Microsoft: Trickbot in hundreds of unique COVID-19 lures per week

TrickBot is, at the moment, the malware showing up in the highest number of unique COVID-19 related malicious emails and attachments delivered to potential victims' inboxes based on Microsoft's Office 365 Advanced Threat Protection (ATP) data. [...]

https://www.bleepingcomputer.com/news/security/microsoft-trickbot-in-hundreds-of-unique-covid-19-lures-per-week/

The Week in Ransomware - April 17th 2020 - Changing Tactics

There was not a lot of new ransomware variants released this week, but some pretty interesting news about operations changing their tactics to remain more profitable and to evade law enforcement. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-17th-2020-changing-tactics/

US govt: Hacker used stolen AD credentials to ransom hospitals

Hackers have deployed ransomware on the systems of U.S. hospitals and government entities using Active Directory credentials stolen months after exploiting a known remote code execution (RCE) vulnerability in their Pulse Secure VPN servers. [...]

https://www.bleepingcomputer.com/news/security/us-govt-hacker-used-stolen-ad-credentials-to-ransom-hospitals/

Windows 10 making it easier to manage default file associations

Microsoft is making it easier to change your default file associations by adding a new search feature that lets you quickly find the extension you wish to modify. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-making-it-easier-to-manage-default-file-associations/

IT services giant Cognizant suffers Maze Ransomware cyber attack

Information technologies services giant Cognizant suffered a cyber attack Friday night allegedly by the operators of the Maze Ransomware, BleepingComputer has learned. [...]

https://www.bleepingcomputer.com/news/security/it-services-giant-cognizant-suffers-maze-ransomware-cyber-attack/

Coronavirus Dark Web Scams: From infected blood to ventilators

The dark web has always been a cesspool of black markets and conspiracy theories, but now with the Coronavirus outbreak, scammers have a new and more desperate audience to target their scams. [...]

https://www.bleepingcomputer.com/news/security/coronavirus-dark-web-scams-from-infected-blood-to-ventilators/

Windows 10: Manage Reserved Storage from the command line

In a couple of weeks, Windows May 2020 Update will begin rolling out to consumers and enterprises and it will arrive with the ability to manage Reserved Storage from the command line. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-manage-reserved-storage-from-the-command-line/

FBI: Extortion scammers more active due to stay-at-home orders

The U.S. Federal Bureau of Investigation (FBI) warned today of an increasing number of online extortion scam reports because a lot more people are being targeted due to the "stay-at-home" orders issued during the COVID-19 pandemic. [...]

https://www.bleepingcomputer.com/news/security/fbi-extortion-scammers-more-active-due-to-stay-at-home-orders/

267 million Facebook profiles sold for $600 on the dark web

Threat actors are selling over 267 million Facebook profiles for £500 ($623) on dark web sites and hacker forums. While none of these records include passwords, they do contain information that could allow attackers to perform spear phishing or SMS attacks to steal credentials. [...]

https://www.bleepingcomputer.com/news/security/267-million-facebook-profiles-sold-for-600-on-the-dark-web/

Windows 10 SMBGhost RCE exploit demoed by researchers

A proof-of-concept remote code execution (RCE) exploit for the Windows 10 CVE-2020-0796 'wormable' pre-auth remote code execution vulnerability was developed and demoed today by researchers at Ricerca Security. [...]

https://www.bleepingcomputer.com/news/security/windows-10-smbghost-rce-exploit-demoed-by-researchers/

How to download the Windows 10 2004 ISO from Microsoft now

Microsoft announced last week that the Windows 10 2004 build 19041.207 is the final RTM version and will be released next month as the Windows 10 May 2020 Update. For those who want to download an ISO and perform a clean install of Windows 10 2004 before it's released, you use the following instructions. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-download-the-windows-10-2004-iso-from-microsoft-now/

FBI says that sharing personal info online only helps scammers

The FBI's Charlotte office today warned against the sharing of sensitive personal information on social media as threat actors can take advantage of it to reset passwords and gain full control of accounts and the data stored within. [...]

https://www.bleepingcomputer.com/news/security/fbi-says-that-sharing-personal-info-online-only-helps-scammers/

Spearphishing campaigns target oil, gas companies with spyware

Cybercriminals are targeting the oil and gas industry sector with highly targeted spearphishing campaigns impersonating shipment companies and engineering contractors while attempting to infect their targets with Agent Tesla info-stealer malware payloads. [...]

https://www.bleepingcomputer.com/news/security/spearphishing-campaigns-target-oil-gas-companies-with-spyware/

New Coronavirus screenlocker malware is extremely annoying

A fake WiFi hacking program is being used to distribute a new Coronavirus-themed malware that tries to lock you out of Windows while making some very annoying sounds. [...]

https://www.bleepingcomputer.com/news/security/new-coronavirus-screenlocker-malware-is-extremely-annoying/

New Microsoft 365 Personal and Family released with AI editor

Microsoft 365 Personal and Family consumer subscriptions are now generally available to replace some Office 365 plans and to add more features for both free and premium accounts. [...]

https://www.bleepingcomputer.com/news/microsoft/new-microsoft-365-personal-and-family-released-with-ai-editor/

Researcher discloses four IBM zero-days after refusal to fix

Four zero-day vulnerabilities found in an IBM enterprise security software were disclosed today by a security researcher after IBM refused to fix them and to accept the vulnerability report sent via CERT/CC. [...]

https://www.bleepingcomputer.com/news/security/researcher-discloses-four-ibm-zero-days-after-refusal-to-fix/

Windows 10 KB4550945 update released with Windows Update fixes

Microsoft has released a Windows 10 update that fixes multiple bugs in Windows 10, version 1909 and Windows 10, version 1903, including issue causing Windows Update to stop responding and the lock screen to stop appearing. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4550945-update-released-with-windows-update-fixes/

FBI warns of COVID-19 phishing targeting US health providers

The U.S. Federal Bureau of Investigation (FBI) today warned of ongoing phishing campaigns targeting US healthcare providers using COVID-19 themed lures to distribute malicious attachments. [...]

https://www.bleepingcomputer.com/news/security/fbi-warns-of-covid-19-phishing-targeting-us-health-providers/

Doppelpaymer Ransomware hits Los Angeles County city, leaks files

The City of Torrance of the Los Angeles metropolitan area, California, has allegedly been attacked by the DoppelPaymer Ransomware, having unencrypted data stolen and devices encrypted. [...]

https://www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-hits-los-angeles-county-city-leaks-files/

Microsoft releases OOB security updates for Microsoft Office

Microsoft has released an out-of-band security update that fixes remote code execution vulnerabilities in an Autodesk FBX library integrated into Microsoft Office and Paint 3D applications. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-oob-security-updates-for-microsoft-office/

Revive ad servers being hacked to distribute malicious ads

The Tag Barnakle malvertising group is hacking into Revive ad servers to inject and deliver malicious advertisements on unwary visitors. [...]

https://www.bleepingcomputer.com/news/security/revive-ad-servers-being-hacked-to-distribute-malicious-ads/