Kaseya patches VSA vulnerabilities used in REvil ransomware attack

Kaseya has released a security update for the VSA zero-day vulnerabilities used by the REvil ransomware gang to attack MSPs and their customers. [...]

https://www.bleepingcomputer.com/news/security/kaseya-patches-vsa-vulnerabilities-used-in-revil-ransomware-attack/

SolarWinds patches critical Serv-U vulnerability exploited in the wild

SolarWinds is urging customers to patch a remote code execution vulnerability that was exploited in the wild by "a single threat actor" in attacks targeting a limited number of customers. [...]

https://www.bleepingcomputer.com/news/security/solarwinds-patches-critical-serv-u-vulnerability-exploited-in-the-wild/

Fashion retailer Guess discloses data breach after ransomware attack

American fashion brand and retailer Guess is notifying affected customers of a data breach following a February ransomware attack that led to data theft. [...]

https://www.bleepingcomputer.com/news/security/fashion-retailer-guess-discloses-data-breach-after-ransomware-attack/

Microsoft fixes Outlook crash issues when using Search bar

Microsoft will roll out a fix for a known issue causing Outlook for Microsoft 365 to crash on systems where users attempted using the Search bar or Search Suggestions features. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-outlook-crash-issues-when-using-search-bar/

Interpol urges police to unite against 'potential ransomware pandemic'

Interpol (International Criminal Police Organisation) Secretary General Jürgen Stock urged police agencies and industry partners to work together to prevent what looks like a future ransomware pandemic. [...]

https://www.bleepingcomputer.com/news/security/interpol-urges-police-to-unite-against-potential-ransomware-pandemic/

New BIOPASS malware live streams victim's computer screen

Hackers compromised gambling sites to deliver a new remote access trojan (RAT) called BIOPASS that enables watching the victim's computer screen in real time by abusing popular live-streaming software. [...]

https://www.bleepingcomputer.com/news/security/new-biopass-malware-live-streams-victims-computer-screen/

Firefox 90 adds enhanced tracker blocking to private browsing

Mozilla has introduced SmartBlock 2.0, the next version of its intelligent cross-site tracking blocking tech, with the release of Firefox 90. [...]

https://www.bleepingcomputer.com/news/security/firefox-90-adds-enhanced-tracker-blocking-to-private-browsing/

REvil ransomware gang's web sites mysteriously shut down

The infrastructure and websites for the REvil ransomware operation have mysteriously gone offline as of last night. [...]

https://www.bleepingcomputer.com/news/security/revil-ransomware-gangs-web-sites-mysteriously-shut-down/

CISA orders federal agencies to patch Windows PrintNightmare bug

A new emergency directive ordered by the Cybersecurity and Infrastructure Security Agency (CISA) orders federal agencies to mitigate an actively exploited vulnerability in Pulse Connect Secure (PCS) VPN appliances on their networks by Friday. [...]

https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-patch-windows-printnightmare-bug/

Windows 10 KB5004237 & KB5004245 cumulative updates released

As part of the July 2021 Patch Tuesday, Microsoft has released new KB5004237 and KB5004245 cumulative updates for recent versions of Windows. Today's cumulative updates include security fixes for PCs with May 2021 Update, October 2020 Update and May 2020 Update.  [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5004237-and-kb5004245-cumulative-updates-released/

Microsoft July 2021 Patch Tuesday fixes 9 zero-days, 117 flaws

Today is Microsoft's July 2021 Patch Tuesday, and with it comes fixes for nine zero-day vulnerabilities and a total of 117 flaws, so Windows admins will be pulling their hair out as they scramble to get devices patched and secured. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2021-patch-tuesday-fixes-9-zero-days-117-flaws/

Microsoft fixes Windows Hello authentication bypass vulnerability

Microsoft has addressed a security feature bypass vulnerability in the Windows Hello authentication biometrics-based tech, letting threat actors spoof a target's identity and trick the face recognition mechanism into giving them access to the system. [...]

https://www.bleepingcomputer.com/news/security/microsoft-fixes-windows-hello-authentication-bypass-vulnerability/

US indicts dark web user 'The Bull' for insider trading

The U.S. Department of Justice (DoJ) has charged an individual for engaging in insider trading on the darknet. Greece-based Apostolos Trovias, known as the "The Bull" frequently used encrypted messaging services and the dark web for soliciting, exchanging and selling inside information. [...]

https://www.bleepingcomputer.com/news/security/us-indicts-dark-web-user-the-bull-for-insider-trading/

Adobe updates fix 28 vulnerabilities in 6 programs

Adobe has released a giant Patch Tuesday security update release that fixes vulnerabilities in Adobe Dimension, Illustrator, Framemaker, Acrobat, Reader, and Bridge. [...]

https://www.bleepingcomputer.com/news/security/adobe-updates-fix-28-vulnerabilities-in-6-programs/

Amazon starts rolling out Ring end-to-end encryption globally

Amazon-owned Ring has announced starting the worldwide roll out of video End-to-End Encryption (E2EE) to customers with compatible devices. [...]

https://www.bleepingcomputer.com/news/security/amazon-starts-rolling-out-ring-end-to-end-encryption-globally/

Hackers used SolarWinds zero-day bug to target US Defense orgs

China-based hackers actively target US defense and software companies using a vulnerability in the SolarWinds Serv-U FTP server. [...]

https://www.bleepingcomputer.com/news/microsoft/hackers-used-solarwinds-zero-day-bug-to-target-us-defense-orgs/

Trickbot updates its VNC module for high-value targets

The Trickbot botnet malware that often distributes various ransomware strains, continues to be the most prevalent threat as its developers update the VNC module used for remote control over infected systems. [...]

https://www.bleepingcomputer.com/news/security/trickbot-updates-its-vnc-module-for-high-value-targets/

Chinese cyberspies’ wide-scale APT campaign hits Asian govt entities

Kaspersky researchers have revealed an ongoing and large-scale advanced persistent threat (APT) campaign with hundreds of victims from Southeast Asia, including Myanmar and the Philippines government entities. [...]

https://www.bleepingcomputer.com/news/security/chinese-cyberspies-wide-scale-apt-campaign-hits-asian-govt-entities/

Detonating Ransomware on My Own Computer (Don’t Try This at Home)

Ransomware attacks are a daily occurrence, announcing new levels of danger and confusion to an already complicated business of protecting data. How it behaves can tell us lot about a ransomware attack - so I recently detonated Conti ransomware in a controlled environment to demonstrate the importance of proper cyber protection. [...]

https://www.bleepingcomputer.com/news/security/detonating-ransomware-on-my-own-computer-don-t-try-this-at-home/

Windows 365 - Microsoft's new virtualized Cloud PC service

Microsoft has unveiled their greatly anticipated cloud-based Windows 365 service - a virtualized desktop service allowing businesses to deploy and stream Cloud PCs from Azure. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-365-microsofts-new-virtualized-cloud-pc-service/

SonicWall warns of 'critical' ransomware risk to SMA 100 VPN appliances

SonicWall has issued an "urgent security notice" warning customers of ransomware attacks targeting unpatched end-of-life (EoL) Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products. [...]

https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-ransomware-risk-to-sma-100-vpn-appliances/