Critical Bugs in WordPress Plugins Let Hackers Take Over Sites

Hackers are attempting to take over tens of thousands of sites by exploiting critical WordPress plugin vulnerabilities that allow them to create rogue administrator​​​ accounts and to plant backdoors. [...]

https://www.bleepingcomputer.com/news/security/critical-bugs-in-wordpress-plugins-let-hackers-take-over-sites/

Hackers Use Windows 10 RDP ActiveX Control to Run Griffon Backdoor

The FIN7 group of financially-motivated hackers is using the remote desktop ActiveX control in Word documents to automatically execute the Griffon backdoor on Windows 10. [...]

https://www.bleepingcomputer.com/news/security/hackers-use-windows-10-rdp-activex-control-to-run-griffon-backdoor/

NVIDIA Fixes High Severity Flaw in Windows GPU Display Driver

NVIDIA has released a GPU display driver security update today, February 28, 2020, that fixes high and medium severity vulnerabilities that might lead to code execution, local escalation of privileges, information disclosure, and denial of service on unpatched Windows computers. [...]

https://www.bleepingcomputer.com/news/security/nvidia-fixes-high-severity-flaw-in-windows-gpu-display-driver/

How to Clean Install Windows 10 2004 Before Official Release

Windows users can now perform a clean install of the upcoming Windows 10 2004 feature update before its officially released by using ISO disk images that can be downloaded from the Windows 10 Insider site. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-clean-install-windows-10-2004-before-official-release/

US Railroad Contractor Reports Data Breach After Ransomware Attack

RailWorks Corporation, one of North America's leading railroad track and transit system providers, disclosed a ransomware attack that led to the exposure of personally identifiable information of current and former employees, their beneficiaries and dependents, as well as that of independent contractors. [...]

https://www.bleepingcomputer.com/news/security/us-railroad-contractor-reports-data-breach-after-ransomware-attack/

The Week in Ransomware - February 28th 2020 - Data Leaks Everywhere

Over the past two weeks, we continue to see small towns, fire departments, hospitals, and companies being attacked by ransomware. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-28th-2020-data-leaks-everywhere/

Hiding Windows File Extensions is a Security Risk, Enable Now

Microsoft hides file extensions in Windows by default even though it's a security risk that is commonly abused by phishing emails and malware distributors to trick people into opening malicious files. [...]

https://www.bleepingcomputer.com/news/microsoft/hiding-windows-file-extensions-is-a-security-risk-enable-now/

Chrome and Firefox Extension Lets You View Deleted Web Pages

If you ever browsed the web and were disappointed when a page you were looking for no longer existed, you can use a Google Chrome and Mozilla Firefox browser extension to automatically retrieve the deleted pages from Archive.org. [...]

https://www.bleepingcomputer.com/news/software/chrome-and-firefox-extension-lets-you-view-deleted-web-pages/

How to Pause Windows 10 Automatic Updates To Avoid Critical Bugs

Windows 10 Home, Pro and Enterprise allow users to pause updates via the Settings, Group Policy and Registry to avoid reported critical bugs or compatibility issues in new updates. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-pause-windows-10-automatic-updates-to-avoid-critical-bugs/

New Evasion Encyclopedia Shows How Malware Detects Virtual Machines

A new Malware Evasion Encyclopedia has been launched that offers insight into the various methods malware uses to detect if it is running under a virtual environment. [...]

https://www.bleepingcomputer.com/news/security/new-evasion-encyclopedia-shows-how-malware-detects-virtual-machines/

Windows 10 1909 Starts Getting Microsoft's New Fluent Icons

Ahead of schedule, Microsoft has started rolling out some of the new Fluent system icons to users running Windows 10 1909. [...]

https://www.bleepingcomputer.com/news/security/windows-10-1909-starts-getting-microsofts-new-fluent-icons/

US Drugstore Giant Walgreens Leaked Users' Sensitive Info

US drugstore chain giant Walgreens disclosed over the weekend that some of its mobile apps' users have been able to inadvertently access other users' sensitive information because of a bug.  [...]

https://www.bleepingcomputer.com/news/security/us-drugstore-giant-walgreens-leaked-users-sensitive-info/

Active Scans for Apache Tomcat Ghostcat Vulnerability Detected, Patch Now

Ongoing scans for Apache Tomcat servers unpatched against the Ghostcat vulnerability that allows potential attackers to take over servers have been detected over the weekend. [...]

https://www.bleepingcomputer.com/news/security/active-scans-for-apache-tomcat-ghostcat-vulnerability-detected-patch-now/

New PwndLocker Ransomware Targeting U.S. Cities, Enterprises

Driven by the temptation of big ransom payments, a new ransomware called PwndLocker has started targeting the networks of businesses and local governments with ransom demands over $650,000. [...]

https://www.bleepingcomputer.com/news/security/new-pwndlocker-ransomware-targeting-us-cities-enterprises/

Windows 10 Y3K Bug: Won't Install After January 18, 3001

A bizarre bug could affect some Windows 10 users that try to install the latest Windows release on computers where the BIOS date is set to January 19, 3001, or later on AMD or Intel motherboards. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-y3k-bug-wont-install-after-january-18-3001/

Microsoft MVP Summit Now A Virtual Conf Over Coronavirus Fears

Microsoft has decided to change its annual in-person MVP Summit held in Seattle, Washington into a virtual online conference over concerns about the continuing spread of the Coronavirus outbreak. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-mvp-summit-now-a-virtual-conf-over-coronavirus-fears/

US Charges Two With Laundering $100M for North Korean Hackers

Two Chinese nationals were charged today by the US Dept of Justice and sanctioned by the US Treasury for allegedly laundering over $100 million worth of cryptocurrency out of the nearly $250 million stolen by North Korean actors known as Lazarus Group after hacking a cryptocurrency exchange in 2018. [...]

https://www.bleepingcomputer.com/news/security/us-charges-two-with-laundering-100m-for-north-korean-hackers/

Nemty Ransomware Punishes Victims by Posting Their Stolen Data

The Nemty Ransomware is the latest cybercrime operation to create a data leak site to punish victims who refuse to pay ransoms. [...]

https://www.bleepingcomputer.com/news/security/nemty-ransomware-punishes-victims-by-posting-their-stolen-data/

Cisco Offering Free 90-day Webex Licenses Due to Coronavirus

To make it easier for those who are impacted by the spread of Coronavirus/COVID-19, Cisco has enhanced its free Webex account offerings and offering free 90-day business licenses. [...]

https://www.bleepingcomputer.com/news/software/cisco-offering-free-90-day-webex-licenses-due-to-coronavirus/

SETI@home Search for Alien Life Project Shuts Down After 21 Years

SETI@home has announced that they will no longer be distributing new work to clients starting on March 31st as they have enough data and want to focus on completing their back-end analysis of the data. [...]

https://www.bleepingcomputer.com/news/software/seti-home-search-for-alien-life-project-shuts-down-after-21-years/

Chinese Security Firm Says CIA Hackers Attacked China Since 2008

Chinese security vendor Qihoo 360 says that the US Central Intelligence Agency (CIA) has hacked Chinese organizations for the last 11 years, targeting various industry sectors and government agencies. [...]

https://www.bleepingcomputer.com/news/security/chinese-security-firm-says-cia-hackers-attacked-china-since-2008/