IT giant Cognizant confirms data breach after ransomware attack

In a series of data breach notifications, IT services giant Cognizant has stated that unencrypted data was most likely accessed and stolen during an April Maze Ransomware attack. [...]

https://www.bleepingcomputer.com/news/security/it-giant-cognizant-confirms-data-breach-after-ransomware-attack/

InvisiMole malware delivered by Gamaredon hacker group

Security researchers have demystified the attack chain of the elusive InvisiMole cyberespionage group, revealing a complicated multi-stage format that relies on vulnerable legitimate tools, target-specific encryption of payloads, and stealthy communication. [...]

https://www.bleepingcomputer.com/news/security/invisimole-malware-delivered-by-gamaredon-hacker-group/

New Cisco Webex Meetings flaw lets attackers steal auth tokens

A new vulnerability found in the Cisco Webex Meetings client for Windows could allow local authenticated attackers to gain access to sensitive information including usernames, authentication tokens, and meeting information. [...]

https://www.bleepingcomputer.com/news/security/new-cisco-webex-meetings-flaw-lets-attackers-steal-auth-tokens/

Hijacked Oxford server used by hackers for Office 365 phishing

Hackers hijacked an Oxford email server to deliver malicious emails as part of a phishing campaign designed to harvest Microsoft Office 365 credentials from European, Asian, and Middle Eastern targets. [...]

https://www.bleepingcomputer.com/news/security/hijacked-oxford-server-used-by-hackers-for-office-365-phishing/

79 Netgear router models risk full takeover due to unpatched bug

​An unpatched zero-day vulnerability exists in 79 Netgear router models that allow an attacker to take full control over vulnerable devices remotely. [...]

https://www.bleepingcomputer.com/news/security/79-netgear-router-models-risk-full-takeover-due-to-unpatched-bug/

Wells Fargo phishing baits customers with calendar invites

Wells Fargo customers are being targeted by a phishing campaign impersonating the Wells Fargo Security Team and luring potential victims to phishing pages with the help of calendar invites. [...]

https://www.bleepingcomputer.com/news/security/wells-fargo-phishing-baits-customers-with-calendar-invites/

Microsoft fixes printing issues for all affected Windows 10 versions

Microsoft today released more cumulative updates to address a known issue plaguing multiple Windows 10 versions and breaking printing after installing updates released on June 9, 2020. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-printing-issues-for-all-affected-windows-10-versions/

Hackers use fake Windows error logs to hide malicious payload

Hackers have been using fake error logs to store ASCII characters disguised as hexadecimal values that decode to a malicious payload designed to prepare the ground for script-based attacks. [...]

https://www.bleepingcomputer.com/news/security/hackers-use-fake-windows-error-logs-to-hide-malicious-payload/

Windows Terminal adds a host of new features and settings

Microsoft released Windows Terminal Preview 1.1 with a long list of new features, settings, and changes including an "Open Windows Terminal here" File Explorer contextual menu entry, support for startup launch, and new command-line arguments. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-terminal-adds-a-host-of-new-features-and-settings/

Nigerian entrepreneur pleaded guilty to $11M Caterpillar fraud

Nigerian entrepreneur Obinwanne Okeke is facing 20 years in prison after pleading to conspiracy to commit wire fraud that caused US Fortune 100 corporation Caterpillar $11 million in losses as part of a business email compromise (BEC) fraud scheme. [...]

https://www.bleepingcomputer.com/news/security/nigerian-entrepreneur-pleaded-guilty-to-11m-caterpillar-fraud/

Microsoft Defender ATP now detects Windows 10 UEFI malware

Microsoft has announced that the enterprise Microsoft Defender Advanced Threat Protection (ATP) enterprise endpoint security platform is now capable of detecting and protecting customers from Unified Extensible Firmware Interface (UEFI) malware. [...]

https://www.bleepingcomputer.com/news/security/microsoft-defender-atp-now-detects-windows-10-uefi-malware/

Windows 10 Subsystem for Linux gets command line love, GPU support

Windows 10 users running insider builds got some treats from Microsoft this week with GPU support and new command-line options for the Windows Subsystem for Linux. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-subsystem-for-linux-gets-command-line-love-gpu-support/

The Week in Ransomware - June 19th 2020 - a quiet week

For the most part, it has been a quiet week with new variants of existing ransomware families being released. We also did not see too many large victims being disclosed and mostly updates of existing victims. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-19th-2020-a-quiet-week/

Discord modified to steal accounts by new NitroHack malware

New malware is being distributed that pretends to be a hack that gets you the premium Discord Nitro service for free but instead steals user tokens saved in the various browsers, credit card information, and then tries to spread it to others. [...]

https://www.bleepingcomputer.com/news/security/discord-modified-to-steal-accounts-by-new-nitrohack-malware/

New Google Chrome experiment warns of malicious and slow extensions

[...]

https://www.bleepingcomputer.com/news/security/new-google-chrome-experiment-warns-of-malicious-and-slow-extensions/

Hacker arrested for stealing, selling PII of 65K hospital employees

29-year-old Michigan man Justin Sean Johnson was arrested earlier this week for allegedly being behind the 2014 hack of the health care provider and insurer University of Pittsburgh Medical Center (UPMC), stealing the PII and W-2 information of over 65,000 employees, and selling it on the dark web. [...]

https://www.bleepingcomputer.com/news/security/hacker-arrested-for-stealing-selling-pii-of-65k-hospital-employees/

How to use Reset this PC to easily reinstall Windows 10

In this Windows 10 article, we'll guide you through the steps to reset and reinstall Windows 10 using Local Reinstall, Cloud Download, and Fresh Start. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-use-reset-this-pc-to-easily-reinstall-windows-10/

Ransomware operators lurk on your network after their attack

When a company suffers a ransomware attack, many victims feel that the attackers quickly deploy the ransomware and leave so they won't get caught. Unfortunately, the reality is much different as threat actors are not so quick to give up a resource that they worked so hard to control. [...]

https://www.bleepingcomputer.com/news/security/ransomware-operators-lurk-on-your-network-after-their-attack/

Malwarebytes causing performance issues in Windows 10 2004

Since the release of Windows 10 2004, users have been reporting performance issues and crashes when Malwarebytes 4.1 is installed. [...]

https://www.bleepingcomputer.com/news/microsoft/malwarebytes-causing-performance-issues-in-windows-10-2004/

Hackers use Google Analytics to steal credit cards, bypass CSP

Hackers are using Google's servers and the Google Analytics platform to steal credit card information submitted by customers of online stores. [...]

https://www.bleepingcomputer.com/news/security/hackers-use-google-analytics-to-steal-credit-cards-bypass-csp/

US govt to enforce HTTPS on new .gov sites starting September 1

Starting September 1, 2020, new .gov sites will only be accessible via HTTPS as they will automatically be preloaded according to an announcement made by the U.S. Government's DotGov Program today. [...]

https://www.bleepingcomputer.com/news/security/us-govt-to-enforce-https-on-new-gov-sites-starting-september-1/