Windows 11 gets new versions of Snipping Tool, Mail, and Calculator

Microsoft is rolling out its first Windows 11 app updates with new versions of the Calculator, Mail and Calendar, and the Snipping Tool apps. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-gets-new-versions-of-snipping-tool-mail-and-calculator/

Microsoft: Evasive Office 365 phishing campaign active since July 2020

Microsoft says that a year-long and highly evasive spear-phishing campaign has targeted Office 365 customers in multiple waves of attacks starting with July 2020. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-evasive-office-365-phishing-campaign-active-since-july-2020/

Hackers now backdoor Microsoft Exchange using ProxyShell exploits

Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access. [...]

https://www.bleepingcomputer.com/news/microsoft/hackers-now-backdoor-microsoft-exchange-using-proxyshell-exploits/

GitHub deprecates account passwords for authenticating Git operations

GitHub has announced today that account passwords will no longer be accepted for authenticating Git operations starting tomorrow. [...]

https://www.bleepingcomputer.com/news/security/github-deprecates-account-passwords-for-authenticating-git-operations/

Vice Society ransomware joins ongoing PrintNightmare attacks

The Vice Society ransomware gang is now also actively exploiting Windows print spooler PrintNightmare vulnerability for lateral movement through their victims' networks. [...]

https://www.bleepingcomputer.com/news/security/vice-society-ransomware-joins-ongoing-printnightmare-attacks/

Bugs in gym management software let hackers wipe fitness history

Security researchers found vulnerabilities in the Wodify fitness platform that allows an attacker to view and modify user workouts from any of the more than 5,000 gyms that use the solution worldwide. [...]

https://www.bleepingcomputer.com/news/security/bugs-in-gym-management-software-let-hackers-wipe-fitness-history/

SynAck ransomware releases decryption keys after El_Cometa rebrand

The SynAck ransomware gang released the master decryption keys for their operation after rebranding as the new El_Cometa group. [...]

https://www.bleepingcomputer.com/news/security/synack-ransomware-releases-decryption-keys-after-el-cometa-rebrand/

Microsoft Teams will alert users of incoming spam calls

Microsoft is working on adding a spam call notification feature to the Microsoft 365 Teams collaboration platform. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-teams-will-alert-users-of-incoming-spam-calls/

Windows 365 exposes Microsoft Azure credentials in plaintext

A security researcher has figured out a way to dump a user's unencrypted plaintext Microsoft Azure credentials from Microsoft's new Windows 365 Cloud PC service using Mimikatz. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-365-exposes-microsoft-azure-credentials-in-plaintext/

Emails from Lithuanian Ministry of Foreign Affairs for sale on data-trading forum

The Lithuanian Ministry of Foreign Affairs has declined to comment about the authenticity of email files allegedly stolen from its network and offered for sale on a data-trading forum.Lith [...]

https://www.bleepingcomputer.com/news/security/emails-from-lithuanian-ministry-of-foreign-affairs-for-sale-on-data-trading-forum/

The Week in Ransomware - August 13th 2021 - The rise of LockBit

This week we saw an existing operation rise in attacks while existing ransomware operations turn to Windows vulnerabilities to elevate their privileges. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-13th-2021-the-rise-of-lockbit/

Facebook rolls out end-to-end encryption for Messenger calls

Facebook has announced the roll-out of end-to-end encrypted Messenger voice and video calls five years after making it available in one-on-one text chats. [...]

https://www.bleepingcomputer.com/news/security/facebook-rolls-out-end-to-end-encryption-for-messenger-calls/

US brokers warned of ongoing phishing attacks impersonating FINRA

The US Financial Industry Regulatory Authority (FINRA) warns US brokerage firms and brokers of an ongoing phishing campaign impersonating FINRA officials and asking them to hand over sensitive information under the threat of penalties. [...]

https://www.bleepingcomputer.com/news/security/us-brokers-warned-of-ongoing-phishing-attacks-impersonating-finra/

Ford bug exposed customer and employee records from internal systems

A bug on Ford's website allowed for accessing sensitive systems and obtaining proprietary data, such as customer databases, employee records, internal tickets, etc. The data exposure stemmed from a misconfigured instance of Pega customer engagement system running on Ford's servers. [...]

https://www.bleepingcomputer.com/news/security/ford-bug-exposed-customer-and-employee-records-from-internal-systems/

EasyWSL turns Linux docker images into a Windows 10 WSL distro

If you can't find your favorite Windows Subsystem for Linux distribution available in the Microsoft Store, a new program called EasyWSL can convert almost any Linux Docker image into a WSL distro. [...]

https://www.bleepingcomputer.com/news/microsoft/easywsl-turns-linux-docker-images-into-a-windows-10-wsl-distro/

Hacker claims to steal data of 100 million T-mobile customers

A threat actor claims to have hacked T-Mobile's servers and stolen databases containing the personal data of approximately 100 million customers. [...]

https://www.bleepingcomputer.com/news/security/hacker-claims-to-steal-data-of-100-million-t-mobile-customers/

Colonial Pipeline reports data breach after May ransomware attack

Colonial Pipeline, the largest fuel pipeline in the United States, is sending notification letters to individuals affected by the data breach resulting from the DarkSide ransomware attack that hit its network in May. [...]

https://www.bleepingcomputer.com/news/security/colonial-pipeline-reports-data-breach-after-may-ransomware-attack/

Hackers behind Iranian wiper attacks linked to Syrian breaches

Destructive attacks that targeted Iran's transport ministry and national train system were coordinated by a threat actor dubbed Indra who previously deployed wiper malware on the networks of multiple Syrian organizations. [...]

https://www.bleepingcomputer.com/news/security/hackers-behind-iranian-wiper-attacks-linked-to-syrian-breaches/

SIM swap scammer pleads guilty to Instagram account hijacks, crypto theft

Declan Harrington, a Massachusetts man charged two years ago for his alleged involvement in a series of SIM swapping attacks, pleaded guilty to stealing cryptocurrency from multiple victims and hijacking the Instagram account of others.  [...]

https://www.bleepingcomputer.com/news/security/sim-swap-scammer-pleads-guilty-to-instagram-account-hijacks-crypto-theft/

Secret terrorist watchlist with 2 million records exposed online

A secret terrorist watchlist with 1.9 million records, including "no-fly" records was exposed on the internet. The list was left accessible on an Elasticsearch cluster that had no password on it. [...]

https://www.bleepingcomputer.com/news/security/secret-terrorist-watchlist-with-2-million-records-exposed-online/

Education giant Pearson fined $1M for downplaying data breach

The US Securities and Exchange Commission (SEC) announced today that Pearson, a British multinational educational publishing and services company, has settled charges of mishandling the disclosure process for a 2018 data breach discovered in March 2019. [...]

https://www.bleepingcomputer.com/news/security/education-giant-pearson-fined-1m-for-downplaying-data-breach/