San Francisco retirement program SFERS suffers data breach

The San Francisco Employees' Retirement System (SFERS) has suffered a data breach after an unauthorized person gained access to a database hosted in a test environment. [...]

https://www.bleepingcomputer.com/news/security/san-francisco-retirement-program-sfers-suffers-data-breach/

Office 365 phishing baits remote workers with fake VPN configs

Microsoft Office 365 customers are targeted by a phishing campaign using bait messages camouflaged as notifications sent by their organization to update the VPN configuration they use to access company assets while working from home. [...]

https://www.bleepingcomputer.com/news/security/office-365-phishing-baits-remote-workers-with-fake-vpn-configs/

Windows 10 version 2004 adds new account password policies

Microsoft announced the security baseline draft release for Windows 10 and Windows Server, version 2004, and the intention to add new account password length security policies with the Windows 10 May 2020 Update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-version-2004-adds-new-account-password-policies/

Windows 10 tweaked to prevent accidental file deletion

Windows 10 includes two disk cleanup features that allow users to free up storage space used by unnecessary system and temporary files. Microsoft is making changes to these features to prevent Windows users from deleting files in the Downloads folder by accident. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-tweaked-to-prevent-accidental-file-deletion/

Windows 10 tweaked to prevent accidental file deletion

Windows 10 includes two disk cleanup features that allow users to free up storage space used by unnecessary system and temporary files. Microsoft is making changes to these features to prevent Windows users from deleting files in the Downloads folder by accident. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-tweaked-to-prevent-accidental-file-deletion/

Firefox 77.0.1 released to prevent DDoSing DoH DNS providers

Mozilla just released Firefox 77.0.1 to prevent DDoSing the DNS over HTTPS (DoH) providers selected automatically as part of a wider deployment test run of the standard. [...]

https://www.bleepingcomputer.com/news/security/firefox-7701-released-to-prevent-ddosing-doh-dns-providers/

Netwalker ransomware continues assault on US colleges, hits UCSF

The Netwalker Ransomware operators claim to have successfully attacked the University of California San Francisco (UCSF), stolen unencrypted data, and encrypted their computers. [...]

https://www.bleepingcomputer.com/news/security/netwalker-ransomware-continues-assault-on-us-colleges-hits-ucsf/

Bruteforce malware probes login for popular web platforms

The malware looks for various systems for managing content, databases, and file transfers as well as backup files and administrator login paths. [...]

https://www.bleepingcomputer.com/news/security/bruteforce-malware-probes-login-for-popular-web-platforms/

USBCulprit malware targets air-gapped systems to steal govt info

The newly revealed USBCulprit malware is used by a group known as Cycldek, Conimes, or Goblin Panda and is designed for compromising air-gapped devices via USB. [...]

https://www.bleepingcomputer.com/news/security/usbculprit-malware-targets-air-gapped-systems-to-steal-govt-info/

New Tycoon ransomware targets both Windows and Linux systems

A new human-operated ransomware strain is being deployed in highly targeted attacks targeting small to medium size organizations in the software and education industries since at least December 2019. [...]

https://www.bleepingcomputer.com/news/security/new-tycoon-ransomware-targets-both-windows-and-linux-systems/

Business services giant Conduent allegedly hit by Maze Ransomware

The Maze Ransomware operators are claiming to have successfully attacked business services giant Conduent, where they stole unencrypted files and encrypted devices on their network. [...]

https://www.bleepingcomputer.com/news/security/business-services-giant-conduent-allegedly-hit-by-maze-ransomware/

Hackers tried to steal database logins from 1.3M WordPress sites

A large scale attack targeted hundreds of thousands of WordPress websites over the course of 24 hours, attempting to harvest database credentials by stealing config files after abusing known vulnerabilities in WordPress plugins and themes. [...]

https://www.bleepingcomputer.com/news/security/hackers-tried-to-steal-database-logins-from-13m-wordpress-sites/

Mozilla Firefox to let you export saved passwords in plain text

Mozilla Firefox will soon allow you to export your saved login credentials to a CSV text file that you can then import into a password manager or store as a backup. [...]

https://www.bleepingcomputer.com/news/security/mozilla-firefox-to-let-you-export-saved-passwords-in-plain-text/

CPA Canada discloses data breach affecting 329,000 individuals

Chartered Professional Accountants of Canada (CPA) today disclosed that a cyberattack against the CPA Canada website allowed unauthorized third parties to access the personal information of over 329,000 members and other stakeholders. [...]

https://www.bleepingcomputer.com/news/security/cpa-canada-discloses-data-breach-affecting-329-000-individuals/

Microsoft fixes admin mode bugs affecting Windows 10 PowerToys

Microsoft today released a new version of its open-source PowerToys toolset for Windows 10 with improvements and fixes for issues affecting the search results displayed by the PowerToys Run launcher when running as admin. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-admin-mode-bugs-affecting-windows-10-powertoys/

100,000 company inboxes hit with voice message phishing

Attackers have been pounding employee inboxes at companies that still use private branch eXchange (PBX) telephone systems for communication, delivering phishing that bypasses email defenses. [...]

https://www.bleepingcomputer.com/news/security/100-000-company-inboxes-hit-with-voice-message-phishing/

Ongoing eCh0raix ransomware campaign targets QNAP NAS devices

After remaining relatively quiet over the past few months, the threat actors behind the eCh0raix Ransomware have launched a brand new campaign targeting QNAP storage devices. [...]

https://www.bleepingcomputer.com/news/security/ongoing-ech0raix-ransomware-campaign-targets-qnap-nas-devices/

Microsoft Teams to queue offline messages until back online

The Microsoft Teams cloud collaboration platform is getting support for automatically queueing up messages sent while offline until the device reconnects to the Internet. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-teams-to-queue-offline-messages-until-back-online/

Kupidon is the latest ransomware targeting your data

The latest ransomware that everyone needs to watch out for is called Kupidon, and it targets not only corporate networks, but also your personal data. [...]

https://www.bleepingcomputer.com/news/security/kupidon-is-the-latest-ransomware-targeting-your-data/

Windows 10 SMBGhost bug gets public proof-of-concept RCE exploit

Working exploit code that achieves remote code execution on Windows 10 machines is now publicly available for CVE-2020-0796, a critical vulnerability in Microsoft Server Message Block (SMB 3.1.1). [...]

https://www.bleepingcomputer.com/news/security/windows-10-smbghost-bug-gets-public-proof-of-concept-rce-exploit/

Microsoft dev fixes major annoyance in Chromium browser

A Microsoft developer has contributed a fix for an annoying behavior that has been plaguing web browsers built off of the Chromium engine, such as Google Chrome and Microsoft Edge. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-dev-fixes-major-annoyance-in-chromium-browser/