Public 10KBLAZE Exploits May Impact 90% of SAP Production Systems

Roughly 90% out of an estimated total of 1,000,000 SAP production systems could currently be at risk of being hacked by threat actors which can use a series of publicly released critical exploits dubbed 10KBLAZE to attack misconfigured SAP installations. [...]

https://www.bleepingcomputer.com/news/security/public-10kblaze-exploits-may-impact-90-percent-of-sap-production-systems/

Coinhive Dead but Browser-Based Cryptomining Still a Threat

Hacked routers running the Coinhive script for cryptocurrency mining have been injected with new code to mint digital coins after Coinhive service shut down. [...]

https://www.bleepingcomputer.com/news/security/coinhive-dead-but-browser-based-cryptomining-still-a-threat/

Qakbot Assembles Itself from Encrypted Halves to Evade Detection

A malware campaign was observed disseminating a new Qakbot banking Trojan variant which comes with a novel persistence technique that improves its evasion skills and makes its removal a lot more cumbersome according to researchers from Cisco Talos. [...]

https://www.bleepingcomputer.com/news/security/qakbot-assembles-itself-from-encrypted-halves-to-evade-detection/

Windows 10 1903 Rolling Out Improved Windows Update Controls

Microsoft has stated rolling out the "Download and install now" Windows Update feature to users of Windows 10 version 1903. This feature is part of Microsoft's new Windows Update experience that aims to provide more control over how and when updates are installed. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-1903-rolling-out-improved-windows-update-controls/

Decryptor for MegaLocker and NamPoHyu Virus Ransomware Released

Emsisoft has released a decryptor for the MegaLocker and NamPoHyu Virus ransomware that has been targeting exposed Samba servers. Victims can now use this decryptor to recover their files for free. [...]

https://www.bleepingcomputer.com/news/security/decryptor-for-megalocker-and-nampohyu-virus-ransomware-released/

Microsoft PM Explains Why Chromium Edge Can’t Run Google Earth

Chromium-based Microsoft Edge users who try to use Google Earth are welcomed by an error message and a link directing them to download Google's Chrome web browser. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-pm-explains-why-chromium-edge-can-t-run-google-earth/

Mozilla To Disable Firefox Add-Ons with Obfuscated Code

Mozilla will block Firefox add-ons that contain obfuscated code as part of the updated Add-on Policy that aims to rid the portal of malicious extensions. [...]

https://www.bleepingcomputer.com/news/security/mozilla-to-disable-firefox-add-ons-with-obfuscated-code/

Chrome Will Allow Sites to Check Your OS Dark Mode Settings

Google Chrome and Mozilla Firefox will soon support a new CSS media query called 'prefers-color-scheme' that let's sites know whether you prefer a dark mode, light mode, or have no preference. [...]

https://www.bleepingcomputer.com/news/software/chrome-will-allow-sites-to-check-your-os-dark-mode-settings/

Microsoft Ports Process Explorer and Monitor to Windows ARM64

Microsoft is looking to port the popular Sysinternals utilities to ARM64 so that they can run on Windows 10 on ARM. Screenshots posted to Twitter already show the Process Explorer and Process Monitor utilities ported to Windows ARM64. [...]

https://www.bleepingcomputer.com/news/software/microsoft-ports-process-explorer-and-monitor-to-windows-arm64/

Attackers Steal Payment Info from 200 College Campus Online Shops

The checkout pages of hundreds of U.S. and Canadian online campus stores powered by the PrismWeb e-commerce platform were injected by a hacking group with a JavaScript-based payment card skimming script. [...]

https://www.bleepingcomputer.com/news/security/attackers-steal-payment-info-from-200-college-campus-online-shops/

Microsoft Now Lets You Reply to Android Texts in Windows 10

Replying to text messages directly and inline from notifications displayed on PCs is rolling out this week for Windows 10 Insiders as Microsoft's Director of Program Management Microsoft Mobile eXperiences Vishnu Nath announced today. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-now-lets-you-reply-to-android-texts-in-windows-10/

