DOS Exploit PoC Released for Critical Windows RDP Gateway Bugs

A proof-of-concept (PoC) denial of service exploit has been published by Danish security researcher Ollypwn for the CVE-2020-0609 and CVE-2020-0610 flaws affecting the Remote Desktop Gateway (RD Gateway) component on Windows Server (2012, 2012 R2, 2016, and 2019) devices. [...]

https://www.bleepingcomputer.com/news/security/dos-exploit-poc-released-for-critical-windows-rdp-gateway-bugs/

New Ryuk Info Stealer Targets Government and Military Secrets

A new version of the Ryuk Stealer malware has been enhanced to allow it to steal a greater amount of confidential files related to the military, government, financial statements, banking, and other sensitive data. [...]

https://www.bleepingcomputer.com/news/security/new-ryuk-info-stealer-targets-government-and-military-secrets/

Citrix Releases Final Patch as Ransomware Attacks Ramp Up

Citrix released the final permanent fix for the actively exploited CVE-2019-19781 vulnerability, needed to secure all vulnerable Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances. [...]

https://www.bleepingcomputer.com/news/security/citrix-releases-final-patch-as-ransomware-attacks-ramp-up/

Microsoft To Fix Windows 7 Black Wallpaper Bug for ESU Customers

Microsoft says that a bugfix will be provided for organizations that purchased Windows 7 Extended Security Updates (ESU) to fix a newly acknowledged issue leading to the desktop wallpaper being replaced by a blank black screen. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-to-fix-windows-7-black-wallpaper-bug-for-esu-customers/

The Week in Ransomware - January 24th 2020 - Duck for Cover!

Ransomware continues its onslaught against cities, the enterprise, and even houses of worship as threat actors attempt to encrypt as much as they can to earn big payouts. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-24th-2020-duck-for-cover/

10% of All Macs Shlayered, Malware Cocktail Served

Many people think that malware only targets Windows and that Macs are safe, but a new report shows how a single Apple malware called Shlayer has attacked over 10% of all Apple computers monitored by an antivirus company. [...]

https://www.bleepingcomputer.com/news/security/10-percent-of-all-macs-shlayered-malware-cocktail-served/

PayPal, American Express Phishing Kits Added to 16Shop Service

The 16Shop phishing kit distribution network has expanded its portfolio with new templates that target PayPal and American Express users. [...]

https://www.bleepingcomputer.com/news/security/paypal-american-express-phishing-kits-added-to-16shop-service/

Patching the Citrix ADC Bug Doesn't Mean You Weren't Hacked

Citrix on Friday released the final patch for the critical vulnerability tracked as CVE-2019-19781 in its affected appliances. Many organizations are still at risk, though, as they continue to run Citrix servers without a fix or the advised [...]

https://www.bleepingcomputer.com/news/security/patching-the-citrix-adc-bug-doesnt-mean-you-werent-hacked/

Microsoft's IE Zero-day Fix is Breaking Windows Printing

Microsoft's temporary fix for a recently disclosed Internet Explorer zero-day vulnerability is causing numerous problems in Windows, including breaking printing for some users. [...]

https://www.bleepingcomputer.com/news/security/microsofts-ie-zero-day-fix-is-breaking-windows-printing/

First MageCart Hackers Caught, Infected Hundreds of Web Stores

Suspected members of a MageCart group that stole payment card information from customers of hundreds of hacked online stores are now in custody of the Indonesian police. [...]

https://www.bleepingcomputer.com/news/security/first-magecart-hackers-caught-infected-hundreds-of-web-stores/

RCE Exploit for Windows RDP Gateway Demoed by Researcher

A remote code execution (RCE) exploit for Windows Remote Desktop Gateway (RD Gateway) was demoed by InfoGuard AG penetration tester Luca Marcelli, after a proof-of-concept denial of service exploit was released by Danish security researcher Ollypwn on Friday for the same pair of flaws. [...]

https://www.bleepingcomputer.com/news/security/rce-exploit-for-windows-rdp-gateway-demoed-by-researcher/

Google Rolls Back Change Making Search Results Look Like Ads

After receiving negative feedback regarding the use of site icons in desktop search results, Google has decided to roll back this design change as they continue to experiment further. [...]

https://www.bleepingcomputer.com/news/google/google-rolls-back-change-making-search-results-look-like-ads/

Windows 7 To Get Post End of Life Update to Fix Wallpaper Bug

Microsoft plans to release an additional update for all users of Windows 7 that fixes a wallpaper bug even though the operating system has reached the end of support. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-7-to-get-post-end-of-life-update-to-fix-wallpaper-bug/

Google Chrome Gets Improved Tab Feature, Thanks to Microsoft

Microsoft announced late last year that Windows 10's default Edge browser would use open-source Chromium platform as a base. Since Edge is now built on Chromium, Microsoft has been actively contributing to the open-source platform and the under-the-hood improvements benefit both Edge and Chrome. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-gets-improved-tab-feature-thanks-to-microsoft/

Microsoft Asked to Unshackle Windows 7 From Proprietary Tyranny

The Free Software Foundation (FSF) is asking Microsoft to 'upcycle' Windows 7 and allow the community to continue to improve it after its end of life. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-asked-to-unshackle-windows-7-from-proprietary-tyranny/

FBI Releases Alert on Iranian Hackers' Defacement Techniques

The FBI Cyber Division issued a flash security alert earlier this month with additional indicators of compromise from recent defacement attacks operated by Iranian threat actors and info on attackers' TTPs to help administrators and users to protect their websites. [...]

https://www.bleepingcomputer.com/news/security/fbi-releases-alert-on-iranian-hackers-defacement-techniques/

OurMine Hackers Are Back, Hijack NFL Teams' Social Accounts

It looks like the OurMine crew is back and they're on a hacking spree, taking brief control of the social media accounts of high-profile individuals. [...]

https://www.bleepingcomputer.com/news/security/ourmine-hackers-are-back-hijack-nfl-teams-social-accounts/

Ragnarok Ransomware Targets Citrix ADC, Disables Windows Defender

A new ransomware called Ragnarok has been detected being used in targeted attacks against unpatched Citrix ADC servers vulnerable to the CVE-2019-19781 exploit. [...]

https://www.bleepingcomputer.com/news/security/ragnarok-ransomware-targets-citrix-adc-disables-windows-defender/

Ring Android App Sent Sensitive User Data to 3rd Party Trackers

Amazon's Ring doorbell app for Android is sending to third-party trackers information that can be used to identify customers, research from the Electronic Frontier Foundation (EFF) has found. [...]

https://www.bleepingcomputer.com/news/security/ring-android-app-sent-sensitive-user-data-to-3rd-party-trackers/

Kali Linux Adds Single Installer Image, Default Non-Root User

Kali Linux 2020.1 was released today by Kali Linux team at Offensive Security with a new Kali Single Installer image for all desktop environments and a previously announced move to a non-root default user. [...]

https://www.bleepingcomputer.com/news/security/kali-linux-adds-single-installer-image-default-non-root-user/

Ransomware Bitcoin Wallet Frozen by UK Court to Recover Ransom

A victim's insurance company convinced the UK courts to freeze a bitcoin wallet containing over $800K worth of a ransomware payment. [...]

https://www.bleepingcomputer.com/news/security/ransomware-bitcoin-wallet-frozen-by-uk-court-to-recover-ransom/