Microsoft expands Recall preview to Intel and AMD Copilot+ PCs

​Microsoft is now testing its AI-powered Recall feature on AMD and Intel-powered Copilot+ PCs enrolled in the Windows 11 Insider program. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-expands-recall-preview-to-intel-and-amd-copilot-plus-pcs/

 Anna Jaques Hospital ransomware breach exposed data of 300K patients

Anna Jaques Hospital has confirmed on its website that a ransomware attack it suffered almost precisely a year ago, on December 25, 2023, has exposed sensitive health data for over 316,000 patients. [...]

https://www.bleepingcomputer.com/news/security/anna-jaques-hospital-ransomware-breach-exposed-data-of-300k-patients/

 QR codes bypass browser isolation for malicious C2 communication

Mandiant has identified a novel method to bypass contemporary browser isolation technology and achieve command-and-control C2 operations. [...]

https://www.bleepingcomputer.com/news/security/qr-codes-bypass-browser-isolation-for-malicious-c2-communication/

 Romanian energy supplier Electrica hit by ransomware attack

Electrica Group, a key player in the Romanian electricity distribution and supply market, is investigating a ransomware attack that was still "in progress" earlier today. [...]

https://www.bleepingcomputer.com/news/security/romanian-energy-supplier-electrica-hit-by-ransomware-attack/

 Cybercrime gang arrested after turning Airbnbs into fraud centers

Eight members of an international cybercrime network that stole millions of Euros from victims and set up Airbnb fraud centers were arrested in Belgium and the Netherlands. [...]

https://www.bleepingcomputer.com/news/security/cybercrime-gang-arrested-after-turning-airbnbs-into-fraud-centers/

 Outdated Google Workspace Sync blocks Windows 11 24H2 upgrades

Microsoft now blocks the Windows 11 24H2 update on computers with outdated Google Workspace Sync installs because they're causing Outlook launch issues. [...]

https://www.bleepingcomputer.com/news/microsoft/outdated-google-workspace-sync-blocks-windows-11-24h2-upgrades/

 Radiant links $50 million crypto heist to North Korean hackers

Radiant Capital now says that North Korean threat actors are behind the $50 million cryptocurrency heist that occurred after hackers breached its systems in an October 16 cyberattack. [...]

https://www.bleepingcomputer.com/news/security/radiant-links-50-million-crypto-heist-to-north-korean-hackers/

 Ubisoft fixes Windows 11 24H2 conflicts causing game crashes

Microsoft has now partially lifted a compatibility hold blocking the Windows 24H2 update on systems with some Ubisoft games after the French video game publisher has fixed bugs causing crashes, freezes, and audio issues. [...]

https://www.bleepingcomputer.com/news/microsoft/ubisoft-fixes-windows-11-24h2-conflicts-causing-game-crashes/

 OpenWrt Sysupgrade flaw let hackers push malicious firmware images

A flaw in OpenWrt's Attended Sysupgrade feature used to build custom, on-demand firmware images could have allowed for the distribution of malicious firmware packages. [...]

https://www.bleepingcomputer.com/news/security/openwrt-sysupgrade-flaw-let-hackers-push-malicious-firmware-images/

 Ransomware attack hits leading heart surgery device maker

​Artivion, a leading manufacturer of heart surgery medical devices, has disclosed a November 21 ransomware attack that disrupted its operations and forced it to take some systems offline. [...]

https://www.bleepingcomputer.com/news/security/ransomware-attack-hits-leading-heart-surgery-device-maker/

 Chinese hackers use Visual Studio Code tunnels for remote access

Chinese hackers targeting large IT service providers in Southern Europe were seen abusing Visual Studio Code (VSCode) tunnels to maintain persistent access to compromised systems. [...]

https://www.bleepingcomputer.com/news/security/chinese-hackers-use-visual-studio-code-tunnels-for-remote-access/

 Microsoft 365 outage takes down Office web apps, admin center

Microsoft is investigating a widespread and ongoing Microsoft 365 outage impacting Office web apps and the Microsoft 365 admin center. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-takes-down-office-web-apps-admin-center/

 Inside the incident: Uncovering an advanced phishing attack

Recently, Varonis investigated a phishing campaign in which a malicious email enabled a threat actor to access the organization. This blog post will reveal the tactics used to avoid detection and share what was discovered during the investigation. [...]

https://www.bleepingcomputer.com/news/security/inside-the-incident-uncovering-an-advanced-phishing-attack/

 New Cleo zero-day RCE flaw exploited in data theft attacks

Hackers are actively exploiting a zero-day vulnerability in Cleo managed file transfer software to breach corporate networks and conduct data theft attacks. [...]

https://www.bleepingcomputer.com/news/security/new-cleo-zero-day-rce-flaw-exploited-in-data-theft-attacks/

 US sanctions Chinese firm for hacking firewalls in ransomware attacks

The U.S. Treasury Department has sanctioned Chinese cybersecurity company Sichuan Silence and one of its employees for their involvement in a series of Ragnarok ransomware attacks targeting U.S. critical infrastructure companies and many other victims worldwide in April 2020. [...]

https://www.bleepingcomputer.com/news/security/us-sanctions-chinese-firm-for-hacking-firewalls-in-ragnarok-ransomware-attacks/

 FTC distributes $72 million in Fortnite refunds from Epic Games

The Federal Trade Commission (FTC) is distributing over $72 million in Epic Game Fortnite refunds for the company's use of dark patterns to trick players into making unwanted purchases. [...]

https://www.bleepingcomputer.com/news/gaming/ftc-distributes-72-million-in-fortnite-refunds-from-epic-games/

 Windows 11 KB5048667 & KB5048685 cumulative updates released

Microsoft has released the Windows 11 KB5048667 and KB5048685 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5048667-and-kb5048685-cumulative-updates-released/

 Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws

Today is Microsoft's December 2024 Patch Tuesday, which includes security updates for 71 flaws, including one actively exploited zero-day vulnerability. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-december-2024-patch-tuesday-fixes-1-exploited-zero-day-71-flaws/

 Windows 10 KB5048652 update fixes new motherboard activation bug

Microsoft has released the KB5048652 cumulative update for Windows 10 22H2, which contains six fixes, including a fix that prevented Windows 10 from activating when you change a device's motherboard. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5048652-update-fixes-new-motherboard-activation-bug/

 Ivanti warns of maximum severity CSA auth bypass vulnerability

Ivanti warned customers on Tuesday about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution. [...]

https://www.bleepingcomputer.com/news/security/ivanti-warns-of-maximum-severity-csa-auth-bypass-vulnerability/