Windows 10 1809 Cumulative Update KB4495667 Released With Fixes

As a Friday afternoon surprise, Microsoft has released the KB4495667 Cumulative Update for Windows 10 October 2018 and Windows Server 2019. While I have spotted it being available from Windows Update, as it has just started rolling out it may take some time to be available in all regions. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-1809-cumulative-update-kb4495667-released-with-fixes/

Attackers Wiping GitHub and GitLab Repos, Leave Ransom Notes

Attackers are targeting GitHub, GitLab, and Bitbucket users, wiping code and commits from multiple repositories according to reports and leaving behind only a ransom note and a lot of questions. [...]

https://www.bleepingcomputer.com/news/security/attackers-wiping-github-and-gitlab-repos-leave-ransom-notes/

The Week in Ransomware - May 3rd 2019 - Hello Dear Friend!

This week was an interesting week as we saw more ransomware being released that is targeting the enterprise, such as the Sodinokib Ransomware and MegaCortex. We also have good news as a decryptor for the MegaLocker and NamPoHyu Virus Ransomware were released. Serves them right for calling us devils! [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-3rd-2019-hello-dear-friend/

Firefox Addons Being Disabled Due to an Expired Certificate

Mozilla Firefox users are discovering that all of their addons were suddenly disabled. It turns out that this is being caused by an expired intermediary certificate used to sign Mozilla addons. [...]

https://www.bleepingcomputer.com/news/software/firefox-addons-being-disabled-due-to-an-expired-certificate/

New MegaCortex Ransomware Found Targeting Business Networks

A new ransomware has been discovered called MegaCortex that is targeting corporate networks and the workstations on them. Once a network is penetrated, the attackers infect the entire network by distributing the ransomware using Windows domain controllers. [...]

https://www.bleepingcomputer.com/news/security/new-megacortex-ransomware-found-targeting-business-networks/

Dark Web’s Wall Street Market & Valhalla Seized, Six Arrested

Servers of dark web marketplaces Wall Street Market and Valhalla have been seized by law enforcement agencies in Germany and Finland, and suspects have been arrested in Germany, the U.S. and Brazil. [...]

https://www.bleepingcomputer.com/news/security/dark-web-s-wall-street-market-and-valhalla-seized-six-arrested/

Alleged Ukrainian Malvertiser Extradited, Faces Hacking Charges

A 31-year old Ukrainian national named Oleksii Petrovich Ivanov who allegedly ran multiple malvertising campaigns between October 2013 through May 2018 was extradited to the U.S. from the Netherlands and is facing hacking charges. [...]

https://www.bleepingcomputer.com/news/security/alleged-ukrainian-malvertiser-extradited-faces-hacking-charges/

New Extortion Email Scam Threatens to Release Your Sex Tape

Scammers are now sending extortion emails stating that they have a tape of you and them having intercourse and are threatening to release it if you do not send them a $1,500 in bitcoins. [...]

https://www.bleepingcomputer.com/news/security/new-extortion-email-scam-threatens-to-release-your-sex-tape/

Firefox 66.0.4 Almost Ready With Fix for Disabled Addons

Mozilla Firefox 66.0.4 is being prepped for release and contains a fix for the expired intermediate signing certificate that caused everyone's addons to be disabled on Friday. [...]

https://www.bleepingcomputer.com/news/software/firefox-6604-almost-ready-with-fix-for-disabled-addons/

Israel Bombs Building as Retaliation for Hamas Cyber Attack

The Israel Defense Forces (IDF) announced that a building used by Hamas cyber operatives was bombed on Saturday as part of a joint retaliation operation with the Israel Security Agency (Shin Bet) and Unit 8200 of Military Intelligence, following a failed cyber attack against Israel. [...]

https://www.bleepingcomputer.com/news/security/israel-bombs-building-as-retaliation-for-hamas-cyber-attack/