Microsoft buys corp.com to prevent Windows account hijacking

Microsoft has purchased the Corp.com domain to prevent it from being used by malicious actors to steal Windows credentials, monitor customer traffic, or serve malicious files. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-buys-corpcom-to-prevent-windows-account-hijacking/

Drug testing firm sends data breach alerts after ransomware attack

Hammersmith Medicines Research LTD (HMR), a research company on standby to perform live trials of Coronavirus vaccines, has started emailing data breach notifications after having their data stolen and published in a ransomware attack. [...]

https://www.bleepingcomputer.com/news/security/drug-testing-firm-sends-data-breach-alerts-after-ransomware-attack/

NASA under 'significantly increasing' hacking, phishing attacks

NASA has seen "significantly increasing" malicious activity from both nation-state hackers and cybercriminals targeting the US space agency's systems and personnel working from home during the COVID-19 pandemic. [...]

https://www.bleepingcomputer.com/news/security/nasa-under-significantly-increasing-hacking-phishing-attacks/

Chrome 81 Released With 32 Security Fixes and Web NFC API

Google has released Chrome 81 today, April 7th, 2020, to the Stable desktop channel for the Windows, macOS, and Linux with bug fixes, new features, and 32 security fixes. [...]

https://www.bleepingcomputer.com/news/google/chrome-81-released-with-32-security-fixes-and-web-nfc-api/

Microsoft and Google postpone insecure authentication removal

Microsoft says that Basic Authentication's removal from Exchange Online is being postponed until the second half of 2021 due to the current situation created by the COVID-19 pandemic. [...]

https://www.bleepingcomputer.com/news/security/microsoft-and-google-postpone-insecure-authentication-removal/

Microsoft releases April 2020 Office updates with crash fixes

Microsoft released the April 2020 non-security Microsoft Office updates that come with crash fixes, as well as performance and stability improvements for Windows Installer (MSI) editions of Office 2016. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-april-2020-office-updates-with-crash-fixes/

Zoom creates council of CISOs to solve security, privacy issues

Zoom's CEO Eric S. Yuan announced today that the company has formed a CISO council and an advisory board to collaborate and share ideas on how to address the videoconferencing platform's current security and privacy issues. [...]

https://www.bleepingcomputer.com/news/security/zoom-creates-council-of-cisos-to-solve-security-privacy-issues/

Firefox now tells Mozilla what your default browser is every day

Firefox 75 comes with a new telemetry agent that sends information about your operating system and your default browser to Firefox every day. This guide will walk you through disabling this "feature" to protect your privacy. [...]

https://www.bleepingcomputer.com/news/software/firefox-now-tells-mozilla-what-your-default-browser-is-every-day/

Microsoft: No surge in malicious attacks, only more COVID-19 lures

Microsoft says that the volume of malicious attacks hasn't increased but, instead, threat actors have repurposed infrastructure used in previous attacks and rethemed attack campaigns to exploit fears surrounding the COVID-19 pandemic. [...]

https://www.bleepingcomputer.com/news/security/microsoft-no-surge-in-malicious-attacks-only-more-covid-19-lures/

Zoom removes meeting IDs from client title bar to boost security

A new update to the Zoom client has been released that removes the meeting ID from the title bar when conducting meetings to increase security and to prevent them from being exposed in screenshots. [...]

https://www.bleepingcomputer.com/news/software/zoom-removes-meeting-ids-from-client-title-bar-to-boost-security/

Windows 10 is testing WSL Linux integration in File Explorer

Windows 10 is getting improved integration between the Windows Subsystem for Linux (WSL) and File Explorer that allows you to directly access the folders of installed Linux distributions. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-is-testing-wsl-linux-integration-in-file-explorer/

Windows 10 will list unused files and apps you can remove

Windows 10's Storage settings section is getting a new feature called "User cleanup recommendations" that recommends a list of unused files and applications that can be removed to free up disk space. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-will-list-unused-files-and-apps-you-can-remove/

New IoT botnet launches stealthy DDoS attacks, spreads malware

A new botnet is actively targeting IoT devices using payloads compiled for a dozen CPU architectures and uses them to launch several types of DDoS and to spread various types of malware. [...]

https://www.bleepingcomputer.com/news/security/new-iot-botnet-launches-stealthy-ddos-attacks-spreads-malware/

Hackers struggle morally and economically over Coronavirus

With the Coronavirus pandemic in full swing, threat actors are torn about how they should operate during the pandemic, and like everyone else, are also seeing a downturn in the underground hacker marketplace. [...]

https://www.bleepingcomputer.com/news/security/hackers-struggle-morally-and-economically-over-coronavirus/

Phishing emails impersonate the White House and VP Mike Pence

Phishing scammers have started to impersonate President Trump and Vice President Mike Pence in emails that distribute malware or perform extortion scams. [...]

https://www.bleepingcomputer.com/news/security/phishing-emails-impersonate-the-white-house-and-vp-mike-pence/

Travelex Reportedly Paid $2.3 Million Ransom to Restore Operations

Travelex reportedly paid a $2.3 million ransom payment to get their systems back online after being encrypted by a Sodinokibi ransomware attack. [...]

https://www.bleepingcomputer.com/news/security/travelex-reportedly-paid-23-million-ransom-to-restore-operations/

Visa urges merchants to migrate e-commerce sites to Magento 2.x

Payments processor Visa is urging merchants to migrate their online stores to Magento 2.x before the Magento 1.x e-commerce platform reaches end-of-life (EoL) in June 2020 to avoid exposing their stores to Magecart attacks and to remain PCI compliant. [...]

https://www.bleepingcomputer.com/news/security/visa-urges-merchants-to-migrate-e-commerce-sites-to-magento-2x/

Leak shows Windows 10 2004 could come as 'May 2020 Update'

A PowerShell command has leaked that the name of the upcoming Windows 10 2004 feature update is going to be called the "May 2020 Update" and that the 20H2 version coming after will be codenamed "Manganese". [...]

https://www.bleepingcomputer.com/news/microsoft/leak-shows-windows-10-2004-could-come-as-may-2020-update/

Over 3.6M users installed iOS fleeceware from Apple’s App Store

Developers of fleeceware apps are now using the Apple App Store as a distribution platform having already successfully delivered their iOS apps onto over 3.5 million iPhone and iPad devices according to a report from Sophos. [...]

https://www.bleepingcomputer.com/news/security/over-36m-users-installed-ios-fleeceware-from-apple-s-app-store/

The Sandboxie Windows sandbox isolation tool is now open-source!

Cybersecurity firm Sophos announced today that it has open-sourced the Sandboxie Windows sandbox-based isolation utility 15 years after it was released. [...]

https://www.bleepingcomputer.com/news/software/the-sandboxie-windows-sandbox-isolation-tool-is-now-open-source/

US wants to ban China Telecom over national cybersecurity risks

Several U.S. Executive Branch agencies are asking the Federal Communications Commission (FCC) to block China Telecom Americas authorization to operate within the United States over significant cybersecurity risks. [...]

https://www.bleepingcomputer.com/news/security/us-wants-to-ban-china-telecom-over-national-cybersecurity-risks/