackers admin rights

Microsoft has fixed a privilege escalation vulnerability in Microsoft Defender Antivirus (formerly Windows Defender) that could allow attackers to gain admin rights on unpatched Windows systems. [...]

https://www.bleepingcomputer.com/news/security/12-year-old-windows-defender-bug-gives-hackers-admin-rights/

Intel fixes vulnerabilities in Windows, Linux graphics drivers

Intel addressed 57 vulnerabilities during this month's Patch Tuesday, including high severity ones impacting Intel Graphics Drivers. [...]

https://www.bleepingcomputer.com/news/security/intel-fixes-vulnerabilities-in-windows-linux-graphics-drivers/

Buggy WordPress plugin exposes 100K sites to takeover attacks

Critical and high severity vulnerabilities in the Responsive Menu WordPress plugin exposed over 100,000 sites to takeover attacks as discovered by Wordfence. [...]

https://www.bleepingcomputer.com/news/security/buggy-wordpress-plugin-exposes-100k-sites-to-takeover-attacks/

Singtel, QIMR Berghofer report Accellion-related data breaches

Singtel and the QIMR Berghofer Medical Research Institute are the latest companies to disclose data breaches caused by a vulnerability in the Accellion FTA secure file transfer software. [...]

https://www.bleepingcomputer.com/news/security/singtel-qimr-berghofer-report-accellion-related-data-breaches/

Microsoft warns of an increasing number of web shell attacks

Microsoft says that the number of monthly web shell attacks has almost doubled since last year, with an average of 140,000 such malicious tools being found on compromised servers every month. [...]

https://www.bleepingcomputer.com/news/security/microsoft-warns-of-an-increasing-number-of-web-shell-attacks/

Windows 10 emergency update fixes WPA3 Wi-Fi blue screen crashes

Microsoft has released an emergency KB5001028 out-of-band update to fix a bug causing Windows 10 to crash when connecting to WPA3 Wi-Fi networks. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-emergency-update-fixes-wpa3-wi-fi-blue-screen-crashes/

Internet Explorer 11 zero-day vulnerability gets a free micropatch

An Internet Explorer 11 zero-day vulnerability used against security researchers, not yet fixed by Microsoft, today received a micropatch that prevents exploitation. [...]

https://www.bleepingcomputer.com/news/security/internet-explorer-11-zero-day-vulnerability-gets-a-free-micropatch/

Avaddon ransomware fixes flaw allowing free decryption

The Avaddon ransomware gang has fixed a bug that let victims recover their files without paying the ransom. The flaw came to light after a security researcher exploited it to create a decryptor. [...]

https://www.bleepingcomputer.com/news/security/avaddon-ransomware-fixes-flaw-allowing-free-decryption/

Microsoft: Windows 10 1909 reaches end of service in May

Microsoft has reminded customers that some editions of Windows 10, version 1909 (also known as the November 2019 Update) will reach end of service in May 2021. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-1909-reaches-end-of-service-in-may/

Russian Yandex informs of sysadmin giving access to user mailboxes

Russian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes. [...]

https://www.bleepingcomputer.com/news/security/russian-yandex-informs-of-sysadmin-giving-access-to-user-mailboxes/

Copycat researchers imitate supply chain attack that hit tech giants

This week, hundreds of new packages have been published to the npm open-source repository named after private components being internally used by major companies. These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who had recently managed to infiltrate over major 35 tech firms. [...]

https://www.bleepingcomputer.com/news/security/copycat-researchers-imitate-supply-chain-attack-that-hit-tech-giants/