Microsoft Updates Windows 10 PowerToys With New Utilities

Microsoft updated the open-source Windows 10 PowerToys toolset with new utilities for quickly switching between windows, for previewing files in Windows Explorer, and for batch resizing images from the context menu. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-updates-windows-10-powertoys-with-new-utilities/

How to Secure Your Zoom Meetings from Zoom-Bombing Attacks

This guide will walk you through securing your Zoom meetings so that virtual get-togethers, meetings, exercise classes, and even hours are not Zoom-bombed by unauthorized users. [...]

https://www.bleepingcomputer.com/news/software/how-to-secure-your-zoom-meetings-from-zoom-bombing-attacks/

Zoom Client Leaks Windows Login Credentials to Attackers

The Zoom Windows client is vulnerable to UNC path injection in the client's chat feature that could allow attackers to steal the Windows credentials of users who click on the link. [...]

https://www.bleepingcomputer.com/news/security/zoom-client-leaks-windows-login-credentials-to-attackers/

Microsoft is Alerting Hospitals Vulnerable to Ransomware Attacks

Microsoft has started to send targeted notifications to dozens of hospitals about vulnerable public-facing VPN devices and gateways located on their network. [...]

https://www.bleepingcomputer.com/news/security/microsoft-is-alerting-hospitals-vulnerable-to-ransomware-attacks/

Hacker Group Backdoors Thousands of Microsoft SQL Servers Daily

Hackers have been brute-forcing thousands of vulnerable Microsoft SQL (MSSQL) servers to install cryptominers and remote access Trojans (RATs) since May 2018 as researchers at Guardicore Labs discovered in December. [...]

https://www.bleepingcomputer.com/news/security/hacker-group-backdoors-thousands-of-microsoft-sql-servers-daily/

Cloudflare Launches a DNS-Based Parental Control Service

Cloudflare introduced today '1.1.1.1 for Families,' a privacy-focused DNS resolver designed to help parents in their efforts to safeguard their children's online security and privacy​​​​​​ by automatically filtering out bad sites.​​​​​​​ [...]

https://www.bleepingcomputer.com/news/security/cloudflare-launches-a-dns-based-parental-control-service/

Introduce Kids to Cybersecurity With This Free Activity Book

Security company Balbix has released a 12-page printable activity book for children that introduces them to cybersecurity in a fun way. [...]

https://www.bleepingcomputer.com/news/security/introduce-kids-to-cybersecurity-with-this-free-activity-book/

How to Mitigate the Windows Font Parsing Zero-Day Bug via GPO

Active Directory (AD) admins can mitigate the recently disclosed and actively exploited remote code execution (RCE) zero-day found in the Windows Adobe Type Manager Library in large AD environments using group policies. [...]

https://www.bleepingcomputer.com/news/security/how-to-mitigate-the-windows-font-parsing-zero-day-bug-via-gpo/

Office 365 Phishing Uses CSS Tricks to Bypass Email Gateways

A phishing campaign using Office 365 voicemail lures to trick them into visiting landing pages designed to steal their personal information or infect their computers with malware. [...]

https://www.bleepingcomputer.com/news/security/office-365-phishing-uses-css-tricks-to-bypass-email-gateways/

FBI Warns of Attacks on Remote Work, Distance Learning Platforms

FBI's Internet Crime Complaint Center (IC3) issued a public service announcement today about the risk of attacks exploiting the increased usage of online communication platforms for remote working and distance learning. [...]

https://www.bleepingcomputer.com/news/security/fbi-warns-of-attacks-on-remote-work-distance-learning-platforms/

IRS Warns of Surge in Economic Stimulus Payment Scams

The Internal Revenue Service (IRS) today issued a warning to alert about a surge in coronavirus-related scams over email, phone calls, or social media requesting personal information while using economic impact payments as a lure. [...]

https://www.bleepingcomputer.com/news/security/irs-warns-of-surge-in-economic-stimulus-payment-scams/

WordPress Plugin Bug Can Be Exploited to Create Rogue Admins

Owners of WordPress sites who use the Contact Form 7 Datepicker plugin are urged to remove or deactivate it to prevent attackers from creating rogue admins or taking over admin sessions after exploiting an authenticated stored cross-site scripting (XSS) vulnerability. [...]

https://www.bleepingcomputer.com/news/security/wordpress-plugin-bug-can-be-exploited-to-create-rogue-admins/

Twitter Reveals That Firefox Cached Private Data For Up to 7 Days

Twitter disclosed an issue in the way the Mozilla Firefox web browser cached data that may have lead to private media shared in DMs and data downloads being inadvertently stored in the browser's cache. [...]

https://www.bleepingcomputer.com/news/security/twitter-reveals-that-firefox-cached-private-data-for-up-to-7-days/

New Coronavirus-Themed Malware Locks You Out of Windows

With school closed due to the Coronavirus pandemic, some kids are creating malware to keep themselves occupied. Such is the case with a variety of new MBRLocker variants being released, including one with a Coronavirus theme. [...]

https://www.bleepingcomputer.com/news/security/new-coronavirus-themed-malware-locks-you-out-of-windows/

Zoom's Web Client is Down, Users Report 403 Forbidden Errors

Zoom users are currently reporting that they are unable to use the Zoom web client or start and attend webinars, with reports saying that the web client is throwing '403 Forbidden' errors. [...]

https://www.bleepingcomputer.com/news/technology/zooms-web-client-is-down-users-report-403-forbidden-errors/

Apple Paid $75K For Bugs Letting Sites Hijack iPhone Cameras

Apple has paid a $75,000 bug bounty to a security researcher who chained together three different exploits that could have allowed malicious web sites to use your iPhone camera and microphone without permission. [...]

https://www.bleepingcomputer.com/news/security/apple-paid-75k-for-bugs-letting-sites-hijack-iphone-cameras/

Microsoft: Emotet Took Down a Network by Overheating All Computers

Microsoft says that an Emotet infection was able to take down an organization's entire network by maxing out CPUs on Windows devices and bringing its Internet connection down to a crawl after one employee was tricked to open a phishing email attachment. [...]

https://www.bleepingcomputer.com/news/security/microsoft-emotet-took-down-a-network-by-overheating-all-computers/

Mozilla Patches Two Actively Exploited Firefox Zero-Days

Mozilla released Firefox 74.0.1 and Firefox ESR 68.6.1 earlier to address two critical vulnerabilities actively abused in the wild that could lead to remote code execution on vulnerable machines. [...]

https://www.bleepingcomputer.com/news/security/mozilla-patches-two-actively-exploited-firefox-zero-days/

Discord Turned Into an Account Stealer by Updated Malware

A new version of the popular AnarchyGrabber Discord malware has been released that modifies the Discord client files so that it can evade detection and steal user accounts every time someone logs into the chat service. [...]

https://www.bleepingcomputer.com/news/security/discord-turned-into-an-account-stealer-by-updated-malware/

Windows PCs Exposed to Attacks by Critical HP Support Assistant Bugs

Several critical HP Support Assistant vulnerabilities expose Windows computers to remote code execution attacks and could allow attackers to elevate their privileges or to delete arbitrary files following successful exploitation. [...]

https://www.bleepingcomputer.com/news/security/windows-pcs-exposed-to-attacks-by-critical-hp-support-assistant-bugs/

How to Use Windows 10 to Stay Focused While Working From Home

Your Windows 10 device boasts a feature that can help you concentrate on work, rather than being distracted by random WhatsApp forwards, messages, notifications, and promotional alerts. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-use-windows-10-to-stay-focused-while-working-from-home/