WhatsApp Bug Allowed Attackers to Access the Local File System

Facebook patched a critical WhatsApp vulnerability that would have allowed potential attackers to read files from a user's local file system, on both macOS and Windows platforms. [...]

https://www.bleepingcomputer.com/news/security/whatsapp-bug-allowed-attackers-to-access-the-local-file-system/

FBI Warns of DDoS Attack on State Voter Registration Site

The US Federal Bureau of Investigation (FBI) warned of a potential Distributed Denial of Service (DDoS) attack that targeted a state-level voter registration and information site in a Private Industry Notification (PIN) released today. [...]

https://www.bleepingcomputer.com/news/security/fbi-warns-of-ddos-attack-on-state-voter-registration-site/

Emotet Gets Ready for Tax Season With Malicious W-9 Forms

The Emotet Trojan is getting ready for the tax season with a fresh spam campaign pretending to be signed W-9 tax forms. [...]

https://www.bleepingcomputer.com/news/security/emotet-gets-ready-for-tax-season-with-malicious-w-9-forms/

Chrome 80 Released With 56 Security Fixes, Cookie Changes, More

Google has released Chrome 80 today, February 4th, 2020, to the Stable desktop channel for the Windows, macOS, Linux, Chrome OS, iOS, and Android platforms with bug fixes, new features, and 56 security fixes. [...]

https://www.bleepingcomputer.com/news/google/chrome-80-released-with-56-security-fixes-cookie-changes-more/

Realtek Fixes DLL Hijacking Flaw in HD Audio Driver for Windows

Realtek fixed a security vulnerability discovered in the Realtek HD Audio Driver Package that could allow potential attackers to gain persistence, plant malware, and evade detection on unpatched Windows systems. [...]

https://www.bleepingcomputer.com/news/security/realtek-fixes-dll-hijacking-flaw-in-hd-audio-driver-for-windows/

Bitbucket Abused to Infect 500,000+ Hosts with Malware Cocktail

Attackers are abusing the Bitbucket code hosting service to store seven types of malware threats used in an ongoing campaign that has already claimed more than 500,000 business computers across the world. [...]

https://www.bleepingcomputer.com/news/security/bitbucket-abused-to-infect-500-000-hosts-with-malware-cocktail/

Windows 10 Search Is Broken and Shows Blank Results, How to Fix

A bug in the Windows 10 Search is causing blank results to be shown in both the Start Menu and in File Explorer.  This is making it impossible to search for and launch an application from the Start Menu. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-search-is-broken-and-shows-blank-results-how-to-fix/

New Ransomware Strain Halts Toll Group Deliveries

Australian transportation and logistics company Toll Group confirmed today that systems across multiple sites and business units were encrypted by a new variant of the Mailto ransomware. [...]

https://www.bleepingcomputer.com/news/security/new-ransomware-strain-halts-toll-group-deliveries/

Charming Kitten Hackers Impersonate Journalist in Phishing Attacks

A hacker group linked with the Iranian government attempted to steal email login information from their targets through fake interview requests and impersonating a New York Times journalist. [...]

https://www.bleepingcomputer.com/news/security/charming-kitten-hackers-impersonate-journalist-in-phishing-attacks/

Microsoft Starts Testing Hyper-V for Windows 10 ARM64 Devices

Microsoft is bringing their Hyper-V virtual machine feature to ARM64 devices in upcoming Windows 10 builds. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-starts-testing-hyper-v-for-windows-10-arm64-devices/

Cisco Patches Critical CDP Flaws Affecting Millions of Devices

Five critical vulnerabilities found in various implementations of the Cisco Discovery Protocol (CDP) could allow attackers on the local network to take over tens of millions of enterprise devices as discovered by IoT security company Armis. [...]

https://www.bleepingcomputer.com/news/security/cisco-patches-critical-cdp-flaws-affecting-millions-of-devices/

Mailto (NetWalker) Ransomware Targets Enterprise Networks

With the high ransom prices and big payouts of enterprise-targeting ransomware, we now have another ransomware known as Mailto or Netwalker that is compromising enterprise networks and encrypting all of the Windows devices connected to it. [...]

https://www.bleepingcomputer.com/news/security/mailto-netwalker-ransomware-targets-enterprise-networks/

Medicaid CCO Vendor Breach Exposes Health, Personal Info of 654K

Medicaid coordinated care organization (CCO) Health Share of Oregon today disclosed a data breach exposing the health and personal info of 654,362 individuals following the theft of a laptop owned by its transportation vendor GridWorks IC. [...]

https://www.bleepingcomputer.com/news/security/medicaid-cco-vendor-breach-exposes-health-personal-info-of-654k/

Bug in Philips Smart Light Allows Hopping to Devices on the Network

Security researchers at Check Point discovered the issue and developed an attack that allowed them to hack into other devices on the same network as the vulnerable Philips Hue bulb. [...]

https://www.bleepingcomputer.com/news/security/bug-in-philips-smart-light-allows-hopping-to-devices-on-the-network/

BEC Scammers’ Interest in the Real Estate Sector Rises

Cybercriminals choose their targets by the profit they can make off them and the real estate business seems ripe for the picking, security researchers warn after looking at some 600 attacks focused on this sector. [...]

https://www.bleepingcomputer.com/news/security/bec-scammers-interest-in-the-real-estate-sector-rises/

Oscar Nominated Movies Featured in Phishing, Malware Attacks

Attackers are exploiting the hype surrounding this year's Oscar Best Picture nominated movies to infect fans with malware and to bait them to phishing websites designed to steal sensitive info such as credit card details and personal information. [...]

https://www.bleepingcomputer.com/news/security/oscar-nominated-movies-featured-in-phishing-malware-attacks/

Ransomware Exploits GIGABYTE Driver to Kill AV Processes

The attackers behind the RobbinHood Ransomware are exploiting a vulnerable GIGABYTE driver to install a malicious and unsigned driver into Windows that is used to terminate antivirus and security software. [...]

https://www.bleepingcomputer.com/news/security/ransomware-exploits-gigabyte-driver-to-kill-av-processes/

DoJ Asks Victims of the Quantum DDoS Service to Come Forward

The U.S. Department of Justice (DoJ) today issued a notification to raise awareness among victims of the Quantum Stresser Distributed Denial of Service (DDoS) for-hire service operated by David Bukoski. [...]

https://www.bleepingcomputer.com/news/security/doj-asks-victims-of-the-quantum-ddos-service-to-come-forward/

Phishing Attack Disables Google Play Protect, Drops Anubis Trojan

Android users are targeted in a phishing campaign that will infect their devices with the Anubis banking Trojan that can steal financial information from more than 250 banking and shopping applications. [...]

https://www.bleepingcomputer.com/news/security/phishing-attack-disables-google-play-protect-drops-anubis-trojan/

Google Chrome to Block Mixed Content Downloads, Prevents MiTM Attacks

Google is moving forward with its plan to block mixed content downloads from web sites to protect users from man-in-the-middle attacks. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-to-block-mixed-content-downloads-prevents-mitm-attacks/

Two More Japanese Defense Contractors Disclose Security Breaches

Japanese defense contractors Pasco Corporation (Pasco) and Kobe Steel (Kobelco) today disclosed security breaches that happened in May 2018 and in June 2015/August 2016, respectively. [...]

https://www.bleepingcomputer.com/news/security/two-more-japanese-defense-contractors-disclose-security-breaches/