The OpenWRT forum, a large community of enthusiasts of alternative, open-source operating systems for routers, announced a data breach.Forum administrators posted the announcement in a high-visibility area, explaining what happened and the risks to users stemming from exposing their data.Good password not enoughThe attack occurred on Saturday, around 04:00 (

Microsoft will enable fully automated threat remediation by default for Microsoft Defender for Endpoint customers who have opted into public previews starting next month, on February 16, 2021.This change of the default automation level from Semi to Full comes after finding that organizations using full automation by default were more successful in remed

Windows utility developer IObit was hacked over the weekend to perform a widespread attack to distribute the strange DeroHE ransomware to its forum members.IObit is a software developer known for Windows system optimization and anti-malware programs, such as Advanced SystemCare.Over the weekend, IObit forum members began receiving emails claiming to be from

The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts and credentials for network access and privilege escalation from US and international-based employees.Vishing (also known as voice phishing) is a social engineering attack where attackers impersonat

The U.S. National Security Agency has appointed Rob Joyce as the agency’s new director of cybersecurity, who has long experience in US cybersecurity The National Security Agency (NSA) has appointed US cybersecurity official Rob Joyce as the new chief of the Cybersecurity Directorate. Joyce served as the NSA’s top representative in the UK since 2018,

Multinational technology company Thales and global provider of engineered electronics for performance critical applications TT Electronics have announced a partnership to enable the development of operational technology cybersecurity initiatives and research.These programs will be delivered out of the National Digital Exploitation Center (NDEC) in South Wale

The U.S. National Security Agency on Friday announced that Rob Joyce, an official who is highly respected in the cybersecurity community, has been named the agency’s new director of cybersecurity.Joyce, who according to his LinkedIn profile has been working for the Defense Department for the past 32 years, replaces Anne Neuberger, who has been appointed Depu

Last week on Malwarebytes Labs, we looked at IoT problems, Microsoft’s Patch Tuesday, and how cybercriminals want access to your cloud services. We also explored how VPNs can protect your privacy, and asked if MSPs have picked the right PSA. Other cybersecurity news Hot phishing targets: Some brands are more appealing to scammers than others (Source: Z

President Joe Biden can’t bring his Peloton exercise equipment to the White House due to security reasons. According to a Popular Mechanics report, President Joe Biden is going to move to the White House and likely he will have to give up his Peloton exercise equipment for security reasons. Peloton exercise equipment’s popularity surged dur

A bug in Windows 10 causes the operating system to crash with a Blue Screen of Death simply by opening a certain path in a browser's address bar or using other Windows commands.Last week, BleepingComputer learned of two bugs disclosed on Twitter by a Windows security researcher that can be abused by attackers in various attacks.The first bug allows an unpriv

The privacy-focused search engine DuckDuckGo continues to grow rapidly as the company reached 102M daily search queries for the first time in January.DuckDuckGo is a search engine that builds its search index using its DuckDuckBot crawler, indexing WikiPedia, and through partners like Bing. The search engine does not use any data from Google.What makes

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. It is time to re-evaluate Cyber-defence solutionsNew Zealand central bank hit by a cyber attackTeamTNT botnet now steals Docker API and AWS credentialsConnecting the dots between SolarWinds and Russia-li

Enemies of the People, the website inciting violence against U.S. officials who refused to support the President's claims to voter fraud, is still active and continues to expose personal details from more individuals.The main site went offline shortly before a report from the FBI emerged saying that Iranian actors were "almost certainly" behind the

The administrator of Joker's Stash, one of the longest-running marketplace for stolen credit cards, announced on Friday that they would permanently shut down the operation next month.They published messages on multiple cybercriminal forums to inform about the retirement, set for February 15, and that all servers and backups would be wiped.End of Joker's acti

Siemens has addressed tens of vulnerabilities in Siemens Digital Industries Software products that can allow arbitrary code execution. Siemens has addressed 18 vulnerabilities affecting some products of Siemens Digital Industries Software which provides product lifecycle management (PLM) solutions. The vulnerabilities affect Siemens JT2Go, a 3D viewing