Turla Espionage Group Hacks OilRig APT Infrastructure

Security researchers tracking activities of various nation-state cyber-espionage groups found evidence suggesting that the Turla group hijacked the infrastructure of OilRig hackers to compromise a target both actors were interested in. [...]

https://www.bleepingcomputer.com/news/security/turla-espionage-group-hacks-oilrig-apt-infrastructure/

DanaBot Banking Trojan Upgraded with ‘Non Ransomware’ Module

A new malicious campaign is distributing an upgraded variant of DanaBot that comes with a new ransomware module used to target potential victims from Italy and Poland via phishing emails which deliver malware droppers. [...]

https://www.bleepingcomputer.com/news/security/danabot-banking-trojan-upgraded-with-non-ransomware-module/

Mozilla Firefox 67.0.4 Fixes Second Actively Exploited Zero-Day

Mozilla has released Firefox 67.0.4 to fix a security vulnerability that has been used in targeted attacks against cryptocurrency firms such as Coinbase. Users of Firefox should immediately install this update. [...]

https://www.bleepingcomputer.com/news/security/mozilla-firefox-6704-fixes-second-actively-exploited-zero-day/

Windows 10 Will Now Notify Users When Version 1903 is Blocked

Windows Update will now alert Windows 10 users when a featured update such as the Windows 10 May 2019 Update, or version 1903, is blocked from being installed. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-will-now-notify-users-when-version-1903-is-blocked/

Desjardins Group Data Leak Exposes Info of 2.9 Million Members

Sensitive personal information of roughly 2.9 million Desjardins Group members was leaked after an employee disclosed it to people outside the organization without authorization.  [...]

https://www.bleepingcomputer.com/news/security/desjardins-group-data-leak-exposes-info-of-29-million-members/

Epic Games Sues YouTuber CBV for Selling Fortnite Cheats

In a lawsuit filed Tuesday, Epic Games is suing a YouTuber who goes by the name CBV for allegedly selling cheats Fornite and ruining the game for other users. [...]

https://www.bleepingcomputer.com/news/gaming/epic-games-sues-youtuber-cbv-for-selling-fortnite-cheats/

Windows 10 May Soon Let You Rename Virtual Desktops

If you use Windows 10 virtual desktops, you are going to be happy to hear that Microsoft is working on giving you the ability to rename them. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-may-soon-let-you-rename-virtual-desktops/

Botnet Uses SSH and ADB to Create Android Cryptomining Army

Researchers discovered a cryptocurrency mining botnet that uses the Android Debug Bridge (ADB) Wi-Fi interface and SSH connections to hosts stored in the known_hosts list to spread to other devices. [...]

https://www.bleepingcomputer.com/news/security/botnet-uses-ssh-and-adb-to-create-android-cryptomining-army/

Phishing Websites Increase Adoption of HTTPS

As the adoption of cryptographic protocols for secure website communication increased, cybercrooks also moved to HTTPS to keep their operation floating. [...]

https://www.bleepingcomputer.com/news/security/phishing-websites-increase-adoption-of-https/

Windows 10 May 2019 Cumulative Updates Break iSCSI SAN Connectivity

Microsoft published information on a new known issue that may cause connectivity issues for some Storage Area Network (SAN) devices via the Internet Small Computer System Interface (iSCSI). [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-may-2019-cumulative-updates-break-iscsi-san-connectivity/

Sodinokibi Ransomware Spreads Wide via Hacked MSPs, Sites, and Spam

With the GandCrab Ransomware having been shut down, other actors are looking to fill the hole left behind with their own ransomware. Such is the case with the Sodinokibi Ransomware, whose affiliates are using a wide range of tactics to distribute the ransomware and earn in a commission. [...]

https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-spreads-wide-via-hacked-msps-sites-and-spam/

Microsoft Warns of Campaign Dropping Flawedammyy Rat in Memory

Microsoft issued a warning about an active spam campaign that tries to infect Korean targets with a FlawedAmmyy RAT malware distributed via malicious XLS attachments. [...]

https://www.bleepingcomputer.com/news/security/microsoft-warns-of-campaign-dropping-flawedammyy-rat-in-memory/

BlueKeep Warnings Pay Off, Boost Patching in Enterprise Networks

The multiple warnings about patching Windows systems against the BlueKeep vulnerability (CVE-2019-0708) have not gone unheeded. Administrators of enterprise networks listened and updated most of the machines affected by the issue. [...]

https://www.bleepingcomputer.com/news/security/bluekeep-warnings-pay-off-boost-patching-in-enterprise-networks/

New LooCipher Ransomware Spreads Its Evil Through Spam

A new ransomware called LooCipher has been discovered that is actively being used in the wild to infect users. While it is not known exactly how this ransomware is being distributed, based on some of the files that were found, we believe it is through a spam campaign. [...]

https://www.bleepingcomputer.com/news/security/new-loocipher-ransomware-spreads-its-evil-through-spam/

Steam Phishing Campaign Steals Credentials, Hijacks Accounts

A new phishing campaign is doing the rounds on the Steam game distribution platform, attempting to trick people into handing over their credentials via a roulette-style game promising free keys. [...]

https://www.bleepingcomputer.com/news/security/steam-phishing-campaign-steals-credentials-hijacks-accounts/

The Week in Ransomware - June 21st 2019 - Backup, Backup, Backup!

This week's ransomware news was dominated by the release of the GandCrab 5.2 decryptor, the Sodinokibi Ransomware taking off, and a new ransomware called LooCipher spreading via spam. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-21st-2019-backup-backup-backup/

Google Says the Address Bar Suggestion Bug is Fixed - Is It?

A bug in the current version of Google Chrome has been causing address bar suggestions to prioritize search keywords over sites that you have frequented the most.  In a bug post update, a Google employee states that this issue has now been fixed. [...]

https://www.bleepingcomputer.com/news/google/google-says-the-address-bar-suggestion-bug-is-fixed-is-it/

WeTransfer Security Incident Sent Files to the Wrong People

In an embarrassing security incident, the WeTransfer file sharing service announced that for two days it was sending it's users shared files to the wrong people. As this service is used to transfer what are considered private, and potentially sensitive files, this could be a big privacy issue for affected users. [...]

https://www.bleepingcomputer.com/news/security/wetransfer-security-incident-sent-files-to-the-wrong-people/

Windows Terminal Is Here in It's Multi-Tabbed Console Glory

The much anticipated Windows Terminal Preview is here and I have to say, when it works, it's pretty awesome. While it shows great promise, as this is a very early preview, you should expect to see some bugs, crashes, and quirks that will be fixed in future builds. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-terminal-is-here-in-its-multi-tabbed-console-glory/

Tor Browser 8.5.3 Fixes a Sandbox Escape Vulnerability in Firefox

Tor Browser 8.5.3 has been released to fix a Sandbox Escape vulnerability in Firefox that was recently used as part of a targeted attack against cryptocurrency companies. As this vulnerability is actively being used, it is strongly advised that all Tor users upgrade to the latest version. [...]

https://www.bleepingcomputer.com/news/software/tor-browser-853-fixes-a-sandbox-escape-vulnerability-in-firefox/

OpenSSH to Keep Private Keys Encrypted at Rest in RAM

While this precaution is not a complete solution against hardware attacks, it does make it harder for an attacker to achieve success. [...]

https://www.bleepingcomputer.com/news/security/openssh-to-keep-private-keys-encrypted-at-rest-in-ram/