Windows 11 KB5006746 update fixes gaming performance issues

Microsoft has released the optional KB5006746 cumulative update preview for Windows 11, fixing sixty-four issues, including AMD CPU performance and gaming issues. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5006746-update-fixes-gaming-performance-issues/

Evil Corp demands $40 million in new Macaw ransomware attacks

Evil Corp has launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments. [...]

https://www.bleepingcomputer.com/news/security/evil-corp-demands-40-million-in-new-macaw-ransomware-attacks/

Massive campaign uses YouTube to push password-stealing malware

Widespread malware campaigns are creating YouTube videos to distribute password-stealing trojans to unsuspecting viewers. [...]

https://www.bleepingcomputer.com/news/security/massive-campaign-uses-youtube-to-push-password-stealing-malware/

Microsoft: Windows 11 printing issues fixed in the KB5006746 update

Microsoft has fixed multiple known issues impacting printing on Windows 11 with the release of the optional KB5006746 cumulative update preview on Thursday. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-printing-issues-fixed-in-the-kb5006746-update/

CISA: GPS software bug may cause unexpected behavior this Sunday

The Cybersecurity and Infrastructure Security Agency (CISA) warned that GPS deices might experience issues over the weekend because of a timing bug impacting Network Time Protocol  (NTP) servers running the GPS Daemon (GPSD) software. [...]

https://www.bleepingcomputer.com/news/technology/cisa-gps-software-bug-may-cause-unexpected-behavior-this-sunday/

Microsoft Teams adds end-to-end encryption for one-to-one calls

Microsoft has announced the public preview roll-out of end-to-end encryption (E2EE) support for one-to-one Microsoft Teams calls. [...]

https://www.bleepingcomputer.com/news/security/microsoft-teams-adds-end-to-end-encryption-for-one-to-one-calls/

Italian celebs' data exposed in ransomware attack on SIAE

The Italian data protection authority Garante per la Protezione dei Dati Personali (GPDP) has announced an investigation into a data breach of the country's copyright protection agency. [...]

https://www.bleepingcomputer.com/news/security/italian-celebs-data-exposed-in-ransomware-attack-on-siae/

Google cuts Play Store dev fees to 15% for all subscriptions

Google announced that they are dropping the 30% flat service fee for in-app purchases or app sales to 15% starting January 1, 2022.  [...]

https://www.bleepingcomputer.com/news/google/google-cuts-play-store-dev-fees-to-15-percent-for-all-subscriptions/

Microsoft: WizardUpdate Mac malware adds new evasion tactics

Microsoft says it found new variants of macOS malware known as WizardUpdate (also tracked as UpdateAgent or Vigram), updated to use new evasion and persistence tactics. [...]

https://www.bleepingcomputer.com/news/security/microsoft-wizardupdate-mac-malware-adds-new-evasion-tactics/

Groove ransomware calls on all extortion gangs to attack US interests

The Groove ransomware gang is calling on other extortion groups to attack US interests after law enforcement took down REvil's infrastructure last week. [...]

https://www.bleepingcomputer.com/news/security/groove-ransomware-calls-on-all-extortion-gangs-to-attack-us-interests/

DarkSide ransomware rushes to cash out $7 million in Bitcoin

Almost $7 million worth of Bitcoin in a wallet controlled by DarkSide ransomware operators has been moved in what looks like a money laundering rollercoaster. [...]

https://www.bleepingcomputer.com/news/security/darkside-ransomware-rushes-to-cash-out-7-million-in-bitcoin/

SCUF Gaming store hacked to steal credit card info of 32,000 customers

SCUF Gaming International, a leading manufacturer of custom PC and console controllers, is notifying customers that its website was hacked in February to plant a malicious script used to steal their credit card information. [...]

https://www.bleepingcomputer.com/news/security/scuf-gaming-store-hacked-to-steal-credit-card-info-of-32-000-customers/

The Week in Ransomware - October 22nd 2021 - Striking back

Between law enforcement operations, REvil's second shut down, and ransomware gangs' response to the hacking of their servers, it has been quite the week. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-22nd-2021-striking-back/

FTC: ISPs collect and monetize far more user data than you’d think

The Federal Trade Commission (FTC) found that six largest internet service providers (ISPs) in the U.S. collect and share customers' personal data without providing them with info on how it's used or meaningful ways to control this process. [...]

https://www.bleepingcomputer.com/news/security/ftc-isps-collect-and-monetize-far-more-user-data-than-you-d-think/

Hacker sells the data for millions of Moscow drivers for $800

Hackers are selling a stolen database containing 50 million records of Moscow driver data on an underground forum for only $800. [...]

https://www.bleepingcomputer.com/news/security/hacker-sells-the-data-for-millions-of-moscow-drivers-for-800/

Popular NPM library hijacked to install password-stealers, miners

Hackers hijacked the popular UA-Parser-JS NPM library, with millions of downloads a week, to infect Linux and Windows devices with cryptominers and password-stealing trojans in a supply-chain attack. [...]

https://www.bleepingcomputer.com/news/security/popular-npm-library-hijacked-to-install-password-stealers-miners/

Microsoft 365 will get support for custom ARC configurations

Microsoft is working on adding custom Authenticated Received Chain (ARC) configuration support to Microsoft Defender for Office 365. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-365-will-get-support-for-custom-arc-configurations/

BlackMatter ransomware victims quietly helped using secret decryptor

Cybersecurity firm Emsisoft has been secretly decrypting BlackMatter ransomware victims since this summer, saving victims millions of dollars. [...]

https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-victims-quietly-helped-using-secret-decryptor/

Microsoft: Russian SVR hacked at least 14 IT supply chain firms since May

Microsoft says the Russian-backed Nobelium threat group behind last year's SolarWinds hack is still targeting the global IT supply chain, with 140 resellers and technology service providers attacked and at least 14 breached since May 2021. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-russian-svr-hacked-at-least-14-it-supply-chain-firms-since-may/

CISA urges admins to patch critical Discourse code execution bug

A critical Discourse remote code execution (RCE) vulnerability tracked as CVE-2021-41163 was fixed via an urgent update by the developer on Friday [...]

https://www.bleepingcomputer.com/news/security/cisa-urges-admins-to-patch-critical-discourse-code-execution-bug/

Hackers used billing software zero-day to deploy ransomware

An unknown ransomware group is exploiting a critical SQL injection bug found in the BillQuick Web Suite time and billing solution to deploy ransomware on their targets' networks in ongoing attacks. [...]

https://www.bleepingcomputer.com/news/security/hackers-used-billing-software-zero-day-to-deploy-ransomware/