Hackers say they stole millions of credit cards from Banco BCR

Hackers claim to have gained access to the network of Banco BCR, the state-owned Bank of Costa Rica, and stolen 11 million credit card credentials along with other data. [...]

https://www.bleepingcomputer.com/news/security/hackers-say-they-stole-millions-of-credit-cards-from-banco-bcr/

French daily Le Figaro database exposes users’ personal info

French daily newspaper Le Figaro exposed roughly 7.4 billion records containing personally identifiable information (PII) of reporters and employees, as well as of at least 42,000 users. [...]

https://www.bleepingcomputer.com/news/security/french-daily-le-figaro-database-exposes-users-personal-info/

Convincing Office 365 phishing uses fake Microsoft Teams alerts

A highly convincing phishing campaign is using cloned imagery from automated Microsoft Teams notifications in attacks that attempt to harvest Office 365 credentials. [...]

https://www.bleepingcomputer.com/news/security/convincing-office-365-phishing-uses-fake-microsoft-teams-alerts/

New phishing campaign packs an info-stealer, ransomware punch

A new phishing campaign is distributing a double-punch of a LokiBot information-stealing malware along with a second payload in the form of the Jigsaw Ransomware. [...]

https://www.bleepingcomputer.com/news/security/new-phishing-campaign-packs-an-info-stealer-ransomware-punch/

Hackers breach company’s MDM server to spread Android malware

Attackers infected more than 75% of a multinational conglomerate's managed Android devices with the Cerberus banking trojan using the company's compromised Mobile Device Manager (MDM) server. [...]

https://www.bleepingcomputer.com/news/security/hackers-breach-company-s-mdm-server-to-spread-android-malware/

FCC: No more warnings for robocallers before fines

The US Federal Communications Commission (FCC) today issued an order saying that it will no longer warn robocallers before fining them for harassing consumers and violating the law. [...]

https://www.bleepingcomputer.com/news/security/fcc-no-more-warnings-for-robocallers-before-fines/

The Week in Ransomware - May 1st 2020 - Banishing the Shade

For the victims of the Shade Ransomware, otherwise known as Troldesh, this was an excellent week as the threat actors released over 750,000 decryption keys for their victims. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-1st-2020-banishing-the-shade/

Microsoft Edge getting improved security, work at home features

Microsoft is testing a new version of Edge with Insiders and it comes with multiple new features including improved SmartScreen support. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-getting-improved-security-work-at-home-features/

Opening 100 tabs in Google Chrome Mobile gets you a smiley face

Today I learned something new; Google Chrome Mobile has an Easter egg that turns the tab count into a smiley face when you have over 100 tabs. [...]

https://www.bleepingcomputer.com/news/google/opening-100-tabs-in-google-chrome-mobile-gets-you-a-smiley-face/

Sodinokibi, Ryuk ransomware drive up average ransom to $111,000

The first quarter of the year recorded an increase of the average amount ransomware operators demand from their victims. Compared to the previous quarter, a 33% swell was noted, driven by the Sodinokibi and Ryuk ransomware operators. [...]

https://www.bleepingcomputer.com/news/security/sodinokibi-ryuk-ransomware-drive-up-average-ransom-to-111-000/

Xiaomi tracks private browser and phone usage, defends behavior

New research claims that China-based Xiaomi is tracking sensitive information and sending it to their servers if you use the Mi browser, which is bundled with all Redmi and Mi phones. [...]

https://www.bleepingcomputer.com/news/technology/xiaomi-tracks-private-browser-and-phone-usage-defends-behavior/

Debloating Windows 10 and increasing privacy with SharpApp

A new utility called SharpApp has been released that helps you debloat and increase privacy in Windows 10 by uninstalling preinstalled apps and disabling various telemetry settings. [...]

https://www.bleepingcomputer.com/news/microsoft/debloating-windows-10-and-increasing-privacy-with-sharpapp/

Hacker sells 91 million Tokopedia accounts, cracked passwords shared

A hacker is selling a database containing the information of 91 million Tokopedia accounts on a dark web market for as little as $5,000. Other threat actors have already started to crack passwords and share them online. [...]

https://www.bleepingcomputer.com/news/security/hacker-sells-91-million-tokopedia-accounts-cracked-passwords-shared/

LineageOS outage caused by hackers breaching main infrastructure

Administrators of LineageOS‌ Android custom operating system were on high alert on Saturday after hackers breached their main infrastructure, causing a full outage. [...]

https://www.bleepingcomputer.com/news/security/lineageos-outage-caused-by-hackers-breaching-main-infrastructure/

CAM4 adult cam site exposes 11 million emails, private chats

Adult live streaming website CAM4 exposed over 7TB of personally identifiable information (PII) of members and users, stored within more than 10.88 billion database records. [...]

https://www.bleepingcomputer.com/news/security/cam4-adult-cam-site-exposes-11-million-emails-private-chats/

Hackers exploit Salt RCE bugs in widespread attacks, PoCs public

Hackers kept busy this weekend exploiting vulnerable Salt instances used in various infrastructures for server management and automation. [...]

https://www.bleepingcomputer.com/news/security/hackers-exploit-salt-rce-bugs-in-widespread-attacks-pocs-public/

New VCrypt Ransomware locks files in password-protected 7ZIPs

A new ransomware called VCrypt is targeting French victims by utilizing the legitimate 7zip command-line program to create password-protected archives of data folders. [...]

https://www.bleepingcomputer.com/news/security/new-vcrypt-ransomware-locks-files-in-password-protected-7zips/

Office 365 to stop data theft by disabling external forwarding

Microsoft is planning to put a stop to enterprise data theft via email forwarding by disabling Office 365's email forwarding to external recipients by default. [...]

https://www.bleepingcomputer.com/news/security/office-365-to-stop-data-theft-by-disabling-external-forwarding/

LockBit ransomware self-spreads to quickly encrypt 225 systems

A feature of the LockBit ransomware allows threat actors to breach a corporate network and deploy their ransomware to encrypt hundreds of devices in just a few hours. [...]

https://www.bleepingcomputer.com/news/security/lockbit-ransomware-self-spreads-to-quickly-encrypt-225-systems/

GoDaddy notifies users of breached hosting accounts

GoDaddy notified some of its customers that it had to reset their passwords after an unauthorized party used their web hosting account credentials to connect to their hosting account via SSH. [...]

https://www.bleepingcomputer.com/news/security/godaddy-notifies-users-of-breached-hosting-accounts/

GitHub shuts down Popcorn Time repositories due to MPA DMCA notice

GitHub has shut down two repositories belonging to the video streaming BitTorrent client Popcorn Time after receiving a Digital Millennium Copyright Act (DMCA) infringement notice from the Motion Picture Association. [...]

https://www.bleepingcomputer.com/news/software/github-shuts-down-popcorn-time-repositories-due-to-mpa-dmca-notice/