Former IT Employee Jailed for Taking Down Airline Systems

Scott Burns, a former employee of information and communications technology (ICT) provider Blue Chip was sentenced to 10 months in prison for taking down the computers of British airline Jet2.com Limited (aka Jet2) for over 12 hours. [...]

https://www.bleepingcomputer.com/news/security/former-it-employee-jailed-for-taking-down-airline-systems/

Windows Remote Desktop Services Used for Fileless Malware Attacks

Threat actors breaching company networks are deploying a cornucopia of malware over the remote desktop protocol (RDP), without leaving a trace on target hosts. [...]

https://www.bleepingcomputer.com/news/security/windows-remote-desktop-services-used-for-fileless-malware-attacks/

Tokyo 2020 Staff Warns of Phishing Disguised As Official Emails

Tokyo 2020 Summer Olympics staff published a warning today alerting of an ongoing phishing campaign delivering emails designed to look like they're coming from the Tokyo Organizing Committee of the Olympic and Paralympic Games (Tokyo 2020)​​​​​​​. [...]

https://www.bleepingcomputer.com/news/security/tokyo-2020-staff-warns-of-phishing-disguised-as-official-emails/

GozNym Gang Members Behind $100 Million Damages Sentenced

Three members of a cybercrime group that used the GozNym banking Trojan to steal millions from U.S. businesses were sentenced today in parallel and multi-national prosecutions in Pittsburgh and Tbilisi, Georgia. [...]

https://www.bleepingcomputer.com/news/security/goznym-gang-members-behind-100-million-damages-sentenced/

Apple Blackmailed for $100K in iTunes Cards to Avoid 'Data Leak'

22-year old Londoner Kerem Albayrak was sentenced today after attempting to blackmail Apple by threatening to factory reset 319 million iCloud accounts and selling the users' data. [...]

https://www.bleepingcomputer.com/news/security/apple-blackmailed-for-100k-in-itunes-cards-to-avoid-data-leak/

The Week in Ransomware - December 20th 2019 - Attacks Everywhere

This week's ransomware news continues to be dominated by targeted ransomware attacks against hospitals, cities, and businesses and the new tactic of releasing victim's data if they do not pay. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-20th-2019-attacks-everywhere/

How to Place Calls From Windows 10 Using the Your Phone App

Microsoft's Your Phone is an app designed for Windows 10 that lets you see Android phone notifications, photos and messages on your desktop. It also comes with the handy ability to mirror Android apps to your Windows 10 device. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-place-calls-from-windows-10-using-the-your-phone-app/

PayPal Phishing Attack Promises to Secure Accounts, Steals Everything

An ongoing phishing campaign is targeting PayPal customers with emails camouflaged as 'unusual activity' alerts warning them of suspicious logins from unknown devices and attempting to squeeze them dry of all their credentials and financial info. [...]

https://www.bleepingcomputer.com/news/security/paypal-phishing-attack-promises-to-secure-accounts-steals-everything/

Dropbox Zero-Day Vulnerability Gets Temporary Fix

A zero-day vulnerability exists in Dropbox for Windows that allows attackers to gain permissions reserved to SYSTEM, the most privileged account on the operating system. [...]

https://www.bleepingcomputer.com/news/security/dropbox-zero-day-vulnerability-gets-temporary-fix/

Cisco Security Appliances Targeted for DoS Attacks via Old Bug

A critical vulnerability fixed in mid-2018 has been resurrected recently in denial-of-service and information disclosure attempts against Cisco's appliances Adaptive Security (ASA) and Firepower. [...]

https://www.bleepingcomputer.com/news/security/cisco-security-appliances-targeted-for-dos-attacks-via-old-bug/

Avast and AVG Firefox Extensions Added Back to Mozilla Addons Site

Mozilla has allowed the AVG and Avast Online Security extensions back into their addons site after the extensions reduced the amount of tracking data being sent to Avast's and AVG's servers. [...]

https://www.bleepingcomputer.com/news/security/avast-and-avg-firefox-extensions-added-back-to-mozilla-addons-site/

One Day, Three Credit Card Data Breach Notifications

On the same day this week, two restaurants and a convenience store, all with locations across the U.S., disclosed security breach incidents that may have enabled attackers to steal customer payment card data. [...]

https://www.bleepingcomputer.com/news/security/one-day-three-credit-card-data-breach-notifications/

Two-Year Long Phishing Campaign Impersonates Canadian Banks

Canadian banks are being impersonated in a phishing campaign targeting both individuals and businesses via a large-scale infrastructure shared with previous attacks going back to 2017 and pointing to the same attackers. [...]

https://www.bleepingcomputer.com/news/security/two-year-long-phishing-campaign-impersonates-canadian-banks/

New Mozi P2P Botnet Takes Over Netgear, D-Link, Huawei Routers

Netgear, D-Link, and Huawei routers are actively being probed for weak Telnet passwords and taken over by a new peer-to-peer (P2P) botnet dubbed Mozi and related to the Gafgyt malware as it reuses some of its code. [...]

https://www.bleepingcomputer.com/news/security/new-mozi-p2p-botnet-takes-over-netgear-d-link-huawei-routers/

Uptick Seen in ISO Email Attachments Delivering Malware

Security researchers analyzing malicious spam campaigns noticed an increase in delivering malware in disk image file formats, .ISO being the most prevalent. [...]

https://www.bleepingcomputer.com/news/security/uptick-seen-in-iso-email-attachments-delivering-malware/

FBI Issues Alert For LockerGoga and MegaCortex Ransomware

The FBI has issued a warning to private industry recipients to provide information and guidance on the LockerGoga and MegaCortex Ransomware. [...]

https://www.bleepingcomputer.com/news/security/fbi-issues-alert-for-lockergoga-and-megacortex-ransomware/

Critical Citrix Flaw May Expose Thousands of Firms to Attacks

A newly discovered vulnerability impacting the Citrix Application Delivery Controller (NetScaler ADC) and the Citrix Gateway (NetScaler Gateway) could potentially expose the networks of over 80,000 firms to hacking attacks. [...]

https://www.bleepingcomputer.com/news/security/critical-citrix-flaw-may-expose-thousands-of-firms-to-attacks/

NVIDIA Patches High Severity Vulnerability in GeForce Experience

NVIDIA today issued a security update for the Windows NVIDIA GeForce Experience (GFE) app designed to patch a vulnerability that could allow potential local attackers to trigger a denial of service (DoS) state or escalate privileges on systems running unpatched software. [...]

https://www.bleepingcomputer.com/news/security/nvidia-patches-high-severity-vulnerability-in-geforce-experience/

Resurrected PowerShell Empire Framework Converted to Python 3

Hackers of all sorts are getting an early Christmas present this year in the form of a resurrected PowerShell Empire post-exploitation framework all wrapped up in Python 3. [...]

https://www.bleepingcomputer.com/news/security/resurrected-powershell-empire-framework-converted-to-python-3/

Make Your Own Google Chrome Extension to Show WWW Again

If you are frustrated that Google Chrome no longer shows the WWW subdomain or http and https in the address bar, you can easily create your own Chrome extension that enables them again. [...]

https://www.bleepingcomputer.com/news/software/make-your-own-google-chrome-extension-to-show-www-again/

Emotet Reigns in Sandbox's Top Malware Threats of 2019

Any.Run, a public service that allows interaction with malware running in a sandbox for analysis purposes, compiled a list with the top 10 most prevalent threats uploaded to the platform. At the head of the list is Emotet. [...]

https://www.bleepingcomputer.com/news/security/emotet-reigns-in-sandboxs-top-malware-threats-of-2019/