Ransomware gang's script shows exactly the files they're after

A PowerShell script used by the Pysa ransomware operation gives us a sneak peek at the types of data they attempt to steal during a cyberattack. [...]

https://www.bleepingcomputer.com/news/security/ransomware-gangs-script-shows-exactly-the-files-theyre-after/

SteelSeries bug gives Windows 10 admin rights by plugging in a device

The official app for installing SteelSeries devices on Windows 10 can be exploited to obtain administrator rights, a security researcher has found. [...]

https://www.bleepingcomputer.com/news/security/steelseries-bug-gives-windows-10-admin-rights-by-plugging-in-a-device/

Samsung can remotely disable their TVs worldwide using TV Block

Samsung says that it can disable any of its Samsung TV sets remotely using TV Block, a feature built into all television products sold worldwide. [...]

https://www.bleepingcomputer.com/news/security/samsung-can-remotely-disable-their-tvs-worldwide-using-tv-block/

Windows 10 KB5005932 fixes devices that can't install new updates

Microsoft has released the Windows 10 KB5005932 setup update to fix '"PSFX_E_MATCHING_BINARY_MISSING" errors when attempting to install the latest cumulative updates. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5005932-fixes-devices-that-cant-install-new-updates/

Fake OpenSea support staff are stealing cryptowallets and NFTs

OpenSea users are being targeted in an ongoing and aggressive Discord phishing attack to steal cryptocurrency funds and NFTs. [...]

https://www.bleepingcomputer.com/news/security/fake-opensea-support-staff-are-stealing-cryptowallets-and-nfts/

FIN8 cybercrime gang backdoors US orgs with new Sardonic malware

A financially motivated cybercrime gang has breached and backdoored the network of a US financial organization with a new malware known dubbed Sardonic by Bitdefender researchers who first spotted it. [...]

https://www.bleepingcomputer.com/news/security/fin8-cybercrime-gang-backdoors-us-orgs-with-new-sardonic-malware/

Ethereum urges Go devs to fix severe chain-split vulnerability

Ethreum project is urging developers to apply a hotfix to squash a high-severity vulnerability. The chain-split vulnerability tracked as CVE-2021-39137, impacts "Geth," the official Golang implementation of the Ethereum protocol. [...]

https://www.bleepingcomputer.com/news/security/ethereum-urges-go-devs-to-fix-severe-chain-split-vulnerability/

New Hampshire town loses $2.3 million to overseas scammers

Peterborough, a small New Hampshire town, has lost $2.3 million after BEC scammers redirected several bank transfers using forged documents sent to the town's Finance Department staff in multiple email exchanges. [...]

https://www.bleepingcomputer.com/news/security/new-hampshire-town-loses-23-million-to-overseas-scammers/

Critical F5 BIG-IP bug impacts customers in sensitive sectors

BIG-IP application services company F5 has fixed more than a dozen high-severity vulnerabilities in its networking device, one of them being elevated to critical severity under specific conditions. [...]

https://www.bleepingcomputer.com/news/security/critical-f5-big-ip-bug-impacts-customers-in-sensitive-sectors/

Microsoft will add secure preview for Office 365 quarantined emails

Microsoft is updating Defender for Office 365 to protect customers from embedded email threats while previewing quarantined emails. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-will-add-secure-preview-for-office-365-quarantined-emails/

Microsoft: ProxyShell bugs “might be exploited,” patch servers now!

Microsoft has finally published guidance today for the actively exploited ProxyShell vulnerabilities impacting multiple on-premises Microsoft Exchange versions. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-proxyshell-bugs-might-be-exploited-patch-servers-now/

Microsoft accidentally lowers OneDrive for Business storage limits

Microsoft is investigating an ongoing issue impacting OneDrive for Business customers and causing their storage space to shrink down to the default setting or switching them to read-only mode, forcing some to delete files to free up space to work on their projects. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-accidentally-lowers-onedrive-for-business-storage-limits/

Kaseya patches Unitrends server zero-days, issues client mitigations

American software company Kaseya has issued a security updates to patch server side Kaseya Unitrends vulnerabilities found by security researchers at the Dutch Institute for Vulnerability Disclosure (DIVD). [...]

https://www.bleepingcomputer.com/news/security/kaseya-patches-unitrends-server-zero-days-issues-client-mitigations/

Microsoft and Google to invest billions to bolster US cybersecurity

Executives and leaders from big tech, education, the finance sector, and infrastructure have committed to bolstering US interests' security during yesterday's White House cybersecurity summit. [...]

https://www.bleepingcomputer.com/news/security/microsoft-and-google-to-invest-billions-to-bolster-us-cybersecurity/

Western Digital confirms speed crippling SN550 SSD flash change

Western Digital has confirmed that it changed the NAND flash memory in one of its most popular M.2 NVMe SSD models, the WD Blue SN550, which crippled writing speeds according to several reports, leading to a 50% performance hit. [...]

https://www.bleepingcomputer.com/news/hardware/western-digital-confirms-speed-crippling-sn550-ssd-flash-change/

FBI shares technical details for Hive ransomware

The Federal Bureau of Investigation (FBI) has released some technical details and indicators of compromise associated with Hive ransomware attacks. [...]

https://www.bleepingcomputer.com/news/security/fbi-shares-technical-details-for-hive-ransomware/

Synology: Multiple products impacted by OpenSSL RCE vulnerability

Taiwan-based NAS maker Synology has revealed that recently disclosed remote code execution (RCE) and denial-of-service (DoS) OpenSSL vulnerabilities impact some of its products. [...]

https://www.bleepingcomputer.com/news/security/synology-multiple-products-impacted-by-openssl-rce-vulnerability/

Ragnarok ransomware releases master decryptor after shutdown

Ragnarok ransomware gang appears to have called it quits and released the master key that can decrypt files locked with their malware. [...]

https://www.bleepingcomputer.com/news/security/ragnarok-ransomware-releases-master-decryptor-after-shutdown/

Microsoft warns Azure customers of critical Cosmos DB vulnerability

Microsoft has warned thousands of Azure customers that a now-fixed critical vulnerability found in Cosmos DB allowed any user to remotely take over other users' databases by giving them full admin access without requiring authorization. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-azure-customers-of-critical-cosmos-db-vulnerability/

Fake DMCA complaints, DDoS threats lead to BazaLoader malware

Cybercriminals behind the BazaLoader malware came up with a new lure to trick website owners into opening malicious files: fake notifications about the site being engaged in distributed denial-of-service (DDoS) attacks. [...]

https://www.bleepingcomputer.com/news/security/fake-dmca-complaints-ddos-threats-lead-to-bazaloader-malware/

Windows 10 upgrades blocked by old CryptoPro SCP versions

Microsoft has applied a compatibility hold on systems running older versions of CryptoPro CSP, blocking them from being offered or installing Windows 10, version 2004 or later. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-upgrades-blocked-by-old-cryptopro-scp-versions/