Adwind Remote Access Trojan Hits Utilities Sector

Attackers are targeting entities from the utility industry with the Adwind Remote Access Trojan (RAT) malware via a malspam campaign that uses URL redirection to malicious payloads. [...]

https://www.bleepingcomputer.com/news/security/adwind-remote-access-trojan-hits-utilities-sector/

Scammer Tricks City Into $1 Million Wire Transfer

A scammer was able to successfully fooled the City of Saskatoon into transferring them a little over $1 million. They may not enjoy the wealth, though. [...]

https://www.bleepingcomputer.com/news/security/scammer-tricks-city-into-1-million-wire-transfer/

Severe Flaws in Kubernetes Expose All Servers to DoS Attacks

Two high severity security flaws impacting the Kubernetes open-source system for handling containerized apps can allow an unauthorized attacker to trigger a denial of services state remotely, without user interaction. [...]

https://www.bleepingcomputer.com/news/security/severe-flaws-in-kubernetes-expose-all-servers-to-dos-attacks/

Exposed Sphinx Servers Are No Challenge for Hackers

Attackers can take advantage of Sphinx web servers exposed on the internet to access, alter, or remove data in the database, warns CERT-Bund, Germany's computer emergency response team. [...]

https://www.bleepingcomputer.com/news/security/exposed-sphinx-servers-are-no-challenge-for-hackers/

Microsoft Patches Vulnerable Android Remote Desktop App

Microsoft updated the security advisory for an information disclosure vulnerability that previously impacted only Windows Remote Desktop Protocol clients to also include the Microsoft Remote Desktop for Android app. [...]

https://www.bleepingcomputer.com/news/security/microsoft-patches-vulnerable-android-remote-desktop-app/

Microsoft Releases First Chromium-Based Microsoft Edge Beta

The first Beta release of the new Chromium-based Microsoft Edge web browser is now available for Windows and macOS users after having already been downloaded over one million times while distributed through the Dev and Canary preview channels. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-first-chromium-based-microsoft-edge-beta/

Microsoft Fixes Corrupted Windows Defender Files When Using SFC

Microsoft has released a new Windows Defender update that fixes an issues with SFC /scannow detecting corrupted Windows Defender PowerShell files. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-corrupted-windows-defender-files-when-using-sfc/

Visa Adds New Threat Detection to Prevent Payment Fraud

Visa announced the addition of new fraud threat detection and blocking tech designed to boost transaction security and, implicitly, the integrity of its payments ecosystem. [...]

https://www.bleepingcomputer.com/news/security/visa-adds-new-threat-detection-to-prevent-payment-fraud/

Silence Advanced Hackers Attack Banks All Over the World

The activity of the advanced hacker group the researchers call Silence has increased significantly over the past year. Victims in the financial sector are scattered across more than 30 countries and financial losses have quintupled. [...]

https://www.bleepingcomputer.com/news/security/silence-advanced-hackers-attack-banks-all-over-the-world/

PokerTracker.com Hacked to Inject Payment Card Stealing Script

A curious case of web-based card skimming activity revealed that the Poker Tracker website had been compromised and loaded JavaScript that stole payment information from customers. [...]

https://www.bleepingcomputer.com/news/security/pokertrackercom-hacked-to-inject-payment-card-stealing-script/

Hackers Want $2.5 Million Ransom for Texas Ransomware Attacks

The threat actor that hit multiple Texas local governments with file-encrypting malwarelast week may have done it by compromising a managed service provider. The attacker demanded a collective ransom of $2.5 million, the mayor of a municipality says. [...]

https://www.bleepingcomputer.com/news/security/hackers-want-25-million-ransom-for-texas-ransomware-attacks/

Phishing Attacks Scrape Branded Microsoft 365 Login Pages

An unusual new phishing campaign is probing email inboxes via attacks using the targets' company-branded Microsoft 365 tenant login pages to add more legitimacy to the scam. [...]

https://www.bleepingcomputer.com/news/security/phishing-attacks-scrape-branded-microsoft-365-login-pages/

Windows 10 Insider Build 18965 Adds Restart Apps Sign-In Option

Microsoft is rolling out Windows 10 Insider Preview Build 18965 (20H1) to Insiders in the Fast ring, a build that now makes it possible to enable restarting apps at Windows sign-in. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-18965-adds-restart-apps-sign-in-option/

Second Steam Zero-Day Impacts Over 96 Million Windows Users

A second Steam Windows client zero-day privilege escalation vulnerability affecting over 96 million users has been publicly disclosed today by Russian researcher Vasily Kravets. [...]

https://www.bleepingcomputer.com/news/security/second-steam-zero-day-impacts-over-96-million-windows-users/

npm Pulls Malicious Package that Stole Login Passwords

A malicious package was removed today from the npm repository after it was discovered that stole login information from the computers it was installed on. [...]

https://www.bleepingcomputer.com/news/security/npm-pulls-malicious-package-that-stole-login-passwords/

Bitdefender Fixes Privilege Escalation Bug in Free Antivirus 2020

A vulnerability in the free version of Bitdefender Antivirus could be exploited by an attacker to get SYSTEM-level permissions, reserved for the most privileged account on a Windows machine. [...]

https://www.bleepingcomputer.com/news/security/bitdefender-fixes-privilege-escalation-bug-in-free-antivirus-2020/

Portland Public Schools Recovers $2.9 Million Lost in BEC Scam

Oregon urban school district Portland Public Schools is on track to recover roughly $2.9 million wired by district employees to a BEC scammer, after discovering the fraudulent transactions before the money left the fraudster's accounts. [...]

https://www.bleepingcomputer.com/news/security/portland-public-schools-recovers-29-million-lost-in-bec-scam/

GitHub Experienced Widespread Major Services Outage

The GitHub Git repository hosting platform experienced a widespread and major services outage impacting the Issues, PRs, Dashboard, Projects, and Notifications features. [...]

https://www.bleepingcomputer.com/news/technology/github-experienced-widespread-major-services-outage/

Google Twice Misses Android App with Open-Source Spyware Code

One Android app with spyware capabilities based on an open-source remote access tool (RAT) has twice thwarted the security of Google Play over a period of two weeks. [...]

https://www.bleepingcomputer.com/news/security/google-twice-misses-android-app-with-open-source-spyware-code/

Unpatched Squid Servers Exposed to DoS, Code Execution Attacks

Multiple versions of the Squid web proxy cache server built with Basic Authentication features are currently vulnerable to code execution and denial-of-service (DoS) attacks triggered by the exploitation of a heap buffer overflow security flaw. [...]

https://www.bleepingcomputer.com/news/security/unpatched-squid-servers-exposed-to-dos-code-execution-attacks/

Cisco Warns of Public Exploit Code for Critical Switch Flaws

Cisco updated the security advisories for three vulnerabilities patched in early August warning customers that its Product Security Incident Response Team (PSIRT) team is aware of public exploit code being available. [...]

https://www.bleepingcomputer.com/news/security/cisco-warns-of-public-exploit-code-for-critical-switch-flaws/