New Karma ransomware group likely a Nemty rebrand

Threat analysts at Sentinel Labs have found evidence of the Karma ransomware being just another evolutionary step in the strain that started as JSWorm, became Nemty, then Nefilim, Fusion, Milihpen, and most recently, Gangbang. [...]

https://www.bleepingcomputer.com/news/security/new-karma-ransomware-group-likely-a-nemty-rebrand/

FBI warns of fake govt sites used to steal financial, personal data

The FBI warned the US public that threat actors actively use fake and spoofed unemployment benefit websites to harvest sensitive financial and personal information from unsuspecting victims. [...]

https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-govt-sites-used-to-steal-financial-personal-data/

Man gets 7 years in prison for hacking 65K health care employees

Justin Sean Johnson, also known as TheDearthStar and Dearthy Star, was sentenced this week to seen years in prison for the 2014 hack of the health care provider and insurer University of Pittsburgh Medical Center (UPMC). [...]

https://www.bleepingcomputer.com/news/security/man-gets-7-years-in-prison-for-hacking-65k-health-care-employees/

China's VPN market now open to foreign investment

The central government of China in Beijing has announced a decision to allow foreign entities to invest in the ownership of VPN (virtual private network) services in the country. [...]

https://www.bleepingcomputer.com/news/government/chinas-vpn-market-now-open-to-foreign-investment/

LightBasin hacking group breaches 13 global telecoms in two years

A group of hackers that security researchers call LightBasin has been compromising mobile telecommunication systems across the world for the past five years. [...]

https://www.bleepingcomputer.com/news/security/lightbasin-hacking-group-breaches-13-global-telecoms-in-two-years/

BlackByte ransomware decryptor released to recover files for free

A free decryptor for the BlackByte ransomware has been released, allowing past victims to recover their files for free. [...]

https://www.bleepingcomputer.com/news/security/blackbyte-ransomware-decryptor-released-to-recover-files-for-free/

About 26% of all malicious JavaScript threats are obfuscated

A research that analyzed over 10,000 samples of diverse malicious software written in JavaScript concluded that roughly 26% of it is obfuscated to evade detection and analysis.  [...]

https://www.bleepingcomputer.com/news/security/about-26-percent-of-all-malicious-javascript-threats-are-obfuscated/

Acer hacked twice in a week by the same threat actor

Acer has suffered a second cyberattack in just a week by the same hacking group that says other regions are vulnerable. [...]

https://www.bleepingcomputer.com/news/security/acer-hacked-twice-in-a-week-by-the-same-threat-actor/

Brave ditches Google for its own privacy-centric search engine

Brave Browser has replaced Google with its own no-tracking privacy-centric Brave Search as the default search engine for new users in five regions. [...]

https://www.bleepingcomputer.com/news/software/brave-ditches-google-for-its-own-privacy-centric-search-engine/

Zerodium wants zero-day exploits for Windows VPN clients

In a short tweet today, exploit broker Zerodium said that it is looking to acquire zero-day exploits for vulnerabilities in three popular virtual private network (VPN) service providers on the market. [...]

https://www.bleepingcomputer.com/news/security/zerodium-wants-zero-day-exploits-for-windows-vpn-clients/

Newer PurpleFox botnet variants leverage WebSockets for coms

The PurpleFox botnet has refreshed its arsenal with new vulnerability exploits and dropped payloads, now also leveraging WebSockets for C2 bidirectional communication. [...]

https://www.bleepingcomputer.com/news/security/newer-purplefox-botnet-variants-leverage-websockets-for-coms/

Microsoft 365 will get enhanced insider risk management tools

Microsoft is updating Microsoft 365 to allow admins to better manage insider security threats in their environments with improvements to risky activity detection and visibility. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-365-will-get-enhanced-insider-risk-management-tools/

New Gummy Browser attack lets hackers spoof tracking profiles

University researchers in the US have developed a new fingerprint capturing and browser spoofing attack called Gummy Browsers. They warn how easy the attack is to carry out and the severe implications it can have. [...]

https://www.bleepingcomputer.com/news/security/new-gummy-browser-attack-lets-hackers-spoof-tracking-profiles/

Google: YouTubers’ accounts hijacked with cookie-stealing malware

Google says YouTube creators have been targeted with password-stealing malware in phishing attacks coordinated by financially motivated threat actors since at least late 2019. [...]

https://www.bleepingcomputer.com/news/security/google-youtubers-accounts-hijacked-with-cookie-stealing-malware/

Political-themed actor using old MS Office flaw to drop multiple RATs

A novel threat actor with unclear motives has been discovered running a crimeware campaign which delivers multiple Windows and Android RATs (remote access tools) through the exploitation of CVE-2017-11882. [...]

https://www.bleepingcomputer.com/news/security/political-themed-actor-using-old-ms-office-flaw-to-drop-multiple-rats/

Microsoft: Old Windows updates now expire to improve speed, security

Microsoft says it regularly evaluates Windows updates for expiration to make the entire update process faster and safer by removing older releases that have already been superseded by newer packages. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-old-windows-updates-now-expire-to-improve-speed-security/

DDoS attacks against Russian firms have almost tripled in 2021

A report analyzing data from the start of the year concludes that distributed denial-of-service (DDoS) attacks on Russian companies have increased 2.5 times compared to the same period last year. [...]

https://www.bleepingcomputer.com/news/security/ddos-attacks-against-russian-firms-have-almost-tripled-in-2021/

US govt to ban export of hacking tools to authoritarian regimes

The Commerce Department's Bureau of Industry and Security (BIS) today announced export controls for software and hardware tools that could be used for malicious hacking activities. [...]

https://www.bleepingcomputer.com/news/security/us-govt-to-ban-export-of-hacking-tools-to-authoritarian-regimes/

Hands on with Microsoft's Android app support in Windows 11

Microsoft has released its first preview build of the Windows Subsystem for Android, allowing you to run Android apps directly on your desktop. [...]

https://www.bleepingcomputer.com/news/microsoft/hands-on-with-microsofts-android-app-support-in-windows-11/

Windows 11 Subsystem for Android lets you sideload apps - Here's how

Microsoft has released the first preview version of the Windows Subsystem for Android for Windows 11 Insiders, and one of the more interesting features is that you can sideload Android apps. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-subsystem-for-android-lets-you-sideload-apps-heres-how/

Bulletproof hosting admins sentenced for helping cybercrime gangs

Two Eastern European men were sentenced to prison on Racketeer Influenced Corrupt Organization (RICO) charges for bulletproof hosting services used by multiple cybercrime operations to target US organizations. [...]

https://www.bleepingcomputer.com/news/security/bulletproof-hosting-admins-sentenced-for-helping-cybercrime-gangs/