Sodinokibi Ransomware Builds An All-Star Team of Affiliates

The Sodinokibi Ransomware (REvil) has been making news lately as they target the enterprise, MSPs, and government entities through their hand-picked team of all-star affiliates. These affiliates appear to have had a prior history with the GandCrab RaaS and use similar distribution methods. [...]

https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-builds-an-all-star-team-of-affiliates/

Zendesk Security Breach May Impact Orgs Like Uber, Slack, and FCC

Customer service software company Zendesk is sending users notifications regarding a security incident that might have impacted roughly 10,000 Zendesk Support and Chat accounts activated prior to November 1, 2016. [...]

https://www.bleepingcomputer.com/news/security/zendesk-security-breach-may-impact-orgs-like-uber-slack-and-fcc/

Windows 10X: Microsoft's New Windows OS for Dual-Screen PCs

At the Surface event in New York City, Microsoft announced Windows 10X, a new version of Windows 10 designed for dual-screen folding-screen devices. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10x-microsofts-new-windows-os-for-dual-screen-pcs/

Microsoft Launches New Dual-Screen Surface Devices

At today's Surface event in New York City, Microsoft unveiled the Surface Laptop 3, Surface Pro 7, Surface Pro X and two dual-screen devices. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-launches-new-dual-screen-surface-devices/

Microsoft 365 To Get Tenant-Wide Idle Session Timeout Feature

Microsoft is working on including a new tenant-wide idle session timeout feature for Microsoft 365 web apps to prevent information exposure that might stem from unauthorized access to systems left unattended. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-365-to-get-tenant-wide-idle-session-timeout-feature/

FBI Warns U.S. Organizations About High Impact Ransomware

The U.S. Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) issued a public service announcement today regarding the increasing number of high-impact ransomware attacks against public and private U.S. organizations.   [...]

https://www.bleepingcomputer.com/news/security/fbi-warns-us-organizations-about-high-impact-ransomware/

FTCode PowerShell Ransomware Resurfaces in Spam Campaign

An old PowerShell ransomware has resurfaced with a vengeance in a spam distribution aimed at Italian recipients. This ransomware is called FTCode and is completely PowerShell based, which means it can encrypt the computer without downloading any additional components. [...]

https://www.bleepingcomputer.com/news/security/ftcode-powershell-ransomware-resurfaces-in-spam-campaign/

Police Seize Bot Farm Behind Potentially Fatal Scam Messages

The cyber division of the Ukrainian police took to pieces an operation that made money by registering accounts used to send spam through various services, including email and social networks. [...]

https://www.bleepingcomputer.com/news/security/police-seize-bot-farm-behind-potentially-fatal-scam-messages/

Windows Activator Bundles Banker with C2 in YouTube Description

In their effort to hide the command and control (C2) server addresses, operators of a banking trojan placed them in fake websites and in descriptions for YouTube videos. [...]

https://www.bleepingcomputer.com/news/security/windows-activator-bundles-banker-with-c2-in-youtube-description/

Cyber-Spy Group Active Since 2013 Now Tied to Chinese State Actor

Multiple cyber-espionage campaigns that remained unattributed over the years have now been linked to a single threat actor that researchers named PKPLUG, attacking targets across Asia. [...]

https://www.bleepingcomputer.com/news/security/cyber-spy-group-active-since-2013-now-tied-to-chinese-state-actor/

Office 365 Admins Can Now Block Malicious Microsoft Query IQY Files

Microsoft has silently added new group policies to allow Office 365 admins to block Excel users from opening untrusted Microsoft Query files with IQY, OQY, DQY, and RQY extensions. [...]

https://www.bleepingcomputer.com/news/microsoft/office-365-admins-can-now-block-malicious-microsoft-query-iqy-files/

Microsoft Releases Windows Security Updates to Fix Printing Issue

Microsoft today released out of band security updates, cumulative updates, and monthly rollup updates to address a printing issue plaguing all Windows client and server versions acknowledged on September 30. [...]

https://www.bleepingcomputer.com/news/security/microsoft-releases-windows-security-updates-to-fix-printing-issue/

Windows 10 Insider Build 18995 Adds PIN Sign-ins to Safe Mode

Microsoft has released Windows 10 Insider Preview Build 18995 (20H1) to Insiders in the Fast ring, which now allows you to sign into Windows using your Windows Hello Pin even when in Safe Mode. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-18995-adds-pin-sign-ins-to-safe-mode/

Google Chrome to Gradually Start Blocking Mixed Content by Default

Google announced that the Chrome web browser will gradually start blocking HTTPS pages from loading insecure resources to improve the users' privacy and security while browsing the web. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-to-gradually-start-blocking-mixed-content-by-default/

'Lost Files' Data Wiper Poses as a Windows Security Scanner

A Windows Security Scanner that states it encrypted your files is being distributed by spam, but whether by bug or design, it instead corrupts binary data in a victim's files.  [...]

https://www.bleepingcomputer.com/news/security/lost-files-data-wiper-poses-as-a-windows-security-scanner/

Four U.S. Food Chains Disclose Payment Card Theft via PoS Malware

Hackers caused havoc at four restaurant chains in the U.S. over the summer after compromising their payment systems with malware that stole customers' payment card information. [...]

https://www.bleepingcomputer.com/news/security/four-us-food-chains-disclose-payment-card-theft-via-pos-malware/

Australian Govt Issues Android and iOS Security Hardening Guides

The Australian Signals Directorate (ASD)'s Australian Cyber Security Centre (ACSC) has published a set of two guides designed to help Australian government, commercial organizations, and enterprises harden the security of iOS and Android devices in their fleets. [...]

https://www.bleepingcomputer.com/news/security/australian-govt-issues-android-and-ios-security-hardening-guides/

Details of 92 Million Brazilians Auctioned on Underground Forums

Someone is offering to auction on underground forums a database containing personal information of 92 million Brazilian citizens. They claim that every record is real and unique. [...]

https://www.bleepingcomputer.com/news/security/details-of-92-million-brazilians-auctioned-on-underground-forums/

Novter Trojan Sets its Sights on Microsoft Windows Defender

The Novter Trojan, also known as Nodersok or Divergent, is the latest Trojan to actively target Microsoft's Windows Defender by attempting to disable it. [...]

https://www.bleepingcomputer.com/news/security/novter-trojan-sets-its-sights-on-microsoft-windows-defender/

Magecart Impacts Hundreds of Thousands of Websites, Still Growing

With over two million detections to date, compromising shopping sites' resources to steal customer payment card info is a global phenomenon unlikely to end soon. [...]

https://www.bleepingcomputer.com/news/security/magecart-impacts-hundreds-of-thousands-of-websites-still-growing/

Actively Exploited Android Zero-Day Impacts Google, Samsung Devices

Google's Threat Analysis Group (TAG) says that a new Android zero-day is actively being exploited in the wild in attacks targeting vulnerable Google Pixel, Huawei, Xiaomi, Samsung, Oppo, and Moto devices. [...]

https://www.bleepingcomputer.com/news/security/actively-exploited-android-zero-day-impacts-google-samsung-devices/