Thousands of WordPress Sites Hacked to Fuel Scam Campaign

Over 2,000 Wordpress sites have been hacked to fuel a campaign to redirect visitors to scam sites containing unwanted browser notification subscriptions, fake surveys, giveaways, and fake Adobe Flash downloads. [...]

https://www.bleepingcomputer.com/news/security/thousands-of-wordpress-sites-hacked-to-fuel-scam-campaign/

Maze Ransomware Not Getting Paid, Leaks Data Left and Right

Maze ransomware operators have infected computers from Medical Diagnostic Laboratories (MDLab) and are releasing close to 9.5GB of data stolen from infected machines. [...]

https://www.bleepingcomputer.com/news/security/maze-ransomware-not-getting-paid-leaks-data-left-and-right/

Sodinokibi Ransomware Threatens to Publish Data of Automotive Group

The attackers behind the Sodinokibi Ransomware are now threatening to publish data stolen from another victim after they failed to get in touch and pay the ransom to have the data decrypted. [...]

https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-threatens-to-publish-data-of-automotive-group/

Euro Cup and Olympics Ticket Reseller Hit by MageCart

Site belonging to a reseller of tickets for Euro Cup and the Tokyo Summer Olympics, two major sports events happening later this year, have been infected with JavaScript that steals payment card details. [...]

https://www.bleepingcomputer.com/news/security/euro-cup-and-olympics-ticket-reseller-hit-by-magecart/

LastPass Mistakenly Removes Extension from Chrome Store, Causes Outage

An accidental outage was caused by LastPass yesterday by mistakenly removing the LastPass extension from the Chrome Web Store, leading to users seeing 404 errors when trying to download and install it on their devices. [...]

https://www.bleepingcomputer.com/news/security/lastpass-mistakenly-removes-extension-from-chrome-store-causes-outage/

Critical MDhex Vulnerabilities Shake the Healthcare Sector

Critical vulnerabilities have been discovered in popular medical devices from GE Healthcare that could allow attackers to alter the way they function or render them unusable. [...]

https://www.bleepingcomputer.com/news/security/critical-mdhex-vulnerabilities-shake-the-healthcare-sector/

Buchbinder Car Renter Exposes Info of Over 3 Million Customers

German car rental company Buchbinder exposed the personal information of over 3.1 million customers including federal ministry employees, diplomats, and celebrities, all of it stored within a ten terabytes MSSQL backup database left unsecured on the Internet. [...]

https://www.bleepingcomputer.com/news/security/buchbinder-car-renter-exposes-info-of-over-3-million-customers/

TrickBot Now Harvests Windows Active Directory Credentials

A new module for the TrickBot trojan has been discovered that targets the Active Directory database stored on compromised Windows domain controllers. [...]

https://www.bleepingcomputer.com/news/security/trickbot-now-harvests-windows-active-directory-credentials/

Bipartisan Coalition Bill Introduced to Reform NSA Surveillance

A bipartisan coalition of U.S. lawmakers introduced a new bill that wants to protect Americans from warrantless government surveillance such as the one run by the National Security Agency (NSA). [...]

https://www.bleepingcomputer.com/news/security/bipartisan-coalition-bill-introduced-to-reform-nsa-surveillance/

Sonos Backtracks: Legacy Devices Will Get Updates After May

In an email being sent to customers, Sonos has stated that they have heard everyone's concerns and while older devices will not get new features, they will continue to receive software updates with security and bug fixes after May 2020. [...]

https://www.bleepingcomputer.com/news/technology/sonos-backtracks-legacy-devices-will-get-updates-after-may/

U.S. Govt Agency Hit with New CARROTBALL Malware Dropper

A new malware called CARROTBALL, used as a second-stage payload in targeted attacks, was distributed in phishing email attachments delivered to a U.S. government agency and non-US foreign nationals professionally affiliated with current activities in North Korea. [...]

https://www.bleepingcomputer.com/news/security/us-govt-agency-hit-with-new-carrotball-malware-dropper/

Microsoft is Adding Classic ‘Edge Mode’ to New Edge Browser

Microsoft is developing a new 'Edge Mode' that lets users visit sites using the same rendering engine as Classic Edge to continue using legacy web applications. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-is-adding-classic-edge-mode-to-new-edge-browser/

City of Potsdam Servers Offline Following Cyberattack

The City of Potsdam severed the administration servers' Internet connection following an attack that took place earlier this week. Emergency services including the city's fire department fully operational and payments are not affected. [...]

https://www.bleepingcomputer.com/news/security/city-of-potsdam-servers-offline-following-cyberattack/

DOS Exploit PoC Released for Critical Windows RDP Gateway Bugs

A proof-of-concept (PoC) denial of service exploit has been published by Danish security researcher Ollypwn for the CVE-2020-0609 and CVE-2020-0610 flaws affecting the Remote Desktop Gateway (RD Gateway) component on Windows Server (2012, 2012 R2, 2016, and 2019) devices. [...]

https://www.bleepingcomputer.com/news/security/dos-exploit-poc-released-for-critical-windows-rdp-gateway-bugs/

New Ryuk Info Stealer Targets Government and Military Secrets

A new version of the Ryuk Stealer malware has been enhanced to allow it to steal a greater amount of confidential files related to the military, government, financial statements, banking, and other sensitive data. [...]

https://www.bleepingcomputer.com/news/security/new-ryuk-info-stealer-targets-government-and-military-secrets/

Citrix Releases Final Patch as Ransomware Attacks Ramp Up

Citrix released the final permanent fix for the actively exploited CVE-2019-19781 vulnerability, needed to secure all vulnerable Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances. [...]

https://www.bleepingcomputer.com/news/security/citrix-releases-final-patch-as-ransomware-attacks-ramp-up/

Microsoft To Fix Windows 7 Black Wallpaper Bug for ESU Customers

Microsoft says that a bugfix will be provided for organizations that purchased Windows 7 Extended Security Updates (ESU) to fix a newly acknowledged issue leading to the desktop wallpaper being replaced by a blank black screen. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-to-fix-windows-7-black-wallpaper-bug-for-esu-customers/

The Week in Ransomware - January 24th 2020 - Duck for Cover!

Ransomware continues its onslaught against cities, the enterprise, and even houses of worship as threat actors attempt to encrypt as much as they can to earn big payouts. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-24th-2020-duck-for-cover/

10% of All Macs Shlayered, Malware Cocktail Served

Many people think that malware only targets Windows and that Macs are safe, but a new report shows how a single Apple malware called Shlayer has attacked over 10% of all Apple computers monitored by an antivirus company. [...]

https://www.bleepingcomputer.com/news/security/10-percent-of-all-macs-shlayered-malware-cocktail-served/

PayPal, American Express Phishing Kits Added to 16Shop Service

The 16Shop phishing kit distribution network has expanded its portfolio with new templates that target PayPal and American Express users. [...]

https://www.bleepingcomputer.com/news/security/paypal-american-express-phishing-kits-added-to-16shop-service/

Patching the Citrix ADC Bug Doesn't Mean You Weren't Hacked

Citrix on Friday released the final patch for the critical vulnerability tracked as CVE-2019-19781 in its affected appliances. Many organizations are still at risk, though, as they continue to run Citrix servers without a fix or the advised [...]

https://www.bleepingcomputer.com/news/security/patching-the-citrix-adc-bug-doesnt-mean-you-werent-hacked/