Microsoft: Russian SVR hacked at least 14 IT supply chain firms since May

Microsoft says the Russian-backed Nobelium threat group behind last year's SolarWinds hack is still targeting the global IT supply chain, with 140 resellers and technology service providers attacked and at least 14 breached since May 2021. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-russian-svr-hacked-at-least-14-it-supply-chain-firms-since-may/

CISA urges admins to patch critical Discourse code execution bug

A critical Discourse remote code execution (RCE) vulnerability tracked as CVE-2021-41163 was fixed via an urgent update by the developer on Friday [...]

https://www.bleepingcomputer.com/news/security/cisa-urges-admins-to-patch-critical-discourse-code-execution-bug/

Hackers used billing software zero-day to deploy ransomware

An unknown ransomware group is exploiting a critical SQL injection bug found in the BillQuick Web Suite time and billing solution to deploy ransomware on their targets' networks in ongoing attacks. [...]

https://www.bleepingcomputer.com/news/security/hackers-used-billing-software-zero-day-to-deploy-ransomware/

It's Windows XP's 20th birthday and way too many still use it

​Today is the 20th anniversary of Windows XP, and although the operating system reached the end of support in 2014, way too many people continue to use the insecure version of Windows. [...]

https://www.bleepingcomputer.com/news/microsoft/its-windows-xps-20th-birthday-and-way-too-many-still-use-it/

Microsoft Defender ATP adds live response for Linux and macOS

Microsoft has announced the addition of new live macOS and Linux response capabilities to Defender for Endpoint, , the enterprise version of Redmond's Windows 10 Defender antivirus. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-atp-adds-live-response-for-linux-and-macos/

South Korean telco KT suffers nationwide outage after routing error

The second-largest telecommunications provider in South Korea, KT Corporation, has suffered a nationwide outage today, leaving all its 16.5 million customers without internet connectivity and telephony services for about 40 minutes. [...]

https://www.bleepingcomputer.com/news/technology/south-korean-telco-kt-suffers-nationwide-outage-after-routing-error/

Millions of Android users targeted in subscription fraud campaign

A new SMS scam campaign relying upon 151 apps has been uncovered, with many of these apps managing to find their way into the Play Store where they amassed 10.5 million downloads. [...]

https://www.bleepingcomputer.com/news/security/millions-of-android-users-targeted-in-subscription-fraud-campaign/

Mozilla blocks malicious add-ons installed by 455K Firefox users

Mozilla blocked malicious Firefox add-ons installed by roughly 455,000 users after discovering in early June that they were abusing the proxy API to block Firefox updates. [...]

https://www.bleepingcomputer.com/news/security/mozilla-blocks-malicious-add-ons-installed-by-455k-firefox-users/

Australia drafts Online Privacy Bill to bolster data security

Australia's Attorney-General has submitted the first draft of a new Online Privacy Bill that contains striking reforms over existing privacy laws.  [...]

https://www.bleepingcomputer.com/news/security/australia-drafts-online-privacy-bill-to-bolster-data-security/

FBI: Ranzy Locker ransomware hit at least 30 US companies this year

The FBI said on Monday that Ranzy Locker ransomware operators had compromised at least 30 US companies this year from various industry sectors. [...]

https://www.bleepingcomputer.com/news/security/fbi-ranzy-locker-ransomware-hit-at-least-30-us-companies-this-year/

Money launderers for Russian hacking groups arrested in Ukraine

The Ukrainian cybercrime police force has arrested members of a group of money launderers and hackers at the request of U.S. intelligence services.  [...]

https://www.bleepingcomputer.com/news/security/money-launderers-for-russian-hacking-groups-arrested-in-ukraine/

Police arrest 150 dark web vendors of illegal drugs and guns

Law enforcement authorities arrested 150 suspects allegedly involved in selling and buying illicit goods on DarkMarket, the largest illegal marketplace on the dark web when it was taken down in January 2021. [...]

https://www.bleepingcomputer.com/news/security/police-arrest-150-dark-web-vendors-of-illegal-drugs-and-guns/

Microsoft is force installing PC Health Check in Windows 10

Microsoft has begun force installing the PC Health Check application on Windows 10 devices using a new KB5005463 update. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-is-force-installing-pc-health-check-in-windows-10/

Researcher cracked 70% of WiFi networks sampled in Tel Aviv

A researcher has managed to crack 70% of a 5,000 WiFi network sample in his hometown, Tel Aviv, to prove that home networks are severely unsecured and easy to hijack. [...]

https://www.bleepingcomputer.com/news/security/researcher-cracked-70-percent-of-wifi-networks-sampled-in-tel-aviv/

North Korean state hackers start targeting the IT supply chain

North Korean-sponsored Lazarus hacking group has switched focus on new targets and was observed by Kaspersky security researchers expanding its supply chain attack capabilities. [...]

https://www.bleepingcomputer.com/news/security/north-korean-state-hackers-start-targeting-the-it-supply-chain/

Windows 10 KB5006738 released with fixes for printing issues

Microsoft has released the optional KB5006738 Preview cumulative update for Windows 10 2004, Windows 10 20H2, and Windows 10 21H1. Microsoft says this update and a separate Windows Server preview update will fix all outstanding printing issues affecting users since they mitigated the PrintNightmare vulnerabilities. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5006738-released-with-fixes-for-printing-issues/

Prepare for 5 cybersecurity certifications with this bundle

With The Ultimate 2021 Cyber Security Survival Training Bundle, you get full prep for five top certifications. The included content is worth a total of $495, but you can get it today for only $29.99. [...]

https://www.bleepingcomputer.com/news/security/prepare-for-5-cybersecurity-certifications-with-this-bundle/

Brutal WordPress plugin bug allows subscribers to wipe sites

A high severity security flaw found in a WordPress plugin with more than 8,000 active installs can let authenticated attackers reset and wipe vulnerable websites. [...]

https://www.bleepingcomputer.com/news/security/brutal-wordpress-plugin-bug-allows-subscribers-to-wipe-sites/

Spammers use Squirrelwaffle malware to drop Cobalt Strike

A new malware threat named Squirrelwaffle has emerged in the wild, supporting actors with an initial foothold and a way to drop malware onto compromised systems and networks. [...]

https://www.bleepingcomputer.com/news/security/spammers-use-squirrelwaffle-malware-to-drop-cobalt-strike/

Iranian gas stations out of service after distribution network hacked

Gas stations from the National Iranian Oil Products Distribution Company (NIOPDC) have stopped working today due to what appears to be a cyberattack that affected the entire distribution network. [...]

https://www.bleepingcomputer.com/news/security/iranian-gas-stations-out-of-service-after-distribution-network-hacked/

Telegram launches advertising program for public channels

Telegram has launched a new advertising program dubbed Ad Platform and offering the opportunity to display sponsored messages on the instant-messaging platform. [...]

https://www.bleepingcomputer.com/news/software/telegram-launches-advertising-program-for-public-channels/