Russian cryptocurrency exchange Livecoin posted on message on its official website on Christmas Eve claiming it was hacked and lost control of some of its servers, warning customers to stop using its services.

The operators behind Dridex have a nefarious trick up their sleeves this holiday season. A widespread phishing scam promises victims a $100 Amazon gift card but instead delivers the prolific banking Trojan to target machines.

LogRhythm Labs has gathered up the IOCs from CISA, Volexity, and FireEye associated with the recent SolarWinds supply chain attack and made them available in GitHub repository.

The local privilege-escalation bug in Windows 8.1 and Windows 10 (CVE-2020-0986) exists in the Print Spooler API. It could allow a local attacker to elevate privileges and execute code in the context of the current user.

The discovery of the breach comes after a string of cyberattacks targeted companies in Israel. Earlier this month, sensitive data of Israeli citizens was leaked and sold after the Shirbit insurance company was targeted in a ransomware attack.

Sangoma disclosed a data breach after files were stolen during a recent Conti ransomware attack and published online. The Conti ransomware gang published over 26 GB of data on their ransomware data leak site.

Hackers affiliated with the Russian government have reportedly accessed emails from at least one company in the private sector and accessed Microsoft cloud customers’ information through a third party.

Internet domain company GoDaddy used a holiday bonus notification to test employees on email phishing scams, after workers had already been told they would not receive a bonus this year.

Microsoft identified a reseller’s Microsoft Azure account used for managing CrowdStrike’s Microsoft Office licenses making abnormal calls to Microsoft cloud APIs during a 17-hour period several months ago.