16-year-old bug in printer software gives hackers admin rights

A 16-year-old security vulnerability found in HP, Xerox, and Samsung printers drivers allows attackers to gain admin rights on systems using the vulnerable driver software. [...]

https://www.bleepingcomputer.com/news/security/16-year-old-bug-in-printer-software-gives-hackers-admin-rights/

FBI: Threat actors may be targeting the 2020 Tokyo Summer Olympics

The Federal Bureau of Investigation (FBI) warns of threat actors potentially targeting the upcoming Olympic Games, although evidence of attacks planned against the Olympic Games Tokyo 2020 is yet to be uncovered. [...]

https://www.bleepingcomputer.com/news/security/fbi-threat-actors-may-be-targeting-the-2020-tokyo-summer-olympics/

New Linux kernel bug lets you get root on most modern distros

Unprivileged attackers can gain root privileges by exploiting a local privilege escalation (LPE) vulnerability in default configurations of the Linux Kernel's filesystem layer on vulnerable devices. [...]

https://www.bleepingcomputer.com/news/security/new-linux-kernel-bug-lets-you-get-root-on-most-modern-distros/

New Windows 10 vulnerability allows anyone to get admin privileges

Windows 10 and Windows 11 are vulnerable to a local elevation of privilege vulnerability after discovering that users with low privileges can access sensitive Registry database files. [...]

https://www.bleepingcomputer.com/news/microsoft/new-windows-10-vulnerability-allows-anyone-to-get-admin-privileges/

DuckDuckGo's new email privacy service forwards tracker-free messages

DuckDuckGo is rolling out an email privacy feature that strips incoming messages of trackers that can help profile you for better profiling and ad targeting. [...]

https://www.bleepingcomputer.com/news/security/duckduckgos-new-email-privacy-service-forwards-tracker-free-messages/

Microsoft Teams chat feature rolling out to Windows 11

With Windows 11, Microsoft is integrating the Microsoft Teams chatting feature into the Windows Taskbar. Microsoft Teams Chat feature is based on Microsoft Teams desktop client and Microsoft is basically extending Teams capability by bringing the dedicated button right to your taskbar. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-teams-chat-feature-rolling-out-to-windows-11/

Microsoft shares workarounds for new Windows 10 zero-day bug

Microsoft has shared workarounds for a Windows 10 zero-day vulnerability that can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-workarounds-for-new-windows-10-zero-day-bug/

XLoader malware steals logins from macOS and Windows systems

A highly popular malware for stealing information from Windows systems has been modified into a new strain called XLoader, which can also target macOS systems. [...]

https://www.bleepingcomputer.com/news/security/xloader-malware-steals-logins-from-macos-and-windows-systems/

Google Chrome now comes with up to 50x faster phishing detection

Google Chrome now comes with up to 50 times faster phishing detection starting with the latest released version 92, promoted to the stable channel on Tuesday. [...]

https://www.bleepingcomputer.com/news/security/google-chrome-now-comes-with-up-to-50x-faster-phishing-detection/

NPM package steals Chrome passwords on Windows via recovery tool

New npm malware has been caught stealing credentials from the Google Chrome web browser by using legitimate password recovery tools on Windows systems. Additionally, this malware listens for incoming connections from the attacker's C2 server and provides advanced capabilities, including screen and camera access.  [...]

https://www.bleepingcomputer.com/news/security/npm-package-steals-chrome-passwords-on-windows-via-recovery-tool/

Chinese state hackers breached over a dozen US pipeline operators

Chinese state-sponsored attackers have breached 13 US oil and natural gas (ONG) pipeline companies between December 2011 to 2013 following a spear-phishing campaign targeting their employees. [...]

https://www.bleepingcomputer.com/news/security/chinese-state-hackers-breached-over-a-dozen-us-pipeline-operators/

France warns of APT31 cyberspies targeting French organizations

The French national cyber-security agency today warned of an ongoing series of attacks against a large number of French organizations coordinated by the Chinese-backed APT31 cyberespionage group. [...]

https://www.bleepingcomputer.com/news/security/france-warns-of-apt31-cyberspies-targeting-french-organizations/

CISA warns of stealthy malware found on hacked Pulse Secure devices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an alert today about more than a dozen malware samples found on exploited Pulse Secure devices that are largely undetected by antivirus products. [...]

https://www.bleepingcomputer.com/news/security/cisa-warns-of-stealthy-malware-found-on-hacked-pulse-secure-devices/

TikTok, Snapchat account hijacker arrested for role in Twitter hack

A fourth suspect has been arrested today for his role in the Twitter hack last year that gave attackers access to the company's internal network exposing high-profile accounts to hijacking. [...]

https://www.bleepingcomputer.com/news/security/tiktok-snapchat-account-hijacker-arrested-for-role-in-twitter-hack/

Atlassian asks customers to patch critical Jira vulnerability

Atlassian is prompting its enterprise customers to patch a critical vulnerability in multiple versions of its Jira Data Center and Jira Service Management Data Center products. The vulnerability tracked as CVE-2020-36239 can give remote attackers code execution abilities, due to a missing authentication flaw in Ehcache RMI. [...]

https://www.bleepingcomputer.com/news/security/atlassian-asks-customers-to-patch-critical-jira-vulnerability/

MITRE updates list of top 25 most dangerous software bugs

MITRE has shared this year's top 25 list of most common and dangerous weaknesses plaguing software throughout the previous two years. [...]

https://www.bleepingcomputer.com/news/security/mitre-updates-list-of-top-25-most-dangerous-software-bugs/

Ransomware gang breached CNA’s network via fake browser update

Leading US insurance company CNA Financial has provided a glimpse into how Phoenix CryptoLocker operators breached its network, stole data, and deployed ransomware payloads in a ransomware attack that hit its network in March 2021. [...]

https://www.bleepingcomputer.com/news/security/ransomware-gang-breached-cna-s-network-via-fake-browser-update/

Akamai DNS global outage takes down major websites, online services

Akamai is investigating an ongoing outage affecting many major websites and online services including Steam, the PlayStation Network, Newegg, Cloudflare, AWS, Amazon, Google, and Salesforce. [...]

https://www.bleepingcomputer.com/news/security/akamai-dns-global-outage-takes-down-major-websites-online-services/

Kaseya obtains universal decryptor for REvil ransomware victims

Kaseya received a universal decryptor that allows victims of the July 2nd REvil ransomware attack to recover their files for free. [...]

https://www.bleepingcomputer.com/news/security/kaseya-obtains-universal-decryptor-for-revil-ransomware-victims/

Windows 11 update improves taskbar, Microsoft Store and more

Microsoft has released a new build 22000.100 to Windows 11 Insiders in the Dev channel of the Windows Insider program. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-update-improves-taskbar-microsoft-store-and-more/

Major news sites serve porn after vid.me domain takeover

Major news sites including The Washington Post, New York Magazine, and HuffPost, saw their stories now displaying porn videos instead of the once-embedded intended ones. The fiasco happened as prominent websites relied on the now-defunct domain vid.me to embed streaming videos in their articles. [...]

https://www.bleepingcomputer.com/news/technology/major-news-sites-serve-porn-after-vidme-domain-takeover/