Doppelpaymer Ransomware hits Los Angeles County city, leaks files

The City of Torrance of the Los Angeles metropolitan area, California, has allegedly been attacked by the DoppelPaymer Ransomware, having unencrypted data stolen and devices encrypted. [...]

https://www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-hits-los-angeles-county-city-leaks-files/

Microsoft releases OOB security updates for Microsoft Office

Microsoft has released an out-of-band security update that fixes remote code execution vulnerabilities in an Autodesk FBX library integrated into Microsoft Office and Paint 3D applications. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-oob-security-updates-for-microsoft-office/

Revive ad servers being hacked to distribute malicious ads

The Tag Barnakle malvertising group is hacking into Revive ad servers to inject and deliver malicious advertisements on unwary visitors. [...]

https://www.bleepingcomputer.com/news/security/revive-ad-servers-being-hacked-to-distribute-malicious-ads/

Window 10 update weakened Google Chrome's security

A Windows 10 kernel bug made it possible to escape Google Chrome's sandbox, a security researcher with Google Project Zero found. The vulnerability was introduced with version 1903 of the operating system on May 21, 2019. [...]

https://www.bleepingcomputer.com/news/security/window-10-update-weakened-google-chromes-security/

New iOS zero-days actively used against high-profile targets

Two zero-day vulnerabilities affecting iPhone and iPad devices were found by cybersecurity startup ZecOps after the discovery of a series of ongoing remote attacks that have targeted iOS users since at least January 2018. [...]

https://www.bleepingcomputer.com/news/security/new-ios-zero-days-actively-used-against-high-profile-targets/

State-backed phishing targets govt employees with fast food lures

More than a dozen state-backed hacking groups are actively targeting U.S. Government employees and healthcare organizations in phishing campaigns that use lures designed to take advantage of the fears surrounding the COVID-19 pandemic. [...]

https://www.bleepingcomputer.com/news/security/state-backed-phishing-targets-govt-employees-with-fast-food-lures/

Valve reassures gamers after CS:GO and Team Fortress 2 leaks

The source code of Valve's Team Fortress 2 and Counter-Strike: Global Offensive games was leaked today and published on the Internet for anyone to download. [...]

https://www.bleepingcomputer.com/news/security/valve-reassures-gamers-after-cs-go-and-team-fortress-2-leaks/

Customer complaint phishing pushes network hacking malware

A new phishing campaign is underway that targets a company's employees with fake customer complaints that install a new backdoor used to compromise a network. [...]

https://www.bleepingcomputer.com/news/security/customer-complaint-phishing-pushes-network-hacking-malware/

Malwarebytes releases new VPN service for Windows

Malwarebytes is expanding into privacy with the release of a new Windows VPN service called Malwarebytes Privacy. Malwarebytes plans on offering Mac, iOS, Android, and ChromeOS versions in the future. [...]

https://www.bleepingcomputer.com/news/security/malwarebytes-releases-new-vpn-service-for-windows/

Creative Skype phishing campaign uses Google's .app gTLD

Attackers have deployed a phishing campaign against remote workers using Skype, luring them with emails that fake notifications from the service. [...]

https://www.bleepingcomputer.com/news/security/creative-skype-phishing-campaign-uses-googles-app-gtld/

NSA: Hackers exploit these vulnerabilities to deploy backdoors

The U.S. National Security Agency (NSA) and the Australian Signals Directorate (ASD) have jointly issued an advisory warning of threat actors increasingly exploiting vulnerable web servers to deploy web shells. [...]

https://www.bleepingcomputer.com/news/security/nsa-hackers-exploit-these-vulnerabilities-to-deploy-backdoors/

New GreyNoise free service alerts you when your devices get hacked

Cyber-security firm GreyNoise Intelligence ​​​​​​​today announced the launch of GreyNoise Alerts, a new free service that will automatically notify you via email when any devices on your organization's IP address range get hacked and start exhibiting potentially malicious behavior. [...]

https://www.bleepingcomputer.com/news/security/new-greynoise-free-service-alerts-you-when-your-devices-get-hacked/

SeaChange video platform allegedly hit by Sodinokibi ransomware

A video delivery platform company is the latest victim of the Sodinokibi Ransomware, who has posted images of data they claim to have stolen from the company during a cyberattack. [...]

https://www.bleepingcomputer.com/news/security/seachange-video-platform-allegedly-hit-by-sodinokibi-ransomware/

Windows 10 KB4549951 update fails to install, causes BSODs

The Windows 10 KB4549951 ​​​​​​​cumulative update is reportedly failing to install and is causing blue screens of death (BSOD) after installation reboots, among other issues, according to user reports. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4549951-update-fails-to-install-causes-bsods/

Phishing spoofs US Federal Reserve to steal online bank accounts

Scammers have been sending out emails that impersonate the U.S. Federal reserve and lure recipients with financial relief options through the Payment Protection Program. [...]

https://www.bleepingcomputer.com/news/security/phishing-spoofs-us-federal-reserve-to-steal-online-bank-accounts/

400.000 US, South Korean card records put up for sale online

Details on roughly 400,000 payment cards related to US and South Korean financial organizations and banks are currently up for sale on Joker's Stash, the largest and most popular carding shop on the Internet. [...]

https://www.bleepingcomputer.com/news/security/400000-us-south-korean-card-records-put-up-for-sale-online/

US universities targeted with malware used by state-backed actors

Faculty and students at several U.S. colleges and universities were targeted in phishing attacks with a remote access Trojan (RAT) previously used by Chinese state-sponsored threat actors. [...]

https://www.bleepingcomputer.com/news/security/us-universities-targeted-with-malware-used-by-state-backed-actors/

BazarBackdoor: TrickBot gang’s new stealthy network-hacking malware

A new phishing campaign is delivering a new stealthy backdoor from the developers of TrickBot that is used to compromise and gain full access to corporate networks. [...]

https://www.bleepingcomputer.com/news/security/bazarbackdoor-trickbot-gang-s-new-stealthy-network-hacking-malware/

Researchers: 30,000% increase in pandemic-related threats

An increase of 30,000% in pandemic-related malicious attacks and malware was seen in March by security researchers at cloud security firm Zscaler when compared to the beginning of 2020 when the first threats started using COVID-19-related lures and themes. [...]

https://www.bleepingcomputer.com/news/security/researchers-30-000-percent-increase-in-pandemic-related-threats/

Phishing attacks target US Payroll Protection Program Loans

With hundreds of thousands of small businesses in the USA anxiously awaiting news about their submitted Payroll Protection Program SBA loans, threat actors are sending phishing emails that prey on their anxiety to steal email accounts. [...]

https://www.bleepingcomputer.com/news/security/phishing-attacks-target-us-payroll-protection-program-loans/

Phishing uses lay-off Zoom meeting alerts to steal credentials

Zoom users are targeted by a new phishing campaign that threatens those who work in corporate environments that they're contracts will either be suspended or terminated during a Zoom meeting. [...]

https://www.bleepingcomputer.com/news/security/phishing-uses-lay-off-zoom-meeting-alerts-to-steal-credentials/