Nemty Ransomware to Start Leaking Non-Paying Victim's Data

The Nemty Ransomware has outlined plans to create a blog that will be used to publish stolen data for ransomware victims who refuse to pay the ransom. [...]

https://www.bleepingcomputer.com/news/security/nemty-ransomware-to-start-leaking-non-paying-victims-data/

BEC Scammers Use Aging Report Phishing to Find New Targets

A group tracked as Ancient Tortoise is targeting accounts receivable specialists tricking them into sending over aging reports and thus collecting info on customers they can scam in later attack stages. [...]

https://www.bleepingcomputer.com/news/security/bec-scammers-use-aging-report-phishing-to-find-new-targets/

CISA Releases Test Tool for Citrix ADC CVE-2019-19781 Vulnerability

DHS CISA released a public domain tool designed to help security staff to test if their organizations are vulnerable to ongoing attacks that might target the CVE-2019-19781 security flaw impacting the Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) products. [...]

https://www.bleepingcomputer.com/news/security/cisa-releases-test-tool-for-citrix-adc-cve-2019-19781-vulnerability/

Microsoft to Support the New Edge Browser After Windows 7 EOL

Microsoft will continue to support the new Microsoft Edge in Windows 7 even after the operating system reaches the end of life tomorrow. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-to-support-the-new-edge-browser-after-windows-7-eol/

Windows 7 Reaches End of Life Tomorrow, What You Need to Know

It's the end of an era: Windows 7 will reach end of support tomorrow, on January 14, a decade after its initial release, with Microsoft to no longer provide users with software updates and security updates or fixes. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-7-reaches-end-of-life-tomorrow-what-you-need-to-know/

Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices

The Ryuk Ransomware uses the Wake-on-Lan feature to turn on powered off devices on a compromised network to have greater success encrypting them. [...]

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-uses-wake-on-lan-to-encrypt-offline-devices/

United Nations Targeted With Emotet Malware Phishing Attack

Pretending to be the Permanent Mission of Norway, the Emotet operators performed a targeted phishing attack against email addresses associated with users at the United Nations. [...]

https://www.bleepingcomputer.com/news/security/united-nations-targeted-with-emotet-malware-phishing-attack/

Adobe Releases Their January 2020 Security Updates

Adobe has released its monthly security updates that fix vulnerabilities in Adobe Experience Manager and Adobe Illustrator CC. All users are advised to install the applicable updates as soon as possible to resolve these vulnerabilities. [...]

https://www.bleepingcomputer.com/news/security/adobe-releases-their-january-2020-security-updates/

Critical WordPress Plugin Bug Allows Admin Logins Without Password

A critical authentication bypass vulnerability allows anyone to log in as an administrator user on WordPress sites running an affected version of the InfiniteWP Client because of logical mistakes in the code. [...]

https://www.bleepingcomputer.com/news/security/critical-wordpress-plugin-bug-allows-admin-logins-without-password/

Microsoft Fixes Windows CryptoAPI Spoofing Flaw Reported by NSA

Microsoft patched a spoofing vulnerability present in the Windows usermode cryptographic library, CRYPT32.DLL, on Windows 10, Windows Server 2016, and Windows Server 2019 systems. [...]

https://www.bleepingcomputer.com/news/security/microsoft-fixes-windows-cryptoapi-spoofing-flaw-reported-by-nsa/

Windows 10 Cumulative Updates KB4528760 & KB4534273 Released

Windows 10's January 2020 cumulative updates are now rolling out with important fixes for Windows 10 November 2019 Update, May 2019 Update, and October 2018 Update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-updates-kb4528760-and-kb4534273-released/

Microsoft's January 2020 Patch Tuesday Fixes 49 Vulnerabilities

Today is Microsoft's January 2020 Patch Tuesday and also the Windows 7 end of life. This is going to be a stressful day for your Windows administrators, so be nice! [...]

https://www.bleepingcomputer.com/news/microsoft/microsofts-january-2020-patch-tuesday-fixes-49-vulnerabilities/

Windows 7 Gets Final Monthly Rollup Update Before End Of Life

Windows 7 has just received its last set of security updates. After today, Windows 7 won't receive any security or non-security updates from Microsoft, and it is now considered an unsupported operating system. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-7-gets-final-monthly-rollup-update-before-end-of-life/

NSA's First Public Vulnerability Disclosure: An Effort to Build Trust

The U.S. National Security Agency (NSA) started a new chapter after discovering and reporting to Microsoft a vulnerability tracked as CVE-2020-0601 and impacting Windows 10 and Windows Server systems. [...]

https://www.bleepingcomputer.com/news/security/nsas-first-public-vulnerability-disclosure-an-effort-to-build-trust/

Windows Terminal Adds Retro CRT Effects and Console Search

Microsoft released Windows Terminal Preview v.08 today and with it comes useful improvements that include a console search feature, tab sizing, and a new retro option that makes consoles look like an old CRT. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-terminal-adds-retro-crt-effects-and-console-search/

Intel Patches High Severity Flaw in VTune Performance Profiler

Intel patched six security vulnerabilities during the January 2020 Patch Tuesday, including a high severity vulnerability in VTune and a bug affecting the Intel Processor Graphics drivers for Windows and Linux. [...]

https://www.bleepingcomputer.com/news/security/intel-patches-high-severity-flaw-in-vtune-performance-profiler/

Windows BSOD Betrays Cryptominer Hidden in WAV File

The infamous blue screen of death (BSOD) on computers belonging to a company in the medical tech sector was the tell for a malware infection that spread across more than half the network. [...]

https://www.bleepingcomputer.com/news/security/windows-bsod-betrays-cryptominer-hidden-in-wav-file/

Google Chrome Aims to Make Browser User-Agents Obsolete

To enhance the privacy of its users and reduce the complexity of updating User-Agent strings, Google Chrome plans to move to a new system that web sites can use to identify information about their visitors. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-aims-to-make-browser-user-agents-obsolete/

Windows 7 Begins to Show Full Screen Windows 10 Upgrade Alerts

When users log into Windows 7 today, they should not be surprised if they see a full-screen alert telling them that the operating system is no longer supported, they are vulnerable to viruses, and that they should upgrade to Windows 10 to fix all of these issues. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-7-begins-to-show-full-screen-windows-10-upgrade-alerts/

Microsoft Office January Security Updates Fix Code Execution Bugs

Microsoft released the January 2019 Office security updates, bundling a total of seven security updates and three cumulative updates for five different products, six of them patching flaws allowing remote code execution. [...]

https://www.bleepingcomputer.com/news/security/microsoft-office-january-security-updates-fix-code-execution-bugs/

Microsoft's New Edge Browser Released, What You Need to Know

The Chromium-based Microsoft Edge is now available for download. The new Edge ditches Microsoft's home-grown EdgeHTML rendering engine for Google's open-sourced platform called 'Chromium' and Blink rendering engine. [...]

https://www.bleepingcomputer.com/news/microsoft/microsofts-new-edge-browser-released-what-you-need-to-know/