Node.js fixes severe HTTP bug that could let attackers crash apps

Node.js has released updates for a high severity vulnerability that could be exploited by attackers to crash the process and cause unexpected behaviors. The use-after-free vulnerability, tracked as CVE-2021-22930 is to do with how HTTP2 streams are handled in the language. [...]

https://www.bleepingcomputer.com/news/security/nodejs-fixes-severe-http-bug-that-could-let-attackers-crash-apps/

The Week in Ransomware - July 30th 2021 - €1 billion saved

Ransomware continues to be active this week, with new threat actors releasing new features, No More Ransom turning five, and a veteran group rebrands. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-july-30th-2021-1-billion-saved/

DOJ: SolarWinds hackers breached emails from 27 US Attorneys’ offices

The US Department of Justice says that the Microsoft Office 365 email accounts of employees at 27 US Attorneys' offices were breached by the Russian Foreign Intelligence Service (SVR) during the SolarWinds global hacking spree. [...]

https://www.bleepingcomputer.com/news/security/doj-solarwinds-hackers-breached-emails-from-27-us-attorneys-offices/

FBI warns investors of fraudsters posing as brokers and advisers

The FBI Criminal Investigative Division and Securities and Exchange Commission warn investors of fraudsters impersonating registered investment professionals such as investment advisers and registered brokers. [...]

https://www.bleepingcomputer.com/news/security/fbi-warns-investors-of-fraudsters-posing-as-brokers-and-advisers/

BlackMatter ransomware gang rises from the ashes of DarkSide, REvil

​A new ransomware gang named BlackMatter is purchasing access to corporate networks while claiming to include the best features from the notorious and now-defunct REvil and DarkSide operations. [...]

https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-gang-rises-from-the-ashes-of-darkside-revil/

Public print server gives anyone Windows admin privileges

A researcher has created a remote print server allowing any Windows user with limited privileges to gain complete control over a computer by installing a print driver. [...]

https://www.bleepingcomputer.com/news/microsoft/public-print-server-gives-anyone-windows-admin-privileges/

DarkSide ransomware gang returns as new BlackMatter operation

Encryption algorithms found in a decryptor show that the notorious DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation and is actively performing attacks on corporate entities. [...]

https://www.bleepingcomputer.com/news/security/darkside-ransomware-gang-returns-as-new-blackmatter-operation/

Bot protection now generally available in Azure Web Application Firewall

Microsoft has announced that the Web Application Firewall (WAF) bot protection feature has reached general availability on Azure on Application Gateway starting this week. [...]

https://www.bleepingcomputer.com/news/security/bot-protection-now-generally-available-in-azure-web-application-firewall/

Registry Explorer is the registry editor every Windows user needs

Last week, a new open-source Registry Editor was released that puts Windows Regedit software to shame by supporting a host of advanced features, making editing the Registry easier than ever. [...]

https://www.bleepingcomputer.com/news/microsoft/registry-explorer-is-the-registry-editor-every-windows-user-needs/

Windows 11 stock photo leaks upcoming Microsoft Paint redesign

An official stock photo of Windows 11 has accidentally revealed the upcoming redesign of the Microsoft Paint application. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-stock-photo-leaks-upcoming-microsoft-paint-redesign/

Windows 11 future updates: Here's everything you need to know

With Windows 11, Microsoft is retaining Windows 10's servicing model known as 'Windows as a Service (WaaS)'. As part of WaaS, Microsoft plans to deliver an always up-to-date experience with the latest features and security updates. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-future-updates-heres-everything-you-need-to-know/

PwnedPiper critical bug set impacts major hospitals in North America

Pneumatic tube system (PTS) stations used in thousands of hospitals worldwide are vulnerable to a set of nine critical security issues collectively referred to as PwnedPiper. [...]

https://www.bleepingcomputer.com/news/security/pwnedpiper-critical-bug-set-impacts-major-hospitals-in-north-america/

Empty npm package '-' has over 700,000 downloads — here's why

A mysterious, one-letter npm package named "-" sitting on the registry since 2020 has received over 700,000 downloads. What's more? The package contains no functional code, so what makes it score so many downloads? [...]

https://www.bleepingcomputer.com/news/software/empty-npm-package-has-over-700-000-downloads-heres-why/

Windows PetitPotam attacks can be blocked using new method

Security researchers have devised a way to block the recently disclosed PetitPotam attack vector that allows hackers to take control of a Windows domain controller easily. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-petitpotam-attacks-can-be-blocked-using-new-method/

Microsoft's Windows 365 Cloud PC service is live - Costs from $24 to $162

Microsoft's Windows 365 Cloud PC service is now generally available, allowing businesses to deploy Windows 10 desktops in the cloud for prices ranging between $24 and $162 per device. [...]

https://www.bleepingcomputer.com/news/microsoft/microsofts-windows-365-cloud-pc-service-is-live-costs-from-24-to-162/

Windows 10 to automatically block potentially unwanted apps

Microsoft Defender and Microsoft Edge on Windows 10 will automatically block potentially unwanted applications (PUAs) by default starting this month. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-to-automatically-block-potentially-unwanted-apps/

Google Chrome to no longer show secure website indicators

Google Chrome will no longer show whether a site you are visiting is secure and only show when you visit an insecure website. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-to-no-longer-show-secure-website-indicators/

Windows 11's October 2021 release date hinted in support docs

A planned October 2021 release date for Windows 11 has been accidentally leaked in support documents from both Microsoft and Intel. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11s-october-2021-release-date-hinted-in-support-docs/

RansomEXX ransomware hits Italy's Lazio region, affects COVID-19 site

The Lazio region in Italy has suffered a RansomEXX ransomware attack that has disabled the region's IT systems, including the COVID-19 vaccination registration portal. [...]

https://www.bleepingcomputer.com/news/security/ransomexx-ransomware-hits-italys-lazio-region-affects-covid-19-site/

Microsoft halts Windows 365 trials after running out of servers

Microsoft has suspended free trials of their newly launched Windows 365 Cloud PC service after running out of available servers. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-halts-windows-365-trials-after-running-out-of-servers/

NSA and CISA share Kubernetes security recommendations

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published comprehensive recommendations for strengthening the security of an organization's Kubernetes system. [...]

https://www.bleepingcomputer.com/news/security/nsa-and-cisa-share-kubernetes-security-recommendations/