The Week in Ransomware - January 10th 2020 - Now Data Breaches

This week we have seen new ransomware operators targeting businesses, stolen data published, and the Sodinokibi Ransomware being confirmed as behind the Travelex cyber attack. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-10th-2020-now-data-breaches/

Sodinokibi Ransomware Publishes Stolen Data for the First Time

For the first time, the operators behind the Sodinokibi Ransomware have released files stolen from one of their victims because a ransom was not paid in time. [...]

https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-publishes-stolen-data-for-the-first-time/

Windows 7 Reminder: Get a Free Windows 10 Upgrade While You Can

With the Windows 7 end of life fast approaching, users need to decide whether they want to upgrade them to Windows 10 or get a new PC. For now, users can still use a method to upgrade their Windows 7 machines to Windows 10 for free. It is not known how long this method will work, though, so users should upgrade as soon as possible. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-7-reminder-get-a-free-windows-10-upgrade-while-you-can/

Android Trojan Steals Your Money to Fund International SMS Attacks

An Android banking Trojan dubbed Faketoken has recently been observed by security researchers while draining its victims' accounts to fuel offensive mass text campaigns targeting mobile devices from all over the world. [...]

https://www.bleepingcomputer.com/news/security/android-trojan-steals-your-money-to-fund-international-sms-attacks/

Emotet Malware Restarts Spam Attacks After Holiday Break

After almost a three-week holiday vacation, the Emotet trojan is back and targeting the over eighty countries with malicious spam campaigns.  [...]

https://www.bleepingcomputer.com/news/security/emotet-malware-restarts-spam-attacks-after-holiday-break/

Nemty Ransomware to Start Leaking Non-Paying Victim's Data

The Nemty Ransomware has outlined plans to create a blog that will be used to publish stolen data for ransomware victims who refuse to pay the ransom. [...]

https://www.bleepingcomputer.com/news/security/nemty-ransomware-to-start-leaking-non-paying-victims-data/

BEC Scammers Use Aging Report Phishing to Find New Targets

A group tracked as Ancient Tortoise is targeting accounts receivable specialists tricking them into sending over aging reports and thus collecting info on customers they can scam in later attack stages. [...]

https://www.bleepingcomputer.com/news/security/bec-scammers-use-aging-report-phishing-to-find-new-targets/

CISA Releases Test Tool for Citrix ADC CVE-2019-19781 Vulnerability

DHS CISA released a public domain tool designed to help security staff to test if their organizations are vulnerable to ongoing attacks that might target the CVE-2019-19781 security flaw impacting the Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) products. [...]

https://www.bleepingcomputer.com/news/security/cisa-releases-test-tool-for-citrix-adc-cve-2019-19781-vulnerability/

Microsoft to Support the New Edge Browser After Windows 7 EOL

Microsoft will continue to support the new Microsoft Edge in Windows 7 even after the operating system reaches the end of life tomorrow. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-to-support-the-new-edge-browser-after-windows-7-eol/

Windows 7 Reaches End of Life Tomorrow, What You Need to Know

It's the end of an era: Windows 7 will reach end of support tomorrow, on January 14, a decade after its initial release, with Microsoft to no longer provide users with software updates and security updates or fixes. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-7-reaches-end-of-life-tomorrow-what-you-need-to-know/

Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices

The Ryuk Ransomware uses the Wake-on-Lan feature to turn on powered off devices on a compromised network to have greater success encrypting them. [...]

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-uses-wake-on-lan-to-encrypt-offline-devices/

United Nations Targeted With Emotet Malware Phishing Attack

Pretending to be the Permanent Mission of Norway, the Emotet operators performed a targeted phishing attack against email addresses associated with users at the United Nations. [...]

https://www.bleepingcomputer.com/news/security/united-nations-targeted-with-emotet-malware-phishing-attack/

Adobe Releases Their January 2020 Security Updates

Adobe has released its monthly security updates that fix vulnerabilities in Adobe Experience Manager and Adobe Illustrator CC. All users are advised to install the applicable updates as soon as possible to resolve these vulnerabilities. [...]

https://www.bleepingcomputer.com/news/security/adobe-releases-their-january-2020-security-updates/

Critical WordPress Plugin Bug Allows Admin Logins Without Password

A critical authentication bypass vulnerability allows anyone to log in as an administrator user on WordPress sites running an affected version of the InfiniteWP Client because of logical mistakes in the code. [...]

https://www.bleepingcomputer.com/news/security/critical-wordpress-plugin-bug-allows-admin-logins-without-password/

Microsoft Fixes Windows CryptoAPI Spoofing Flaw Reported by NSA

Microsoft patched a spoofing vulnerability present in the Windows usermode cryptographic library, CRYPT32.DLL, on Windows 10, Windows Server 2016, and Windows Server 2019 systems. [...]

https://www.bleepingcomputer.com/news/security/microsoft-fixes-windows-cryptoapi-spoofing-flaw-reported-by-nsa/

Windows 10 Cumulative Updates KB4528760 & KB4534273 Released

Windows 10's January 2020 cumulative updates are now rolling out with important fixes for Windows 10 November 2019 Update, May 2019 Update, and October 2018 Update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-updates-kb4528760-and-kb4534273-released/

Microsoft's January 2020 Patch Tuesday Fixes 49 Vulnerabilities

Today is Microsoft's January 2020 Patch Tuesday and also the Windows 7 end of life. This is going to be a stressful day for your Windows administrators, so be nice! [...]

https://www.bleepingcomputer.com/news/microsoft/microsofts-january-2020-patch-tuesday-fixes-49-vulnerabilities/

Windows 7 Gets Final Monthly Rollup Update Before End Of Life

Windows 7 has just received its last set of security updates. After today, Windows 7 won't receive any security or non-security updates from Microsoft, and it is now considered an unsupported operating system. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-7-gets-final-monthly-rollup-update-before-end-of-life/

NSA's First Public Vulnerability Disclosure: An Effort to Build Trust

The U.S. National Security Agency (NSA) started a new chapter after discovering and reporting to Microsoft a vulnerability tracked as CVE-2020-0601 and impacting Windows 10 and Windows Server systems. [...]

https://www.bleepingcomputer.com/news/security/nsas-first-public-vulnerability-disclosure-an-effort-to-build-trust/

Windows Terminal Adds Retro CRT Effects and Console Search

Microsoft released Windows Terminal Preview v.08 today and with it comes useful improvements that include a console search feature, tab sizing, and a new retro option that makes consoles look like an old CRT. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-terminal-adds-retro-crt-effects-and-console-search/

Intel Patches High Severity Flaw in VTune Performance Profiler

Intel patched six security vulnerabilities during the January 2020 Patch Tuesday, including a high severity vulnerability in VTune and a bug affecting the Intel Processor Graphics drivers for Windows and Linux. [...]

https://www.bleepingcomputer.com/news/security/intel-patches-high-severity-flaw-in-vtune-performance-profiler/