Fake Windows PC Cleaner Drops AZORult Info-Stealing Trojan

Researchers have discovered a web site pushing a PC cleaner tool for Windows that in reality is just a front for the Azorult password and information stealing Trojan. [...]

https://www.bleepingcomputer.com/news/security/fake-windows-pc-cleaner-drops-azorult-info-stealing-trojan/

Europeans Hit with Multi-Stage Malware Loader via Signed Malspam

Multiple malicious spam campaigns using signed emails have been observed while distributing the GootKit (aka talalpek or Xswkit) banking Trojan with the help of a multi-stage malware loader dubbed JasperLoader over the past few months. [...]

https://www.bleepingcomputer.com/news/security/europeans-hit-with-multi-stage-malware-loader-via-signed-malspam/

Microsoft Asks Users to Call Windows 10 Devs About Taskbar Experience

Microsoft has started to display notifications in the action center asking Insiders to schedule a call with Windows 10 developers in order to provide feedback regarding the Taskbar experience. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-asks-users-to-call-windows-10-devs-about-taskbar-experience/

Windows Security Update Caused Recent Antivirus Conflicts and Freezes

According to an updated McAfee support bulletin, a Windows security update for the Windows Client Server Run-Time Subsystem (CSRSS) service appears to have caused the recent conflicts between enterprise antivirus software and Windows. [...]

https://www.bleepingcomputer.com/news/software/windows-security-update-caused-recent-antivirus-conflicts-and-freezes/

Breaches, ID Theft & Malware: Schools At Risk From Vulnerabilities

K-12 educational institutions aren't fairing well either, as a U.S. school district becomes the victim of a cyberattack approximately every three days. The cyber incidents range from data breaches to phishing scams to ransomware attacks. Many of the incidents are hugely consequential, resulting in the theft of millions of taxpayer do [...]

https://www.bleepingcomputer.com/news/security/breaches-id-theft-and-malware-schools-at-risk-from-vulnerabilities/

Google Chrome 74 Now Synchronizes with Windows 10 Dark Mode

When Chrome 74 was released last week it contained the highly anticipated Dark Mode synchronization with Windows 10 color settings. For many, though, when changing the color settings in Windows 10 to Dark, Chrome would not automatically switch to the Dark Mode. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-74-now-synchronizes-with-windows-10-dark-mode/

Tech Support Scammers Freeze Browsers Using Iframes

Tech support scammers are using iframes to lock web browsers and to trick people into calling their support hotlines posing as legitimate services to have their computers fixed after being presented with a "computer has been blocked" alert. [...]

https://www.bleepingcomputer.com/news/security/tech-support-scammers-freeze-browsers-using-iframes/

Windows 10 Users Avoiding October 2018 Update Shows Report

A new report indicates that the majority of users are continuing to use the Windows 10 April 2018 Update rather than upgrading to the latest October 2018 update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-users-avoiding-october-2018-update-shows-report/

Exposed Database Leaks Addresses, Income Info of Millions of Americans

A publicly-accessible database with information on roughly 80 million American households has been discovered on a Microsoft cloud server, representing more than half of the total number of U.S. households. [...]

https://www.bleepingcomputer.com/news/security/exposed-database-leaks-addresses-income-info-of-millions-of-americans/

Botnet of Over 100K Devices Used to DDoS Electrum Servers

The malicious actors behind the DDoS attacks against Electrum Bitcoin wallet users have switched to a new malware loader for their botnet Trojan, after previously using the Smoke Loader tool and the RIG exploit kit. [...]

https://www.bleepingcomputer.com/news/security/botnet-of-over-100k-devices-used-to-ddos-electrum-servers/

Crooks Build Fake Hack Tools and Game Cheats for Profit

Knowing that many people want to get something for nothing, a common tactic is for attackers to create fake hack tools or cheats for games and sites. While users think they are using these tools to hack sites and games to earn free likes, money, or awards, in reality the attackers are just stealing the user's login credentials. [...]

