---

Cybersecurity Lessons Learned from 'The Rise of Skywalker'

They're especially relevant regarding several issues we face now, including biometrics, secure data management, and human error with passwords.

---

Microsoft to forcibly install Bing search extension in Chrome for Office 365 ProPlus users

Microsoft will change the default search engine in Chrome from Google to Bing for its Office 365 ProPlus customers starting mid-February.

---

Coalition acquires IoT search engine BinaryEdge

US cyber-insurer Coalition buys BinaryEdge for undisclosed sum to boost its cyber insurance policy offering.

---

Microsoft discloses security breach of customer support database

Five servers storing customer support analytics were accidentally exposed online in December 2019.

---

New Muhstik Botnet Attacks Target Tomato Routers

Palo Alto Networks’ Unit 42 researchers observed a variant of the wormlike botnet that adds scanner technology to brute-force Web authentication.

---

Data leak strikes US cannabis users, sensitive information exposed

A database backing point-of-sale systems used in medical and recreational marijuana dispensaries has been compromised.

---

ProtonVPN apps handed to open source community in transparency push

The code backing ProtonVPN apps on all platforms can now be examined at leisure.

---

PoC Exploits Do More Good Than Harm: Threatpost Poll

More than half of security experts think that the good outweighs the bad when it comes to proof-of-concept exploits, according to a recent Threatpost poll.

---

In enterprise attack wave, NetWire Trojan now buries itself in disk image files

Enterprise companies are being targeted by a business email scam harnessing the Trojan.

---

German government to pay €800,000 in Windows 7 ESU fees this year

The sum represents ESU fees for over 33,000 government workstations that are still running Windows 7, allowing German government systems to receive security updates for one more year.

---

16Shop Phishing Gang Goes After PayPal Users

A sophisticated malware-as-a-service phishing kit includes full customer service and anti-detection technologies.

---

Microsoft, DHS Warn of Zero-Day Attack Targeting IE Users

Software firm is "aware of limited targeted attacks" exploiting a scripting issue vulnerability in Internet Explorer 9, 10, and 11 that previously has not been disclosed.

---

New Ransomware Tactic Shows How Windows EFS Can Aid Attackers

Researchers have discovered how ransomware can take advantage of the Windows Encrypting File System, prompting security vendors to release patches.

---

FireEye Buys Cloudvisory

The purchase is intended to bring new cloud capabilities to the FireEye Helix security platform.

---

Microsoft discovers new sLoad 2.0 (Starslord) malware

sLoad malware gangs makes a comeback after having operations exposed last month.

---

Avoid That Billion-Dollar Fine: Blurring the Lines Between Security and Privacy

While doing good for the user is the theoretical ideal, the threat of fiscal repercussions should drive organizations to take privacy seriously. That means security and data privacy teams must work more closely.

---

Ransomware Upgrades with Credential-Stealing Tricks

The latest version of the FTCode ransomware can steal credentials from five popular browsers and email clients.

---

Citrix Accelerates Patch Rollout For Critical RCE Flaw

Citrix has issued the first of several updates fixing a critical vulnerability in various versions of its Citrix Application Delivery Controller (ADC) and Citrix Gateway products.

---

Nearly 75% of SD-WAN Owners Lack Confidence Post-Digital Transformation

More businesses think SD-WAN will reduce WAN costs, but only 37% think SD-WANs will help defend against malware and other threats.

---

US Cyber Command was not prepared to handle the amount of data it hacked from ISIS

Operation Glowing Symphony was a success, but Cyber Command operators were not prepared for the amount of data they found in hacked ISIS accounts and servers.