NVIDIA patches high severity flaws in Windows, Linux drivers

NVIDIA has released security updates to address security vulnerabilities found in GPU Display and CUDA drivers and Virtual GPU Manager software that could lead to code execution, denial of service, escalation of privileges, and information disclosure on both Windows and Linux machines. [...]

https://www.bleepingcomputer.com/news/security/nvidia-patches-high-severity-flaws-in-windows-linux-drivers/

LG Electronics allegedly hit by Maze ransomware attack

Maze ransomware operators have claimed on their website that they breached and locked the network of the South Korean multinational LG Electronics. [...]

https://www.bleepingcomputer.com/news/security/lg-electronics-allegedly-hit-by-maze-ransomware-attack/

List of Ripple20 vulnerability advisories, patches, and updates

The dust is far from settled following the disclosure of the 19 vulnerabilities in the TCP/IP stack from Treck, collectively referred to as Ripple20, which could help attackers take full control of vulnerable devices on the network. [...]

https://www.bleepingcomputer.com/news/security/list-of-ripple20-vulnerability-advisories-patches-and-updates/

European bank suffers biggest PPS DDoS attack, new botnet suspected

A bank in Europe was the target of a huge distributed denial-of-service (DDoS) attack that sent to its networking gear a flood of 809 million packets per second (PPS). [...]

https://www.bleepingcomputer.com/news/security/european-bank-suffers-biggest-pps-ddos-attack-new-botnet-suspected/

New Lucifer DDoS malware creates a legion of Windows minions

A new botnet identified in the wild leverages close to a dozen exploits for high and critical-severity vulnerabilities against Windows systems to turn them into cryptomining clients and sources for distributed denial-of-service (DDoS) attacks. [...]

https://www.bleepingcomputer.com/news/security/new-lucifer-ddos-malware-creates-a-legion-of-windows-minions/

Microsoft removed the defer feature update setting in Windows 10

Microsoft has removed the setting allowing users to defer feature updates in Windows 10 2004 but still allows it to be configured via group policies for business versions. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-removed-the-defer-feature-update-setting-in-windows-10/

Hackers hide credit card stealing scripts in favicon EXIF data

Hackers are always evolving their tactics to stay one step ahead of security companies. A perfect example of this is the hiding of malicious credit card stealing scripts in the EXIF data of a favicon image to evade detection. [...]

https://www.bleepingcomputer.com/news/security/hackers-hide-credit-card-stealing-scripts-in-favicon-exif-data/

New Ransom X Ransomware used in Texas TxDOT cyberattack

A new ransomware called Ransom X is being actively used in human-operated and targeted attacks against government agencies and enterprises. [...]

https://www.bleepingcomputer.com/news/security/new-ransom-x-ransomware-used-in-texas-txdot-cyberattack/

Evil Corp blocked from deploying ransomware on 30 major US firms

The Evil Corp gang was blocked from deploying WastedLocker ransomware payloads in dozens of attacks against major US corporations, at least of them being Fortune 500 companies. [...]

https://www.bleepingcomputer.com/news/security/evil-corp-blocked-from-deploying-ransomware-on-30-major-us-firms/

Hackers breach E27, want "donation" to reveal vulnerabilities

Asian media firm E27 has been hacked, and attackers ask for a small "donation" to provide information on the vulnerabilities used in the attack. [...]

https://www.bleepingcomputer.com/news/security/hackers-breach-e27-want-donation-to-reveal-vulnerabilities/

The Week in Ransomware - June 26th 2020 - Scrounging around networks

Ransomware has been busy this week with new features being discovered, big name victims, and new ransomware campaigns being discovered. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-26th-2020-scrounging-around-networks/

Developer of Mirai, Qbot-based DDoS botnets jailed for 13 months

A 22-year-old Washington man was sentenced to 13 months in prison for renting and developing Mirai and Qbot-based DDoS botnets used in DDoS attacks against targets from all over the world. [...]

https://www.bleepingcomputer.com/news/security/developer-of-mirai-qbot-based-ddos-botnets-jailed-for-13-months/

Owner of Cardplanet credit card market gets 9 years in prison

A 30-year old Russian national named Aleksey Yurievich Burkov was sentenced today to nine years in prison for running Cardplanet and Direct Connection, two sites that facilitated payment card fraud, computer hacking, and other cybercrimes. [...]

https://www.bleepingcomputer.com/news/security/owner-of-cardplanet-credit-card-market-gets-9-years-in-prison/

Admin of carding portal behind $568M in losses pleads guilty

Russian national Sergey Medvedev, one of the co-founders of Internet-based cybercriminal enterprise Infraud Organization and an admin on the organization's carding forum, today pleaded guilty to RICO conspiracy. [...]

https://www.bleepingcomputer.com/news/security/admin-of-carding-portal-behind-568m-in-losses-pleads-guilty/

Nearly 300 Windows 10 executables vulnerable to DLL hijacking

A simple VBScript may be enough to allow users to gain administrative privileges and bypass UAC entirely on Windows 10. [...]

https://www.bleepingcomputer.com/news/security/nearly-300-windows-10-executables-vulnerable-to-dll-hijacking/

GeoVision access control devices let hackers steal fingerprints

GeoVision, a Taiwanese fingerprint scanner, access control, and surveillance tech manufacturer, fixed critical vulnerabilities in their devices that could be abused by hackers and nation-state threat actors. [...]

https://www.bleepingcomputer.com/news/security/geovision-access-control-devices-let-hackers-steal-fingerprints/

This Registry trick lets you block major Windows 10 updates

New Microsoft documentation has revealed a Group policy and Registry tweak that allows you to specify the specific Windows version you wish to stay on and prevent new feature updates from being installed. [...]

https://www.bleepingcomputer.com/news/microsoft/this-registry-trick-lets-you-block-major-windows-10-updates/

Microsoft quietly created a Windows 10 File Recovery tool, how to use

Microsoft has created a Windows 10 File Recovery Tool that recovers deleted files and forgot to tell anyone. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-quietly-created-a-windows-10-file-recovery-tool-how-to-use/

Chinese malware used in attacks against Australian orgs

The Australian government released an advisory late last week about increased cyber activity from a state actor against networks belonging to its agencies and companies in the country. [...]

https://www.bleepingcomputer.com/news/security/chinese-malware-used-in-attacks-against-australian-orgs/

Why certain characters "glitch" Gmail, YouTube, and Twitter

Have you ever used Twitter, Gmail, or YouTube and noticed odd characters being displayed vertically overlay other text on the page or break out UI boundaries? If so and have wondered how this is happening, we dive into the wonderful world of Unicode that causes this behavior. [...]

https://www.bleepingcomputer.com/news/technology/why-certain-characters-glitch-gmail-youtube-and-twitter/

Samsung is reportedly working on a more affordable Galaxy Fold

Samsung is reportedly working on Galaxy Fold Lite for as cheap as $900. The Galaxy Fold Lite will reportedly launch in 2021, but remember that this is just a rumor out of South Korea and it has to be taken with a grain of salt. [...]

https://www.bleepingcomputer.com/news/hardware/samsung-is-reportedly-working-on-a-more-affordable-galaxy-fold/