Sonos Backtracks: Legacy Devices Will Get Updates After May

In an email being sent to customers, Sonos has stated that they have heard everyone's concerns and while older devices will not get new features, they will continue to receive software updates with security and bug fixes after May 2020. [...]

https://www.bleepingcomputer.com/news/technology/sonos-backtracks-legacy-devices-will-get-updates-after-may/

U.S. Govt Agency Hit with New CARROTBALL Malware Dropper

A new malware called CARROTBALL, used as a second-stage payload in targeted attacks, was distributed in phishing email attachments delivered to a U.S. government agency and non-US foreign nationals professionally affiliated with current activities in North Korea. [...]

https://www.bleepingcomputer.com/news/security/us-govt-agency-hit-with-new-carrotball-malware-dropper/

Microsoft is Adding Classic ‘Edge Mode’ to New Edge Browser

Microsoft is developing a new 'Edge Mode' that lets users visit sites using the same rendering engine as Classic Edge to continue using legacy web applications. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-is-adding-classic-edge-mode-to-new-edge-browser/

City of Potsdam Servers Offline Following Cyberattack

The City of Potsdam severed the administration servers' Internet connection following an attack that took place earlier this week. Emergency services including the city's fire department fully operational and payments are not affected. [...]

https://www.bleepingcomputer.com/news/security/city-of-potsdam-servers-offline-following-cyberattack/

DOS Exploit PoC Released for Critical Windows RDP Gateway Bugs

A proof-of-concept (PoC) denial of service exploit has been published by Danish security researcher Ollypwn for the CVE-2020-0609 and CVE-2020-0610 flaws affecting the Remote Desktop Gateway (RD Gateway) component on Windows Server (2012, 2012 R2, 2016, and 2019) devices. [...]

https://www.bleepingcomputer.com/news/security/dos-exploit-poc-released-for-critical-windows-rdp-gateway-bugs/

New Ryuk Info Stealer Targets Government and Military Secrets

A new version of the Ryuk Stealer malware has been enhanced to allow it to steal a greater amount of confidential files related to the military, government, financial statements, banking, and other sensitive data. [...]

https://www.bleepingcomputer.com/news/security/new-ryuk-info-stealer-targets-government-and-military-secrets/

Citrix Releases Final Patch as Ransomware Attacks Ramp Up

Citrix released the final permanent fix for the actively exploited CVE-2019-19781 vulnerability, needed to secure all vulnerable Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances. [...]

https://www.bleepingcomputer.com/news/security/citrix-releases-final-patch-as-ransomware-attacks-ramp-up/

Microsoft To Fix Windows 7 Black Wallpaper Bug for ESU Customers

Microsoft says that a bugfix will be provided for organizations that purchased Windows 7 Extended Security Updates (ESU) to fix a newly acknowledged issue leading to the desktop wallpaper being replaced by a blank black screen. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-to-fix-windows-7-black-wallpaper-bug-for-esu-customers/

The Week in Ransomware - January 24th 2020 - Duck for Cover!

Ransomware continues its onslaught against cities, the enterprise, and even houses of worship as threat actors attempt to encrypt as much as they can to earn big payouts. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-24th-2020-duck-for-cover/

10% of All Macs Shlayered, Malware Cocktail Served

Many people think that malware only targets Windows and that Macs are safe, but a new report shows how a single Apple malware called Shlayer has attacked over 10% of all Apple computers monitored by an antivirus company. [...]

https://www.bleepingcomputer.com/news/security/10-percent-of-all-macs-shlayered-malware-cocktail-served/

PayPal, American Express Phishing Kits Added to 16Shop Service

The 16Shop phishing kit distribution network has expanded its portfolio with new templates that target PayPal and American Express users. [...]

https://www.bleepingcomputer.com/news/security/paypal-american-express-phishing-kits-added-to-16shop-service/

Patching the Citrix ADC Bug Doesn't Mean You Weren't Hacked

Citrix on Friday released the final patch for the critical vulnerability tracked as CVE-2019-19781 in its affected appliances. Many organizations are still at risk, though, as they continue to run Citrix servers without a fix or the advised [...]

https://www.bleepingcomputer.com/news/security/patching-the-citrix-adc-bug-doesnt-mean-you-werent-hacked/

Microsoft's IE Zero-day Fix is Breaking Windows Printing

Microsoft's temporary fix for a recently disclosed Internet Explorer zero-day vulnerability is causing numerous problems in Windows, including breaking printing for some users. [...]

https://www.bleepingcomputer.com/news/security/microsofts-ie-zero-day-fix-is-breaking-windows-printing/

First MageCart Hackers Caught, Infected Hundreds of Web Stores

Suspected members of a MageCart group that stole payment card information from customers of hundreds of hacked online stores are now in custody of the Indonesian police. [...]

https://www.bleepingcomputer.com/news/security/first-magecart-hackers-caught-infected-hundreds-of-web-stores/

RCE Exploit for Windows RDP Gateway Demoed by Researcher

A remote code execution (RCE) exploit for Windows Remote Desktop Gateway (RD Gateway) was demoed by InfoGuard AG penetration tester Luca Marcelli, after a proof-of-concept denial of service exploit was released by Danish security researcher Ollypwn on Friday for the same pair of flaws. [...]

https://www.bleepingcomputer.com/news/security/rce-exploit-for-windows-rdp-gateway-demoed-by-researcher/

Google Rolls Back Change Making Search Results Look Like Ads

After receiving negative feedback regarding the use of site icons in desktop search results, Google has decided to roll back this design change as they continue to experiment further. [...]

https://www.bleepingcomputer.com/news/google/google-rolls-back-change-making-search-results-look-like-ads/

Windows 7 To Get Post End of Life Update to Fix Wallpaper Bug

Microsoft plans to release an additional update for all users of Windows 7 that fixes a wallpaper bug even though the operating system has reached the end of support. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-7-to-get-post-end-of-life-update-to-fix-wallpaper-bug/

Google Chrome Gets Improved Tab Feature, Thanks to Microsoft

Microsoft announced late last year that Windows 10's default Edge browser would use open-source Chromium platform as a base. Since Edge is now built on Chromium, Microsoft has been actively contributing to the open-source platform and the under-the-hood improvements benefit both Edge and Chrome. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-gets-improved-tab-feature-thanks-to-microsoft/

Microsoft Asked to Unshackle Windows 7 From Proprietary Tyranny

The Free Software Foundation (FSF) is asking Microsoft to 'upcycle' Windows 7 and allow the community to continue to improve it after its end of life. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-asked-to-unshackle-windows-7-from-proprietary-tyranny/

FBI Releases Alert on Iranian Hackers' Defacement Techniques

The FBI Cyber Division issued a flash security alert earlier this month with additional indicators of compromise from recent defacement attacks operated by Iranian threat actors and info on attackers' TTPs to help administrators and users to protect their websites. [...]

https://www.bleepingcomputer.com/news/security/fbi-releases-alert-on-iranian-hackers-defacement-techniques/

OurMine Hackers Are Back, Hijack NFL Teams' Social Accounts

It looks like the OurMine crew is back and they're on a hacking spree, taking brief control of the social media accounts of high-profile individuals. [...]

https://www.bleepingcomputer.com/news/security/ourmine-hackers-are-back-hijack-nfl-teams-social-accounts/