Microsoft Sway abused in PerSwaysion spear-phishing operation

Multiple threat actors running phishing attacks on corporate targets have been counting on Microsoft Sway service to trick victims into giving their Office 365 login credentials. [...]

https://www.bleepingcomputer.com/news/security/microsoft-sway-abused-in-perswaysion-spear-phishing-operation/

New Android malware steals financial information, bypasses 2FA

A new banking Trojan can steal financial information from Android users across the United States and several European countries, including the UK, Germany, Italy, Spain, Switzerland, and France. [...]

https://www.bleepingcomputer.com/news/security/new-android-malware-steals-financial-information-bypasses-2fa/

Shade Ransomware Decryptor can now decrypt over 750K victims

Kaspersky has released an updated decryptor for the Shade Ransomware (Troldesh) that allows all victims who have their files encrypted to recover them for free. [...]

https://www.bleepingcomputer.com/news/security/shade-ransomware-decryptor-can-now-decrypt-over-750k-victims/

Ninja Forms WordPress plugin patch prevents takeover of 1M sites

The developers of Ninja Forms, a WordPress plugin with more than 1 million installations, have fixed a high severity security vulnerability that can let attackers inject malicious code and take over websites using an unpatched version of the plugin. [...]

https://www.bleepingcomputer.com/news/security/ninja-forms-wordpress-plugin-patch-prevents-takeover-of-1m-sites/

US govt agencies to disable DoH until federal service is ready

US government agencies' chief information officers were recommended to disable third-party encrypted DNS services until an official DNS resolution service with DNS over HTTPS (DoH) and DNS over TLS (DoT) support is ready. [...]

https://www.bleepingcomputer.com/news/security/us-govt-agencies-to-disable-doh-until-federal-service-is-ready/

Hackers say they stole millions of credit cards from Banco BCR

Hackers claim to have gained access to the network of Banco BCR, the state-owned Bank of Costa Rica, and stolen 11 million credit card credentials along with other data. [...]

https://www.bleepingcomputer.com/news/security/hackers-say-they-stole-millions-of-credit-cards-from-banco-bcr/

French daily Le Figaro database exposes users’ personal info

French daily newspaper Le Figaro exposed roughly 7.4 billion records containing personally identifiable information (PII) of reporters and employees, as well as of at least 42,000 users. [...]

https://www.bleepingcomputer.com/news/security/french-daily-le-figaro-database-exposes-users-personal-info/

Convincing Office 365 phishing uses fake Microsoft Teams alerts

A highly convincing phishing campaign is using cloned imagery from automated Microsoft Teams notifications in attacks that attempt to harvest Office 365 credentials. [...]

https://www.bleepingcomputer.com/news/security/convincing-office-365-phishing-uses-fake-microsoft-teams-alerts/

New phishing campaign packs an info-stealer, ransomware punch

A new phishing campaign is distributing a double-punch of a LokiBot information-stealing malware along with a second payload in the form of the Jigsaw Ransomware. [...]

https://www.bleepingcomputer.com/news/security/new-phishing-campaign-packs-an-info-stealer-ransomware-punch/

Hackers breach company’s MDM server to spread Android malware

Attackers infected more than 75% of a multinational conglomerate's managed Android devices with the Cerberus banking trojan using the company's compromised Mobile Device Manager (MDM) server. [...]

https://www.bleepingcomputer.com/news/security/hackers-breach-company-s-mdm-server-to-spread-android-malware/

FCC: No more warnings for robocallers before fines

The US Federal Communications Commission (FCC) today issued an order saying that it will no longer warn robocallers before fining them for harassing consumers and violating the law. [...]

https://www.bleepingcomputer.com/news/security/fcc-no-more-warnings-for-robocallers-before-fines/

The Week in Ransomware - May 1st 2020 - Banishing the Shade

For the victims of the Shade Ransomware, otherwise known as Troldesh, this was an excellent week as the threat actors released over 750,000 decryption keys for their victims. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-1st-2020-banishing-the-shade/

Microsoft Edge getting improved security, work at home features

Microsoft is testing a new version of Edge with Insiders and it comes with multiple new features including improved SmartScreen support. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-getting-improved-security-work-at-home-features/

Opening 100 tabs in Google Chrome Mobile gets you a smiley face

Today I learned something new; Google Chrome Mobile has an Easter egg that turns the tab count into a smiley face when you have over 100 tabs. [...]

https://www.bleepingcomputer.com/news/google/opening-100-tabs-in-google-chrome-mobile-gets-you-a-smiley-face/

Sodinokibi, Ryuk ransomware drive up average ransom to $111,000

The first quarter of the year recorded an increase of the average amount ransomware operators demand from their victims. Compared to the previous quarter, a 33% swell was noted, driven by the Sodinokibi and Ryuk ransomware operators. [...]

https://www.bleepingcomputer.com/news/security/sodinokibi-ryuk-ransomware-drive-up-average-ransom-to-111-000/

Xiaomi tracks private browser and phone usage, defends behavior

New research claims that China-based Xiaomi is tracking sensitive information and sending it to their servers if you use the Mi browser, which is bundled with all Redmi and Mi phones. [...]

https://www.bleepingcomputer.com/news/technology/xiaomi-tracks-private-browser-and-phone-usage-defends-behavior/

Debloating Windows 10 and increasing privacy with SharpApp

A new utility called SharpApp has been released that helps you debloat and increase privacy in Windows 10 by uninstalling preinstalled apps and disabling various telemetry settings. [...]

https://www.bleepingcomputer.com/news/microsoft/debloating-windows-10-and-increasing-privacy-with-sharpapp/

Hacker sells 91 million Tokopedia accounts, cracked passwords shared

A hacker is selling a database containing the information of 91 million Tokopedia accounts on a dark web market for as little as $5,000. Other threat actors have already started to crack passwords and share them online. [...]

https://www.bleepingcomputer.com/news/security/hacker-sells-91-million-tokopedia-accounts-cracked-passwords-shared/

LineageOS outage caused by hackers breaching main infrastructure

Administrators of LineageOS‌ Android custom operating system were on high alert on Saturday after hackers breached their main infrastructure, causing a full outage. [...]

https://www.bleepingcomputer.com/news/security/lineageos-outage-caused-by-hackers-breaching-main-infrastructure/

CAM4 adult cam site exposes 11 million emails, private chats

Adult live streaming website CAM4 exposed over 7TB of personally identifiable information (PII) of members and users, stored within more than 10.88 billion database records. [...]

https://www.bleepingcomputer.com/news/security/cam4-adult-cam-site-exposes-11-million-emails-private-chats/

Hackers exploit Salt RCE bugs in widespread attacks, PoCs public

Hackers kept busy this weekend exploiting vulnerable Salt instances used in various infrastructures for server management and automation. [...]

https://www.bleepingcomputer.com/news/security/hackers-exploit-salt-rce-bugs-in-widespread-attacks-pocs-public/