https://www.bleepingcomputer.com/news/security/crooks-build-fake-hack-tools-and-game-cheats-for-profit/

$1.75 Million Stolen by Crooks in Church BEC Attack

Hackers have stolen $1.75 million from the Saint Ambrose Catholic Parish following a successful BEC (Business Email Compromise) attack which was discovered on April 17 after payments related to the church's Vision 2020 project were not received by a contractor. [...]

https://www.bleepingcomputer.com/news/security/175-million-stolen-by-crooks-in-church-bec-attack/

New Phishing Campaign From 'FBI Director Wray' is Hysterical

We regularly write about phishing emails at BleepingComputer.com in order to warn our readers about ongoing threats. Many scam emails are well crafted and their associated phishing sites are spot on, but sometimes you see ones that are so ridiculous that you have no choice but to laugh. [...]

https://www.bleepingcomputer.com/news/security/new-phishing-campaign-from-fbi-director-wray-is-hysterical/

Google Docs Says Chromium-Based Microsoft Edge Is Not Supported

When users of the Chromium-based Microsoft Edge use Google Docs, the service is stating that the browser is not supported. As the new Microsoft Edge uses the same HTML engine as Chrome and is clearly supported, some users feel that Google is playing unfairly. [...]

https://www.bleepingcomputer.com/news/microsoft/google-docs-says-chromium-based-microsoft-edge-is-not-supported/

Emotet Trojan Is the Most Prevalent Threat in Healtcare Systems

Almost 80% of the malware affecting computer systems in the healthcare industry are trojans and the most common of them is Emotet, a report today shows. [...]

https://www.bleepingcomputer.com/news/security/emotet-trojan-is-the-most-prevalent-threat-in-healtcare-systems/

Microsoft 365 Adds More Control Over Encrypted Emails, Increases Privacy

Microsoft announced the arrival of a number of extra Microsoft 365 options and controls for organizations designed to provide them with better and stronger data privacy and compliance practices, with control over encrypted emails shared outside an organization being the one that stands out. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-365-adds-more-control-over-encrypted-emails-increases-privacy/

GitHub-Hosted Malware Targets Accountants With Ransomware

Threat actors ran a malvertising campaign on the Russian Yandex.Direct advertising network starting October 2018 to disseminate a malware cocktail designed to encrypt victims' data and steal cryptocurrency. [...]

https://www.bleepingcomputer.com/news/security/github-hosted-malware-targets-accountants-with-ransomware/

DHS Says Federal Agencies Have 15 Days to Fix Critical Flaws

The Department of Homeland Security' Cybersecurity and Infrastructure Security Agency issued the Binding Operational Directive 19-02 which requires federal agencies to remediate critical security vulnerabilities within 15 days since the initial detection. [...]

https://www.bleepingcomputer.com/news/security/dhs-says-federal-agencies-have-15-days-to-fix-critical-flaws/

Sodinokibi Ransomware Being Installed on Exploited WebLogic Servers

Attackers are exploiting a recently disclosed WebLogic vulnerability to install a new ransomware called Sodinokibi. As this vulnerability is trivial to exploit, it is important that server admins install the patch immediately in order to prevent infections or unauthorized access. [...]

https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-being-installed-on-exploited-weblogic-servers/

Sophos UTM 9.602 Released That Fixes 3 Vulnerabilities

An update for Sophos UTM has been released that resolves three vulnerabilities in the network security platform. Two of these vulnerabilities are related to bundled open source software and a third is for a component related to inbound mail processing. [...]

https://www.bleepingcomputer.com/news/security/sophos-utm-9602-released-that-fixes-3-vulnerabilities/

Polymorphic Magecart Skimmer Uses Over Fifty Payment Gateways

A novel Magecart skimmer script with support for 57 payment gateways from all over the world, ranging from the highly popular Stripe to local payment processors from Germany, Australia, Brazil, the United States, UK, and many others. [...]

https://www.bleepingcomputer.com/news/security/polymorphic-magecart-skimmer-uses-over-fifty-payment-gateways/