About 26% of all malicious JavaScript threats are obfuscated

A research that analyzed over 10,000 samples of diverse malicious software written in JavaScript concluded that roughly 26% of it is obfuscated to evade detection and analysis.  [...]

https://www.bleepingcomputer.com/news/security/about-26-percent-of-all-malicious-javascript-threats-are-obfuscated/

Acer hacked twice in a week by the same threat actor

Acer has suffered a second cyberattack in just a week by the same hacking group that says other regions are vulnerable. [...]

https://www.bleepingcomputer.com/news/security/acer-hacked-twice-in-a-week-by-the-same-threat-actor/

Brave ditches Google for its own privacy-centric search engine

Brave Browser has replaced Google with its own no-tracking privacy-centric Brave Search as the default search engine for new users in five regions. [...]

https://www.bleepingcomputer.com/news/software/brave-ditches-google-for-its-own-privacy-centric-search-engine/

Zerodium wants zero-day exploits for Windows VPN clients

In a short tweet today, exploit broker Zerodium said that it is looking to acquire zero-day exploits for vulnerabilities in three popular virtual private network (VPN) service providers on the market. [...]

https://www.bleepingcomputer.com/news/security/zerodium-wants-zero-day-exploits-for-windows-vpn-clients/

Newer PurpleFox botnet variants leverage WebSockets for coms

The PurpleFox botnet has refreshed its arsenal with new vulnerability exploits and dropped payloads, now also leveraging WebSockets for C2 bidirectional communication. [...]

https://www.bleepingcomputer.com/news/security/newer-purplefox-botnet-variants-leverage-websockets-for-coms/

Microsoft 365 will get enhanced insider risk management tools

Microsoft is updating Microsoft 365 to allow admins to better manage insider security threats in their environments with improvements to risky activity detection and visibility. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-365-will-get-enhanced-insider-risk-management-tools/

New Gummy Browser attack lets hackers spoof tracking profiles

University researchers in the US have developed a new fingerprint capturing and browser spoofing attack called Gummy Browsers. They warn how easy the attack is to carry out and the severe implications it can have. [...]

https://www.bleepingcomputer.com/news/security/new-gummy-browser-attack-lets-hackers-spoof-tracking-profiles/

Google: YouTubers’ accounts hijacked with cookie-stealing malware

Google says YouTube creators have been targeted with password-stealing malware in phishing attacks coordinated by financially motivated threat actors since at least late 2019. [...]

https://www.bleepingcomputer.com/news/security/google-youtubers-accounts-hijacked-with-cookie-stealing-malware/

Political-themed actor using old MS Office flaw to drop multiple RATs

A novel threat actor with unclear motives has been discovered running a crimeware campaign which delivers multiple Windows and Android RATs (remote access tools) through the exploitation of CVE-2017-11882. [...]

https://www.bleepingcomputer.com/news/security/political-themed-actor-using-old-ms-office-flaw-to-drop-multiple-rats/

Microsoft: Old Windows updates now expire to improve speed, security

Microsoft says it regularly evaluates Windows updates for expiration to make the entire update process faster and safer by removing older releases that have already been superseded by newer packages. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-old-windows-updates-now-expire-to-improve-speed-security/

DDoS attacks against Russian firms have almost tripled in 2021

A report analyzing data from the start of the year concludes that distributed denial-of-service (DDoS) attacks on Russian companies have increased 2.5 times compared to the same period last year. [...]

https://www.bleepingcomputer.com/news/security/ddos-attacks-against-russian-firms-have-almost-tripled-in-2021/

US govt to ban export of hacking tools to authoritarian regimes

The Commerce Department's Bureau of Industry and Security (BIS) today announced export controls for software and hardware tools that could be used for malicious hacking activities. [...]

https://www.bleepingcomputer.com/news/security/us-govt-to-ban-export-of-hacking-tools-to-authoritarian-regimes/

Hands on with Microsoft's Android app support in Windows 11

Microsoft has released its first preview build of the Windows Subsystem for Android, allowing you to run Android apps directly on your desktop. [...]

https://www.bleepingcomputer.com/news/microsoft/hands-on-with-microsofts-android-app-support-in-windows-11/

Windows 11 Subsystem for Android lets you sideload apps - Here's how

Microsoft has released the first preview version of the Windows Subsystem for Android for Windows 11 Insiders, and one of the more interesting features is that you can sideload Android apps. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-subsystem-for-android-lets-you-sideload-apps-heres-how/

Bulletproof hosting admins sentenced for helping cybercrime gangs

Two Eastern European men were sentenced to prison on Racketeer Influenced Corrupt Organization (RICO) charges for bulletproof hosting services used by multiple cybercrime operations to target US organizations. [...]

https://www.bleepingcomputer.com/news/security/bulletproof-hosting-admins-sentenced-for-helping-cybercrime-gangs/

Nine arrested for impersonating bank clerks to steal from the elderly

The Dutch Police have arrested nine people for targeting and stealing money from the elderly by impersonating bank employees. [...]

https://www.bleepingcomputer.com/news/security/nine-arrested-for-impersonating-bank-clerks-to-steal-from-the-elderly/

RAT malware spreading in Korea through webhards and torrents

An ongoing malware distribution campaign targeting South Korea is disguising RATs (remote access trojans) as an adult game shared via webhards and torrents. [...]

https://www.bleepingcomputer.com/news/security/rat-malware-spreading-in-korea-through-webhards-and-torrents/

Cybercrime matures as hackers are forced to work smarter

An analysis of 500 hacking incidents across a wide range of industries has revealed trends that characterize a maturity in the way hacking groups operate today. [...]

https://www.bleepingcomputer.com/news/security/cybercrime-matures-as-hackers-are-forced-to-work-smarter/

Google launches Android Enterprise bug bounty program

Google has announced the launch of its first vulnerability rewards program for Android Enterprise with bounties of up to $250,000. [...]

https://www.bleepingcomputer.com/news/security/google-launches-android-enterprise-bug-bounty-program/

FIN7 tries to trick pentesters into launching ransomware attacks

The FIN7 hacking group is attempting to join the highly profitable ransomware space by creating fake cybersecurity companies that conduct network attacks under the guise of pentesting. [...]

https://www.bleepingcomputer.com/news/security/fin7-tries-to-trick-pentesters-into-launching-ransomware-attacks/

Microsoft now defends nonprofits against nation-state attacks

Microsoft announced today a new security program for nonprofits to provide them with protection against nation-state attacks that have increasingly targeting them in recent years. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-now-defends-nonprofits-against-nation-state-attacks/