US energy providers hit with new malware in targeted attacks

Several U.S. energy providers were targeted by spear-phishing campaigns delivering a new remote access trojan (RAT) capable of providing attackers with full control over infected systems. [...]

https://www.bleepingcomputer.com/news/security/us-energy-providers-hit-with-new-malware-in-targeted-attacks/

Hackers are attacking the German PPE supply chain

Hackers are attacking high ranking executives of a German multinational corporation part of a government-private sector personal protective equipment (PPE) procurement task force. [...]

https://www.bleepingcomputer.com/news/security/hackers-are-attacking-the-german-ppe-supply-chain/

CallStranger UPnP bug allows data theft, DDoS attacks, LAN scans

A vulnerability in the Universal Plug and Play protocol implemented in billions of devices can be exploited to exfiltrate data, turn them into bots for distributed denial-of-service attacks (DDoS), and scan internal networks. [...]

https://www.bleepingcomputer.com/news/security/callstranger-upnp-bug-allows-data-theft-ddos-attacks-lan-scans/

Maze Ransomware adds Ragnar Locker to its extortion cartel

A second ransomware gang has partnered with Maze Ransomware to use their data leak platform to extort victims whose unencrypted files were stolen. [...]

https://www.bleepingcomputer.com/news/security/maze-ransomware-adds-ragnar-locker-to-its-extortion-cartel/

Microsoft now uses Windows 10 Search to promote Bing Searches

Microsoft has started to display "Learn something new" alerts that promote Bing search categories via the Windows 10 search field. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-now-uses-windows-10-search-to-promote-bing-searches/

Valak malware gets new plugin to steal Outlook login credentials

Authors of the Valak information stealer are focusing more and more on stealing email credentials as researchers find a new module specifically built for this purpose. [...]

https://www.bleepingcomputer.com/news/security/valak-malware-gets-new-plugin-to-steal-outlook-login-credentials/

Adobe fixes critical remote code execution bug in Flash Player

Adobe has released security updates for Adobe Flash Player, Adobe Experience Manager, and Adobe Framemaker that fix ten security vulnerabilities in the three products. [...]

https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-remote-code-execution-bug-in-flash-player/

New SGAxe attack steals protected data from Intel SGX enclaves

Intel processors are vulnerable to a new attack known as SGAxe that breaches the security guarantees of Intel Software Guard eXtensions (SGX) enclaves. It is designed to specifically target and leak data from Intel processors. [...]

https://www.bleepingcomputer.com/news/security/new-sgaxe-attack-steals-protected-data-from-intel-sgx-enclaves/

Windows 10 Cumulative Updates KB4557957 & KB4560960 Released

The June 2020 Patch Tuesday updates are now rolling out and you can download and install the latest security fixes on supported versions of Windows 10. Like every Patch Tuesday release, the cumulative update comes with security fixes and general bug fixes, and the patch is rolling out to PCs with May 2020 Update, November 2019 Update [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-updates-kb4557957-and-kb4560960-released/

Intel patched 22 vulnerabilities in the June 2020 Platform Update

Intel addressed 25 vulnerabilities today as part of its June 2020 Patch Tuesday, with two of them being rated as critical security flaws after receiving CVSS scores of 9.8. [...]

https://www.bleepingcomputer.com/news/security/intel-patched-22-vulnerabilities-in-the-june-2020-platform-update/

Microsoft June 2020 Patch Tuesday: largest ever with 129 fixes

Today is Microsoft's June 2020 Patch Tuesday, and as many Windows administrators will be routinely screaming at computers, please be nice to them! [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2020-patch-tuesday-largest-ever-with-129-fixes/

Windows 10 bug breaks USB printer port on restart

Microsoft says that USB printer port will not be available for customers with devices running Windows 10, version 1903 or later if they disconnect the printer while shutting down the computer. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-bug-breaks-usb-printer-port-on-restart/

Windows Group Policy flaw lets attackers gain admin privileges

Microsoft has fixed a vulnerability in all current Windows versions that allow an attacker to exploit the Windows Group Policy feature to take full control over a computer. This vulnerability affects all Windows versions since Windows Server 2008. [...]

https://www.bleepingcomputer.com/news/security/windows-group-policy-flaw-lets-attackers-gain-admin-privileges/

Fake SpaceX YouTube channels scam viewers out of $150K in bitcoin

Scammers have hijacked three YouTube channels to display bitcoin scams impersonating Elon Musk's SpaceX channel. So far, these scams have raked in close to $150,000 in bitcoins in two days. [...]

https://www.bleepingcomputer.com/news/security/fake-spacex-youtube-channels-scam-viewers-out-of-150k-in-bitcoin/

Self-destructing skimmer steals credit cards of Greenworks customers

Payment card data from customers of Greenworks hardware tools website is currently being stolen by hackers via a malicious script with self-cloaking capabilities and anti-tampering protection. [...]

https://www.bleepingcomputer.com/news/security/self-destructing-skimmer-steals-credit-cards-of-greenworks-customers/

Kingminer patches vulnerable servers to lock out competitors

Operators of the cryptojacking botnet Kingminer botnet are trying to keep their business humming by applying hotfixes from Microsoft on vulnerable infected computers to lock out other threat actors thay may claim a piece of their pie. [...]

https://www.bleepingcomputer.com/news/security/kingminer-patches-vulnerable-servers-to-lock-out-competitors/

Microsoft fixed bug blocking Windows 10 2004 on Surface devices

Microsoft has mitigated a known issue causing the Windows 10 May 2020 Update to be blocked from rolling out to some Microsoft Surface devices because of a safeguard hold applied right after the update's release. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixed-bug-blocking-windows-10-2004-on-surface-devices/

New Windows 10 SMBv3 flaw can be used for data theft, RCE attacks

A new security vulnerability was found in the compression mechanism of the Microsoft Server Message Block 3.1.1 (SMBv3) network communication protocol used by multiple versions of Windows 10 and Windows Server. [...]

https://www.bleepingcomputer.com/news/security/new-windows-10-smbv3-flaw-can-be-used-for-data-theft-rce-attacks/

FBI warns of increased hacking risk if using mobile banking apps

The U.S. Federal Bureau of Investigation (FBI) today warned mobile banking app users that they will be increasingly targeted by hacker trying to steal their credentials and take over their banking accounts. [...]

https://www.bleepingcomputer.com/news/security/fbi-warns-of-increased-hacking-risk-if-using-mobile-banking-apps/

Microsoft Office June security updates fix critical RCE bugs

Microsoft released the June 2020 Office security updates, with a total of 19 security updates and 5 cumulative updates for 7 different products, patching 4 critical bugs that enable attackers remotely execute arbitrary code on unpatched systems. [...]

https://www.bleepingcomputer.com/news/security/microsoft-office-june-security-updates-fix-critical-rce-bugs/

Thanos ransomware auto-spreads to Windows devices, evades security

The Thanos ransomware is the first to use a researcher-disclosed RIPlace anti-ransomware evasion technique as well as numerous other advanced features that make it a serious threat to keep an eye on. [...]

https://www.bleepingcomputer.com/news/security/thanos-ransomware-auto-spreads-to-windows-devices-evades-security/