New Thunderbolt security flaws affect systems shipped before 2019

Attackers that gain physical access to Windows, Linux, or macOS devices can access and steal data from their hard drives by exploiting 7 vulnerabilities found in Intel's Thunderbolt hardware interface. [...]

https://www.bleepingcomputer.com/news/security/new-thunderbolt-security-flaws-affect-systems-shipped-before-2019/

Maze ransomware fails to encrypt Pitney Bowes, steals files

Global business services company Pitney Bowes recently stopped an attack from Maze ransomware operators before the encryption routine could be deployed but the actor still managed to steal some data. [...]

https://www.bleepingcomputer.com/news/security/maze-ransomware-fails-to-encrypt-pitney-bowes-steals-files/

WordPress plugin bugs can let hackers take over almost 1M sites

Two high severity vulnerabilities found in the Page Builder WordPress plugin installed on more than 1,000,000 sites can let hackers create new admin accounts, plant backdoors, and ultimately take over the compromised websites. [...]

https://www.bleepingcomputer.com/news/security/wordpress-plugin-bugs-can-let-hackers-take-over-almost-1m-sites/

Microsoft's Family Safety parental control app opens for testing

With the Microsoft Family Safety app for Android and iOS, you can get information about your family's activity including what your kids are doing online and on their devices. [...]

https://www.bleepingcomputer.com/news/microsoft/microsofts-family-safety-parental-control-app-opens-for-testing/

Texas Courts hit by ransomware, network disabled to limit spread

The Texas court system was hit by ransomware on Friday night, May 8th, which led to the branch network including websites and servers being disabled to block the malware from spreading to other systems. [...]

https://www.bleepingcomputer.com/news/security/texas-courts-hit-by-ransomware-network-disabled-to-limit-spread/

Hackers' private chats leaked in stolen WeLeakData database

Ironically, the database for the defunct hacker forum and data breach marketplace called WeLeakData.com is being sold on the dark web and exposes the private conversations of hackers who used the site. [...]

https://www.bleepingcomputer.com/news/security/hackers-private-chats-leaked-in-stolen-weleakdata-database/

Office 365 to let regular users revoke encrypted messages

Microsoft is working on expanding the capability to revoke encrypted email messages sent using the Office 365 Message Encryption (OME) service to regular users as part of a larger effort to prevent data leaks and enterprise data theft. [...]

https://www.bleepingcomputer.com/news/microsoft/office-365-to-let-regular-users-revoke-encrypted-messages/

Researcher finds 1,236 domains infected with credit card stealers

A security researcher collected in a span of a few weeks over 1,000 domains infected with payment card skimmers, showing that the MageCart continues to be a prevalent threat that preys on insecure web shops. [...]

https://www.bleepingcomputer.com/news/security/researcher-finds-1-236-domains-infected-with-credit-card-stealers/

Adobe fixes critical vulnerabilities in Acrobat, Reader, and DNG SDK

Adobe has released security updates for Adobe Acrobat, Reader, and Adobe DNG Software Development Kit that resolve a combined total of thirty-six security vulnerabilities in the three products. [...]

https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-vulnerabilities-in-acrobat-reader-and-dng-sdk/

US govt exposes new North Korean malware, phishing attacks

The US government today released information on three new malware variants used in malicious cyber activity campaigns by a North Korean government-backed hacker group tracked as HIDDEN COBRA. [...]

https://www.bleepingcomputer.com/news/security/us-govt-exposes-new-north-korean-malware-phishing-attacks/

Microsoft Edge rolls out in Windows 10 2004 via Windows Update

Microsoft has started to push out an update to Windows Insiders in the Release preview ring that replaces Microsoft Edge Legacy with the new Chromium-based Microsoft Edge browser. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-rolls-out-in-windows-10-2004-via-windows-update/

Windows 10 Cumulative Updates KB4556799 & KB4551853 Released

Patch Tuesday updates are now rolling out to all supported versions of Windows 10. Like every Patch Tuesday release, the cumulative update comes with security fixes and is rolling out to PCs with November 2019 Update, May 2019 Update and October 2018 Update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-updates-kb4556799-and-kb4551853-released/

May 2020 Patch Tuesday: Microsoft fixes 111 vulnerabilities, 13 Critical

Today is Microsoft's May 2020 Patch Tuesday, and as many system administrators are working remotely, so please be patient as they may not be able to respond quickly. [...]

https://www.bleepingcomputer.com/news/microsoft/may-2020-patch-tuesday-microsoft-fixes-111-vulnerabilities-13-critical/

US govt shares list of most exploited vulnerabilities since 2016

US Government cybersecurity agencies and specialists today have released a list of the top 10 routinely exploited security vulnerabilities between 2016 and 2019. [...]

https://www.bleepingcomputer.com/news/security/us-govt-shares-list-of-most-exploited-vulnerabilities-since-2016/

Windows 10 2004 is almost here, what developers need to know

The Windows Developer Team today detailed the new Windows 10 SDK additions developers should be aware of with the impending release of Windows 10, version 2004 (20H1), now known as Windows 10 May 2020 Update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-2004-is-almost-here-what-developers-need-to-know/

Windows 10 2004 improves potentially unwanted app protection

In the soon to be released Windows 10 2004, otherwise known as the May 2020 Update, Microsoft is finally making it easy to detect potentially unwanted programs and tightly integrating it into the operating system. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-2004-improves-potentially-unwanted-app-protection/

Healthcare giant Magellan Health hit by ransomware attack

Fortune 500 company Magellan Health Inc announced today that it was the victim of a ransomware attack on April 11, 2020, which led to the theft of personal information from one of its corporate servers. [...]

https://www.bleepingcomputer.com/news/security/healthcare-giant-magellan-health-hit-by-ransomware-attack/

SAP May 2020 Security Patch Day delivers critical updates

Enterprise software maker SAP released its May security patches, which cover six critical issues in several of its products, three of them with a severity score very close to maximum. [...]

https://www.bleepingcomputer.com/news/security/sap-may-2020-security-patch-day-delivers-critical-updates/

Ransomware now demands extra payment to delete stolen files

A ransomware family has begun a new tactic of not only demanding a ransom for a decryptor but also demanding a second ransom not to publish files stolen in an attack. [...]

https://www.bleepingcomputer.com/news/security/ransomware-now-demands-extra-payment-to-delete-stolen-files/

US warns of Chinese hackers targeting COVID-19 research orgs

Threat actors affiliated to the People's Republic of China (PRC) are attempting to compromise and collect COVID-19 information from organizations in the US health care, pharmaceutical, and research industry sectors. [...]

https://www.bleepingcomputer.com/news/security/us-warns-of-chinese-hackers-targeting-covid-19-research-orgs/

Microsoft warns of COVID-19 phishing spreading info-stealing malware

Microsoft has discovered a new COVID-19 themed phishing campaign using economic concerns to target businesses with the LokiBot information-stealing Trojan. [...]

https://www.bleepingcomputer.com/news/security/microsoft-warns-of-covid-19-phishing-spreading-info-stealing-malware/