Misconfigured Google Calendars Share Events With the World

Thousands of Google users are exposing the contents of their calendars to the public. The information is indexed by search engines and can include email addresses as well as private events from individuals and businesses. [...]

https://www.bleepingcomputer.com/news/security/misconfigured-google-calendars-share-events-with-the-world/

TFlower Ransomware - The Latest Attack Targeting Businesses

The latest ransomware targeting corporate environments is called TFlower and is being installed on networks after attackers hack into exposed Remote Desktop services. [...]

https://www.bleepingcomputer.com/news/security/tflower-ransomware-the-latest-attack-targeting-businesses/

Beware of Venmo Scams Targeting Users via Text Messages

A local police department in the U.S. are warning of a wave of phishing scams targeting users Venmo mobile payment service with text messages that direct to a fake website. [...]

https://www.bleepingcomputer.com/news/security/beware-of-venmo-scams-targeting-users-via-text-messages/

Windows 10 With Chinese IME Installed Causing High CPU Usage

Recent Windows 10 updates are causing the Input Method Editor (IME) for Chinese languages to become unresponsive or use a lot of CPU. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-with-chinese-ime-installed-causing-high-cpu-usage/

400 Million Medical Radiological Images Exposed on the Internet

An analysis of medical image storage systems exposed to the public web reveals that almost 600 servers in 52 countries are completely unprotected against unauthorized access. [...]

https://www.bleepingcomputer.com/news/security/400-million-medical-radiological-images-exposed-on-the-internet/

New TortoiseShell Group Hacks 11 IT Providers to Reach Their Customers

A newly discovered threat group that security researchers call TortoiseShell is compromising IT providers in what seems to be supply-chain attacks intended to reach the network of specific customers. [...]

https://www.bleepingcomputer.com/news/security/new-tortoiseshell-group-hacks-11-it-providers-to-reach-their-customers/

Smominru Mining Botnet In Cyber Turf War With Rival Malware

The Smominru mining botnet continues to wreck havoc on corporate machines by not only installing cryptominers, but also stealing credentials, installing backdoors, and making system configuration modifications that could affect the proper operation of an infected machine. [...]

https://www.bleepingcomputer.com/news/security/smominru-mining-botnet-in-cyber-turf-war-with-rival-malware/

Amadey Botnet Targets U.S. Taxpayers with Tax Refund Notice

A phishing campaign has been spotted recently delivering Amadey botnet malware to taxpayers in the U.S. through fake income tax refund emails. [...]

https://www.bleepingcomputer.com/news/security/amadey-botnet-targets-us-taxpayers-with-tax-refund-notice/

Microsoft Phishing Page Sends Stolen Logins Using JavaScript

A new landing page for a Microsoft account phishing scam has been discovered that utilizes the SmtpJS service to send stolen credentials via email to the attacker. [...]

https://www.bleepingcomputer.com/news/security/microsoft-phishing-page-sends-stolen-logins-using-javascript/

Windows Defender Antivirus Scans Broken After New Update

Microsoft has released a new update for Windows Defender that has broken both the Quick and Full antivirus scans. When users use these scan options, Windows Defender will only scan approximately 40 files. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-defender-antivirus-scans-broken-after-new-update/

Microsoft Acquires Semmle, GitHub Now a CVE Numbering Authority

Microsoft subsidiary GitHub announced today that it has become a CVE Numbering Authority and that it completed its acquisition of Semmle code-analysis platform. [...]

https://www.bleepingcomputer.com/news/security/microsoft-acquires-semmle-github-now-a-cve-numbering-authority/

Critical Bug In Harbor Container Registry Gives Admin Access

Attackers can exploit a critical security vulnerability in Harbor cloud native registry for container images to obtain admin privileges on a vulnerable hosting system. [...]

https://www.bleepingcomputer.com/news/security/critical-bug-in-harbor-container-registry-gives-admin-access/

Celebrity Instagram Accounts Being Hacked to Push Scams

The streak of hacked celebrity Instagram accounts continues as cybercriminals temporarily hijacked Nicole Scherzinger's social media profile and promised access to an alleged sex tape of the singer-songwriter. [...]

https://www.bleepingcomputer.com/news/security/celebrity-instagram-accounts-being-hacked-to-push-scams/

Emotet Trojan Evolves Since Being Reawakend, Here is What We Know

With the reawakening of the Emotet botnet, the distribution methods, payloads, malicious document templates, and email templates continue to evolve. This article will go over some of the changes that have been observed by various security researchers over the past couple of days. [...]

https://www.bleepingcomputer.com/news/security/emotet-trojan-evolves-since-being-reawakend-here-is-what-we-know/

Thinkful Resets All User Passwords After Security Breach

Online developer bootcamp company Thinkful is sending out email notifications that state an unauthorized user was able to gain access to employee accounts credentials. Due to this, they are requiring all users to reset their passwords the next time they login. [...]

https://www.bleepingcomputer.com/news/security/thinkful-resets-all-user-passwords-after-security-breach/

Windows 10 Insider Build 18985 Released With Improved Bluetooth Pairing

Microsoft has released Windows 10 Insider Preview Build 18985 (20H1) to Insiders in the Fast ring, which includes a new optional update experience, a Snip & Sketch update, and a new Bluetooth pairing experience. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-18985-released-with-improved-bluetooth-pairing/

Selfie Android Apps with 1.5M+ Installs Push Ads, Can Record Audio

A couple of Android apps found in Google Play included functionality that stealthy recording audio without user consent. The apps posed as selfie camera filters and had been installed over 1.5 million times. [...]

https://www.bleepingcomputer.com/news/security/selfie-android-apps-with-15m-installs-push-ads-can-record-audio/

Windows 10 is Getting a New Optional Update Experience

Microsoft is changing the windows update experience in Windows 10 so that "optional" updates are shown in a dedicated screen that will allow you to pick which update you would like to install [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-is-getting-a-new-optional-update-experience/

Forcepoint Fixes Privilege Escalation Bug in Windows VPN Client

A vulnerability affecting all versions of Forcepoint VPN Client for Windows, save the latest release, can be used to achieve persistence and evade detection. [...]

https://www.bleepingcomputer.com/news/security/forcepoint-fixes-privilege-escalation-bug-in-windows-vpn-client/

Twitter Removes State-backed Actors Conducting Information Campaigns

Twitter has removed another batch of state-sponsored actors performing information campaigns on Twitter.  The detected operations announced today involved Qatar, Iran, Yemen, Ecuador, Saudi Arabia, Spain, China, and Hong Kong. [...]

https://www.bleepingcomputer.com/news/technology/twitter-removes-state-backed-actors-conducting-information-campaigns/

Windows 7 and Server 2008 Get 0patch Security Fixes After EoS

Microsoft ending support for Windows 7 and Server 2008 early next year will also stop delivery of security patches through the normal channel. But users have an alternative to get security fixes on a regular basis in the form of micropatches. [...]

https://www.bleepingcomputer.com/news/security/windows-7-and-server-2008-get-0patch-security-fixes-after-eos/