HHS.gov Open Redirect Used by Coronavirus Phishing to Spread Malware

An HHS.gov open redirect is currently being used by attackers to push malware payloads with the help of coronavirus-themed phishing emails onto unsuspecting victims' systems. [...]

https://www.bleepingcomputer.com/news/security/hhsgov-open-redirect-used-by-coronavirus-phishing-to-spread-malware/

Microsoft Warns of Hackers Abusing Windows Adobe Library Zero-Days

Microsoft warned today of targeted attacks actively exploiting two zero-day remote code execution (RCE) vulnerabilities found in the Windows Adobe Type Manager Library and impacting all supported versions of Windows. [...]

https://www.bleepingcomputer.com/news/security/microsoft-warns-of-hackers-abusing-windows-adobe-library-zero-days/

Tech Giant GE Discloses Data Breach After Service Provider Hack

Fortune 500 technology giant General Electric (GE) disclosed that personally identifiable information of current and former GE employees, as well as beneficiaries, was exposed in a security incident experienced by one of its service providers. [...]

https://www.bleepingcomputer.com/news/security/tech-giant-ge-discloses-data-breach-after-service-provider-hack/

Hackers Hijack Routers’ DNS to Spread Malicious COVID-19 Apps

A new cyber attack is hijacking router's DNS settings so that web browsers display alerts for a fake COVID-19 information app from the World Health Organization that is the Vidar information-stealing malware. [...]

https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Fake Corona Antivirus Software Used to Install Backdoor Malware

Sites promoting a bogus Corona Antivirus are taking advantage of the current COVID-19 pandemic to promote and distribute a malicious payload that will infect the target's computer with the BlackNET RAT and add it to a botnet. [...]

https://www.bleepingcomputer.com/news/security/fake-corona-antivirus-software-used-to-install-backdoor-malware/

Windows Defender Fix For Windows 10: Enable Network Scanning

A really simple fix for the Windows Defender alert that states items were skipped during a scan has been discovered and it involves just enabling network scanning. [...]

https://www.bleepingcomputer.com/news/security/windows-defender-fix-for-windows-10-enable-network-scanning/

Unknown Hackers Use New Milum RAT in WildPressure Campaign

A new piece of malware that shows no similarities with samples used in known campaigns is currently used to attack computers in various organizations. Researchers named the threat Milum and dubbed the operation WildPressure. [...]

https://www.bleepingcomputer.com/news/security/unknown-hackers-use-new-milum-rat-in-wildpressure-campaign/

Microsoft Cuts Back More Office 365 Features to Handle High Load

Microsoft has announced new temporary changes to Office 365 services to adjust to the ever-increasing demand and the growing number of new Microsoft 365 customers working from home during the COVID-19 pandemic. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-cuts-back-more-office-365-features-to-handle-high-load/

Adobe Fixes Critical Vulnerability in Creative Cloud Application

Adobe has released a security update for its Creative Cloud Desktop Application to fix a vulnerability that could allow attackers to delete files on a vulnerable computer. [...]

https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-vulnerability-in-creative-cloud-application/

Ginp Mobile Banker Targets Spain with "Coronavirus Finder" Lure

In today's deluge of malicious campaigns exploiting the COVID-19 topic, handlers of the Android banking trojan Ginp stand out with operation Coronavirus Finder. [...]

https://www.bleepingcomputer.com/news/security/ginp-mobile-banker-targets-spain-with-coronavirus-finder-lure/

Windows 10 Optional Cumulative Update KB4541335 Released

Microsoft is rolling out March optional cumulative update for Windows 10 November 2019 Update (version 1909) and Windows 10 May 2019 Update (version 1903) with several fixes and improvements. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-optional-cumulative-update-kb4541335-released/

TrickBot Bypasses Online Banking 2FA Protection via Mobile App

The TrickBot​​​​​ gang is using a malicious Android application they developed to bypass two-factor authentication (2FA) protection used by various banks after stealing transaction authentication numbers. [...]

https://www.bleepingcomputer.com/news/security/trickbot-bypasses-online-banking-2fa-protection-via-mobile-app/

Microsoft Pauses Optional Windows Cumulative Updates Starting in May

Due to the ongoing Coronavirus pandemic, Microsoft will stop releasing optional Windows cumulative updates starting in May 2020. This includes all supported Windows 10 and Windows Server versions. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-pauses-optional-windows-cumulative-updates-starting-in-may/

TeamViewer Stops Commercial Use Checks in Coronavirus-Affected Regions

TeamViewer has stated that they will stop performing checks for commercial use of their remote control product in regions heavily affected by the Coronavirus. [...]

https://www.bleepingcomputer.com/news/software/teamviewer-stops-commercial-use-checks-in-coronavirus-affected-regions/

Tor Browser 9.0.7 Patches Bug That Could Deanonymize Users

The Tor Project released Tor Browser 9.0.7 today with a permanent fix for a bug that allowed JavaScript code to run on the Safest security level in some situations while using the previous Tor Browser version. [...]

https://www.bleepingcomputer.com/news/security/tor-browser-907-patches-bug-that-could-deanonymize-users/

HPE Warns of New Bug That Kills SSD Drives After 40,000 Hours

Hewlett Packard Enterprise (HPE) is once again warning its customers that certain Serial-Attached SCSI solid-state drives will fail after 40,000 hours of operation, unless a critical patch is applied. [...]

https://www.bleepingcomputer.com/news/security/hpe-warns-of-new-bug-that-kills-ssd-drives-after-40-000-hours/

Three More Ransomware Families Create Sites to Leak Stolen Data

Three more ransomware families have created sites that are being used to leak the stolen data of non-paying victims and further illustrates why all ransomware attacks must be considered data breaches. [...]

https://www.bleepingcomputer.com/news/security/three-more-ransomware-families-create-sites-to-leak-stolen-data/

Mozilla Firefox Gets a HTTPS Only Mode For More Secure Browsing

Mozilla Firefox 76 is getting a new 'HTTPS Only' mode that automatically upgrades all HTTP requests to HTTPS when browsing the web and blocks all connections that can't be upgraded. [...]

https://www.bleepingcomputer.com/news/software/mozilla-firefox-gets-a-https-only-mode-for-more-secure-browsing/

Tupperware Site Hacked With Fake Form to Steal Credit Cards

Hackers have compromised the website of the world-famous Tupperware brand and are stealing customers' payment card details at checkout. The risk existed for a while as researcher's attempts to alert the company remained unanswered. [...]

https://www.bleepingcomputer.com/news/security/tupperware-site-hacked-with-fake-form-to-steal-credit-cards/

Microsoft Fixes Windows Defender Scan Bug With New Update

Microsoft has silently fixed the "items skipped during scan" Windows Defender bug that was causing some items to be excluded from scans if they were stored on a network device. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-defender-scan-bug-with-new-update/

Malware Disguised as Google Updates Pushed via Hacked News Sites

Hacked corporate sites and news blogs running using the WordPress CMS are being used by attackers to deliver backdoor malware that allows them to drop several second-stage payloads such as keyloggers, info stealers, and Trojans. [...]

https://www.bleepingcomputer.com/news/security/malware-disguised-as-google-updates-pushed-via-hacked-news-sites/