Microsoft Enables Security Defaults in Azure Active Directory

Microsoft introduced new secure default settings dubbed 'Security Defaults' to Azure Active Directory (Azure AD), now available for all license levels, including trial tenants. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-enables-security-defaults-in-azure-active-directory/

VVVVVV Source Code Released to Mark 10th Anniversary

Distractionware has released the source code for their VVVVVV platform game to mark its 10th anniversary. You can now download the game engine to make your own modifications or get a better understanding of how the game works. [...]

https://www.bleepingcomputer.com/news/gaming/vvvvvv-source-code-released-to-mark-10th-anniversary/

US Govt Warns of Attacks on Unpatched Pulse VPN Servers

The US Cybersecurity and Infrastructure Security Agency (CISA) today alerted organizations to patch their Pulse Secure VPN servers as a defense against ongoing attacks trying to exploit a known remote code execution (RCE) vulnerability. [...]

https://www.bleepingcomputer.com/news/security/us-govt-warns-of-attacks-on-unpatched-pulse-vpn-servers/

Beware of Amazon Prime Support Scams in Google Search Ads

A malicious ad campaign is underway in Google Search results that lead users to fake Amazon support sites and tech support scams. [...]

https://www.bleepingcomputer.com/news/security/beware-of-amazon-prime-support-scams-in-google-search-ads/

Sodinikibi Ransomware Hits New York Airport Systems

Albany International Airport staff announced that the New York airport's administrative servers were hit by Sodinokibi Ransomware following a cyberattack that took place over Christmas. [...]

https://www.bleepingcomputer.com/news/security/sodinikibi-ransomware-hits-new-york-airport-systems/

Maze Ransomware Publishes 14GB of Stolen Southwire Files

The Maze Ransomware operators have released an additional 14GB of files that they claim were stolen from one of their victims for not paying a ransomware demand. [...]

https://www.bleepingcomputer.com/news/security/maze-ransomware-publishes-14gb-of-stolen-southwire-files/

Australia Bushfire Donors Affected by Credit Card Skimming Attack

Attackers have compromised a website collecting donations for the victims of the Australia bushfires and injected a malicious script that steals the payment information of the donors. [...]

https://www.bleepingcomputer.com/news/security/australia-bushfire-donors-affected-by-credit-card-skimming-attack/

Citrix ADC CVE-2019-19781 Exploits Released, Fix Now!

Numerous working exploits for the Citrix ADC (NetScaler) CVE-2019-1978 vulnerability are finally here and have been publicly posted in numerous locations. There is no patch available for this vulnerability, but Citrix has provided mitigations, which should be applied now! [...]

https://www.bleepingcomputer.com/news/security/citrix-adc-cve-2019-19781-exploits-released-fix-now/

Android Trojan Kills Google Play Protect, Spews Fake App Reviews

An Android malware strain camouflaged as a system app is used by threat actors to disable the Google Play Protect service, generate fake reviews, install malicious apps, show ads, and more. [...]

https://www.bleepingcomputer.com/news/security/android-trojan-kills-google-play-protect-spews-fake-app-reviews/

The Week in Ransomware - January 10th 2020 - Now Data Breaches

This week we have seen new ransomware operators targeting businesses, stolen data published, and the Sodinokibi Ransomware being confirmed as behind the Travelex cyber attack. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-10th-2020-now-data-breaches/

Sodinokibi Ransomware Publishes Stolen Data for the First Time

For the first time, the operators behind the Sodinokibi Ransomware have released files stolen from one of their victims because a ransom was not paid in time. [...]

https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-publishes-stolen-data-for-the-first-time/

Windows 7 Reminder: Get a Free Windows 10 Upgrade While You Can

With the Windows 7 end of life fast approaching, users need to decide whether they want to upgrade them to Windows 10 or get a new PC. For now, users can still use a method to upgrade their Windows 7 machines to Windows 10 for free. It is not known how long this method will work, though, so users should upgrade as soon as possible. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-7-reminder-get-a-free-windows-10-upgrade-while-you-can/

Android Trojan Steals Your Money to Fund International SMS Attacks

An Android banking Trojan dubbed Faketoken has recently been observed by security researchers while draining its victims' accounts to fuel offensive mass text campaigns targeting mobile devices from all over the world. [...]

https://www.bleepingcomputer.com/news/security/android-trojan-steals-your-money-to-fund-international-sms-attacks/

Emotet Malware Restarts Spam Attacks After Holiday Break

After almost a three-week holiday vacation, the Emotet trojan is back and targeting the over eighty countries with malicious spam campaigns.  [...]

https://www.bleepingcomputer.com/news/security/emotet-malware-restarts-spam-attacks-after-holiday-break/

Nemty Ransomware to Start Leaking Non-Paying Victim's Data

The Nemty Ransomware has outlined plans to create a blog that will be used to publish stolen data for ransomware victims who refuse to pay the ransom. [...]

https://www.bleepingcomputer.com/news/security/nemty-ransomware-to-start-leaking-non-paying-victims-data/

BEC Scammers Use Aging Report Phishing to Find New Targets

A group tracked as Ancient Tortoise is targeting accounts receivable specialists tricking them into sending over aging reports and thus collecting info on customers they can scam in later attack stages. [...]

https://www.bleepingcomputer.com/news/security/bec-scammers-use-aging-report-phishing-to-find-new-targets/

CISA Releases Test Tool for Citrix ADC CVE-2019-19781 Vulnerability

DHS CISA released a public domain tool designed to help security staff to test if their organizations are vulnerable to ongoing attacks that might target the CVE-2019-19781 security flaw impacting the Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) products. [...]

https://www.bleepingcomputer.com/news/security/cisa-releases-test-tool-for-citrix-adc-cve-2019-19781-vulnerability/

Microsoft to Support the New Edge Browser After Windows 7 EOL

Microsoft will continue to support the new Microsoft Edge in Windows 7 even after the operating system reaches the end of life tomorrow. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-to-support-the-new-edge-browser-after-windows-7-eol/

Windows 7 Reaches End of Life Tomorrow, What You Need to Know

It's the end of an era: Windows 7 will reach end of support tomorrow, on January 14, a decade after its initial release, with Microsoft to no longer provide users with software updates and security updates or fixes. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-7-reaches-end-of-life-tomorrow-what-you-need-to-know/

Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices

The Ryuk Ransomware uses the Wake-on-Lan feature to turn on powered off devices on a compromised network to have greater success encrypting them. [...]

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-uses-wake-on-lan-to-encrypt-offline-devices/

United Nations Targeted With Emotet Malware Phishing Attack

Pretending to be the Permanent Mission of Norway, the Emotet operators performed a targeted phishing attack against email addresses associated with users at the United Nations. [...]

https://www.bleepingcomputer.com/news/security/united-nations-targeted-with-emotet-malware-phishing-attack/