Windows Group Policy flaw lets attackers gain admin privileges

Microsoft has fixed a vulnerability in all current Windows versions that allow an attacker to exploit the Windows Group Policy feature to take full control over a computer. This vulnerability affects all Windows versions since Windows Server 2008. [...]

https://www.bleepingcomputer.com/news/security/windows-group-policy-flaw-lets-attackers-gain-admin-privileges/

Fake SpaceX YouTube channels scam viewers out of $150K in bitcoin

Scammers have hijacked three YouTube channels to display bitcoin scams impersonating Elon Musk's SpaceX channel. So far, these scams have raked in close to $150,000 in bitcoins in two days. [...]

https://www.bleepingcomputer.com/news/security/fake-spacex-youtube-channels-scam-viewers-out-of-150k-in-bitcoin/

Self-destructing skimmer steals credit cards of Greenworks customers

Payment card data from customers of Greenworks hardware tools website is currently being stolen by hackers via a malicious script with self-cloaking capabilities and anti-tampering protection. [...]

https://www.bleepingcomputer.com/news/security/self-destructing-skimmer-steals-credit-cards-of-greenworks-customers/

Kingminer patches vulnerable servers to lock out competitors

Operators of the cryptojacking botnet Kingminer botnet are trying to keep their business humming by applying hotfixes from Microsoft on vulnerable infected computers to lock out other threat actors thay may claim a piece of their pie. [...]

https://www.bleepingcomputer.com/news/security/kingminer-patches-vulnerable-servers-to-lock-out-competitors/

Microsoft fixed bug blocking Windows 10 2004 on Surface devices

Microsoft has mitigated a known issue causing the Windows 10 May 2020 Update to be blocked from rolling out to some Microsoft Surface devices because of a safeguard hold applied right after the update's release. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixed-bug-blocking-windows-10-2004-on-surface-devices/

New Windows 10 SMBv3 flaw can be used for data theft, RCE attacks

A new security vulnerability was found in the compression mechanism of the Microsoft Server Message Block 3.1.1 (SMBv3) network communication protocol used by multiple versions of Windows 10 and Windows Server. [...]

https://www.bleepingcomputer.com/news/security/new-windows-10-smbv3-flaw-can-be-used-for-data-theft-rce-attacks/

FBI warns of increased hacking risk if using mobile banking apps

The U.S. Federal Bureau of Investigation (FBI) today warned mobile banking app users that they will be increasingly targeted by hacker trying to steal their credentials and take over their banking accounts. [...]

https://www.bleepingcomputer.com/news/security/fbi-warns-of-increased-hacking-risk-if-using-mobile-banking-apps/

Microsoft Office June security updates fix critical RCE bugs

Microsoft released the June 2020 Office security updates, with a total of 19 security updates and 5 cumulative updates for 7 different products, patching 4 critical bugs that enable attackers remotely execute arbitrary code on unpatched systems. [...]

https://www.bleepingcomputer.com/news/security/microsoft-office-june-security-updates-fix-critical-rce-bugs/

Thanos ransomware auto-spreads to Windows devices, evades security

The Thanos ransomware is the first to use a researcher-disclosed RIPlace anti-ransomware evasion technique as well as numerous other advanced features that make it a serious threat to keep an eye on. [...]

https://www.bleepingcomputer.com/news/security/thanos-ransomware-auto-spreads-to-windows-devices-evades-security/

Office 365 phishing baits business owners with relief payments

Business owners with Microsoft Office 365 accounts are targeted in a phishing campaign that uses bait emails designed to look like legitimate Small Business Grants Fund (SGF) relief payment messages from the UK government. [...]

https://www.bleepingcomputer.com/news/security/office-365-phishing-baits-business-owners-with-relief-payments/

Expiring SSL certs expected to break smart TVs, fridges, and IoTs

On May 30th, select Roku streaming channels stopped working, leaving impacted customers clueless with no idea what was wrong. [...]

https://www.bleepingcomputer.com/news/security/expiring-ssl-certs-expected-to-break-smart-tvs-fridges-and-iots/

Windows 10 2004: Dell and Lenovo publish list of compatible devices

Dell and Lenovo have published their own documentation to confirm a list of systems that have been tested for May 2020 Update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-2004-dell-and-lenovo-publish-list-of-compatible-devices/

Fake Black Lives Matter voting campaign spreads Trickbot malware

A phishing email campaign asking you to vote anonymously about Black Lives Matter is spreading the TrickBot information-stealing malware. [...]

https://www.bleepingcomputer.com/news/security/fake-black-lives-matter-voting-campaign-spreads-trickbot-malware/

Gamaredon hackers use Outlook macros to spread malware to contacts

New tools attributed to the Russia-linked Gamaredon hacker group include a module for Microsoft Outlook that creates custom emails with malicious documents and sends them to a victim's contacts. [...]

https://www.bleepingcomputer.com/news/security/gamaredon-hackers-use-outlook-macros-to-spread-malware-to-contacts/

IBM Cloud global outage caused by "incorrect" BGP routing

On June 9th, 2020, IBM Cloud data centers suffered a global outage that caused connectivity issues for many of the web sites and platforms utilizing the service, including BleepingComputer. [...]

https://www.bleepingcomputer.com/news/technology/ibm-cloud-global-outage-caused-by-incorrect-bgp-routing/

Turn the Table on Phishers and Scammers to Protect Your Brand

​Consumers are now paying close attention to how companies behave and treat consumers during this global COVID-10 public health crisis. [...]

https://www.bleepingcomputer.com/news/security/turn-the-table-on-phishers-and-scammers-to-protect-your-brand/

Android 11 brings numerous security and privacy improvements

The beta version of Android 11, the next version of Google's operating system for mobile devices, comes with lots of security and privacy changes designed to allow the OS to protect users' data from malicious attacks. [...]

https://www.bleepingcomputer.com/news/security/android-11-brings-numerous-security-and-privacy-improvements/

Enel power company admits ransomware attack

European energy company giant Enel Group suffered a ransomware attack a few days ago that impacted its internal network. [...]

https://www.bleepingcomputer.com/news/security/enel-power-company-admits-ransomware-attack/

City of Knoxville shuts down network after ransomware attack

The City of Knoxville, Tennessee, was forced to shut down its entire computer network following a ransomware attack that took place overnight and targeted the city's offices. [...]

https://www.bleepingcomputer.com/news/security/city-of-knoxville-shuts-down-network-after-ransomware-attack/

Windows 10 tests WSL2 Linux Kernel updates via Windows Update

In the latest Windows 10 Insider build, Microsoft has started to test the distribution of Windows Subsystem for Linux version 2 kernels via Windows Update.  [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-tests-wsl2-linux-kernel-updates-via-windows-update/

Fortune 500 insurance firm Genworth discloses data breach

Fortune 500 insurance holding company Genworth Financial disclosed a data breach after an unauthorized party gained access to insurance agents' online accounts using compromised login credentials. [...]

https://www.bleepingcomputer.com/news/security/fortune-500-insurance-firm-genworth-discloses-data-breach/