80% of all exposed Exchange servers still unpatched for critical flaw

More than 350,000 of all Microsoft Exchange servers currently exposed on the Internet haven't yet been patched against the CVE-2020-0688 post-auth remote code execution vulnerability affecting all supported Microsoft Exchange Server versions. [...]

https://www.bleepingcomputer.com/news/security/80-percent-of-all-exposed-exchange-servers-still-unpatched-for-critical-flaw/

Microsoft script installs Folding@Home in Windows 10's Sandbox

Microsoft has released a PowerShell script that allows you to quickly start donating your CPU cycles to the Folding@Home project by deploying the program in the Windows 10 Sandbox. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-script-installs-folding-home-in-windows-10s-sandbox/

Scammers target Australians financially affected by pandemic

Australians that were financially impacted by the COVID-19 pandemic are targeted by scammers attempting to get their hands on victims' superannuation funds partially released starting mid-April. [...]

https://www.bleepingcomputer.com/news/security/scammers-target-australians-financially-affected-by-pandemic/

BEC gift card scams switch to online stores due to pandemic

Scammers behind business email compromise (BEC) attacks have adjusted their tactics to match the current situation given the tens of millions of employees working from home during the COVID-19 outbreak. [...]

https://www.bleepingcomputer.com/news/security/bec-gift-card-scams-switch-to-online-stores-due-to-pandemic/

Firefox 75 released with Windows 10 performance improvements

Mozilla has released Firefox 75 today, April 7th, 2020, to the Stable desktop channel for Windows, macOS, and Linux with bug fixes, new features, and security fixes. [...]

https://www.bleepingcomputer.com/news/software/firefox-75-released-with-windows-10-performance-improvements/

Microsoft buys corp.com to prevent Windows account hijacking

Microsoft has purchased the Corp.com domain to prevent it from being used by malicious actors to steal Windows credentials, monitor customer traffic, or serve malicious files. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-buys-corpcom-to-prevent-windows-account-hijacking/

Drug testing firm sends data breach alerts after ransomware attack

Hammersmith Medicines Research LTD (HMR), a research company on standby to perform live trials of Coronavirus vaccines, has started emailing data breach notifications after having their data stolen and published in a ransomware attack. [...]

https://www.bleepingcomputer.com/news/security/drug-testing-firm-sends-data-breach-alerts-after-ransomware-attack/

NASA under 'significantly increasing' hacking, phishing attacks

NASA has seen "significantly increasing" malicious activity from both nation-state hackers and cybercriminals targeting the US space agency's systems and personnel working from home during the COVID-19 pandemic. [...]

https://www.bleepingcomputer.com/news/security/nasa-under-significantly-increasing-hacking-phishing-attacks/

Chrome 81 Released With 32 Security Fixes and Web NFC API

Google has released Chrome 81 today, April 7th, 2020, to the Stable desktop channel for the Windows, macOS, and Linux with bug fixes, new features, and 32 security fixes. [...]

https://www.bleepingcomputer.com/news/google/chrome-81-released-with-32-security-fixes-and-web-nfc-api/

Microsoft and Google postpone insecure authentication removal

Microsoft says that Basic Authentication's removal from Exchange Online is being postponed until the second half of 2021 due to the current situation created by the COVID-19 pandemic. [...]

https://www.bleepingcomputer.com/news/security/microsoft-and-google-postpone-insecure-authentication-removal/

Microsoft releases April 2020 Office updates with crash fixes

Microsoft released the April 2020 non-security Microsoft Office updates that come with crash fixes, as well as performance and stability improvements for Windows Installer (MSI) editions of Office 2016. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-april-2020-office-updates-with-crash-fixes/

Zoom creates council of CISOs to solve security, privacy issues

Zoom's CEO Eric S. Yuan announced today that the company has formed a CISO council and an advisory board to collaborate and share ideas on how to address the videoconferencing platform's current security and privacy issues. [...]

https://www.bleepingcomputer.com/news/security/zoom-creates-council-of-cisos-to-solve-security-privacy-issues/

Firefox now tells Mozilla what your default browser is every day

Firefox 75 comes with a new telemetry agent that sends information about your operating system and your default browser to Firefox every day. This guide will walk you through disabling this "feature" to protect your privacy. [...]

https://www.bleepingcomputer.com/news/software/firefox-now-tells-mozilla-what-your-default-browser-is-every-day/

Microsoft: No surge in malicious attacks, only more COVID-19 lures

Microsoft says that the volume of malicious attacks hasn't increased but, instead, threat actors have repurposed infrastructure used in previous attacks and rethemed attack campaigns to exploit fears surrounding the COVID-19 pandemic. [...]

https://www.bleepingcomputer.com/news/security/microsoft-no-surge-in-malicious-attacks-only-more-covid-19-lures/

Zoom removes meeting IDs from client title bar to boost security

A new update to the Zoom client has been released that removes the meeting ID from the title bar when conducting meetings to increase security and to prevent them from being exposed in screenshots. [...]

https://www.bleepingcomputer.com/news/software/zoom-removes-meeting-ids-from-client-title-bar-to-boost-security/

Windows 10 is testing WSL Linux integration in File Explorer

Windows 10 is getting improved integration between the Windows Subsystem for Linux (WSL) and File Explorer that allows you to directly access the folders of installed Linux distributions. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-is-testing-wsl-linux-integration-in-file-explorer/

Windows 10 will list unused files and apps you can remove

Windows 10's Storage settings section is getting a new feature called "User cleanup recommendations" that recommends a list of unused files and applications that can be removed to free up disk space. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-will-list-unused-files-and-apps-you-can-remove/

New IoT botnet launches stealthy DDoS attacks, spreads malware

A new botnet is actively targeting IoT devices using payloads compiled for a dozen CPU architectures and uses them to launch several types of DDoS and to spread various types of malware. [...]

https://www.bleepingcomputer.com/news/security/new-iot-botnet-launches-stealthy-ddos-attacks-spreads-malware/

Hackers struggle morally and economically over Coronavirus

With the Coronavirus pandemic in full swing, threat actors are torn about how they should operate during the pandemic, and like everyone else, are also seeing a downturn in the underground hacker marketplace. [...]

https://www.bleepingcomputer.com/news/security/hackers-struggle-morally-and-economically-over-coronavirus/

Phishing emails impersonate the White House and VP Mike Pence

Phishing scammers have started to impersonate President Trump and Vice President Mike Pence in emails that distribute malware or perform extortion scams. [...]

https://www.bleepingcomputer.com/news/security/phishing-emails-impersonate-the-white-house-and-vp-mike-pence/

Travelex Reportedly Paid $2.3 Million Ransom to Restore Operations

Travelex reportedly paid a $2.3 million ransom payment to get their systems back online after being encrypted by a Sodinokibi ransomware attack. [...]

https://www.bleepingcomputer.com/news/security/travelex-reportedly-paid-23-million-ransom-to-restore-operations/