Try2Cry ransomware tries to worm its way to other Windows systems

A new ransomware known as Try2Cry is trying to worm its way onto other Windows computers by infecting USB flash drives and using Windows shortcuts (LNK files) posing as the targets' files to lure them into infecting themselves. [...]

https://www.bleepingcomputer.com/news/security/try2cry-ransomware-tries-to-worm-its-way-to-other-windows-systems/

Companies start reporting ransomware attacks as data breaches

Corporate victims are finally starting to realize that ransomware attacks are data breaches and have begun to notify employees and clients about data stolen data. [...]

https://www.bleepingcomputer.com/news/security/companies-start-reporting-ransomware-attacks-as-data-breaches/

New Behave! extension warns of website port scans, local attacks

A new browser extension called Behave! will warn you if a web site is using scripts to perform scans or attacks on local and private IP addresses on your network. [...]

https://www.bleepingcomputer.com/news/security/new-behave-extension-warns-of-website-port-scans-local-attacks/

.NET Core vulnerability lets attackers evade malware detection

A vulnerability in the .NET Core library allows malicious programs to be launched while evading detection by security software. [...]

https://www.bleepingcomputer.com/news/security/net-core-vulnerability-lets-attackers-evade-malware-detection/

Windows 10's Microsoft Store Codecs patches are confusing users

Microsoft released security updates via the Microsoft Store last week, and it's confusing many users who want to make sure their devices are protected. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10s-microsoft-store-codecs-patches-are-confusing-users/

PoC exploits released for F5 BIG-IP vulnerabilities, patch now!

Two days after patches for critical F5 BIG-IP vulnerability were released, security researchers have started publicly posting proof-of-concept (PoC) exploits show how easy it is to exploit these devices. [...]

https://www.bleepingcomputer.com/news/security/poc-exploits-released-for-f5-big-ip-vulnerabilities-patch-now/

North Korean hackers linked to credit card stealing attacks on US stores

Hackers from North Korea have been stealing payment card information from customers of large retailers in the U.S. and Europe for at least a year, reveals new research released today. [...]

https://www.bleepingcomputer.com/news/security/north-korean-hackers-linked-to-credit-card-stealing-attacks-on-us-stores/

Windows 10 2004 upgrade gets blocked due to unsupported settings

Some Windows 10 users are being blocked from applying the May 2020 Update when manually seeking to upgrade through Windows Update due to unsupported settings on Windows 10 2004. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-2004-upgrade-gets-blocked-due-to-unsupported-settings/

Microsoft's new Windows 10 Alt+Tab plan looks like a mess

In what is being called a productivity enhancement, Microsoft is testing a change to the Windows 10 Alt+Tab feature so that it also shows open Microsoft Edge browser tabs. [...]

https://www.bleepingcomputer.com/news/microsoft/microsofts-new-windows-10-alt-tab-plan-looks-like-a-mess/

New Google Chrome feature to drastically reduce battery usage

Google is planning to add a new Chrome feature that could lead to drops of almost 30% in battery usage by throttling JavaScript timers in background tabs. [...]

https://www.bleepingcomputer.com/news/google/new-google-chrome-feature-to-drastically-reduce-battery-usage/

Ransomware attack on insurance MSP Xchanging affects clients

Global IT services and solutions provider DXC Technology announced over the weekend a ransomware attack on systems from its Xchanging subsidiary. [...]

https://www.bleepingcomputer.com/news/security/ransomware-attack-on-insurance-msp-xchanging-affects-clients/

EDP energy giant confirms Ragnar Locker ransomware attack

EDP Renewables North America (EDPR NA) confirmed a Ragnar Locker ransomware attack that affected its parent corporation's systems, the Portuguese multinational energy giant Energias de Portugal (EDP). [...]

https://www.bleepingcomputer.com/news/security/edp-energy-giant-confirms-ragnar-locker-ransomware-attack/

Microsoft Defender ATP web content filtering is now free

The new Microsoft Defender Advanced Threat Protection (ATP) Web Content Filtering feature will be provided for free to all enterprise customers without the need for an additional partner license. [...]

https://www.bleepingcomputer.com/news/security/microsoft-defender-atp-web-content-filtering-is-now-free/

Citrix fixes 11 flaws in ADC, Gateway, and SD-WAN WANOP appliances

Citrix today patched a set of 11 vulnerabilities found to affect its Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP (appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO) networking products. [...]

https://www.bleepingcomputer.com/news/security/citrix-fixes-11-flaws-in-adc-gateway-and-sd-wan-wanop-appliances/

First reported Russian BEC scam gang targets Fortune 500 firms

Over the past year, a new group of fraudsters believed to be from the Russian cybercriminal space has elevated Business Email Compromise (BEC) scams to a new level. [...]

https://www.bleepingcomputer.com/news/security/first-reported-russian-bec-scam-gang-targets-fortune-500-firms/

US Treasury shares tips on spotting money mule and imposter scams

The US Financial Crimes Enforcement Network (FinCEN) today has issued a security alert designed to share potential indicators of imposter scams and money mule schemes with US financial institutions. [...]

https://www.bleepingcomputer.com/news/security/us-treasury-shares-tips-on-spotting-money-mule-and-imposter-scams/

Windows 10: The beginning of the end for Control Panel

Microsoft has started testing the removal of the venerable System control panel on Windows 10 and instead redirecting users to the modern About page. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-the-beginning-of-the-end-for-control-panel/

Microsoft takes down domains used in COVID-19-related cybercrime

Microsoft took control of domains used by cybercriminals as part of the infrastructure needed to launch phishing attacks designed to exploit vulnerabilities and public fear resulting from the COVID-19 pandemic. [...]

https://www.bleepingcomputer.com/news/security/microsoft-takes-down-domains-used-in-covid-19-related-cybercrime/

How to uninstall Microsoft Edge forced-installed via Windows Update

If Microsoft Edge was installed in Windows 10 via Windows Update, you can not remove it via standard methods. That does not mean you cannot remove it, though, as a technique has been discovered to uninstall the program via the command prompt. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-uninstall-microsoft-edge-forced-installed-via-windows-update/

Mitigating critical F5 BIG-IP RCE flaw not enough, bypass found

F5 BIG-IP customers who only applied recommended mitigations and haven't yet patched their devices against the unauthenticated remote code execution (RCE) CVE-2020-5902 vulnerability are now advised to update them against a recently found bypass. [...]

https://www.bleepingcomputer.com/news/security/mitigating-critical-f5-big-ip-rce-flaw-not-enough-bypass-found/

ThiefQuest info-stealing Mac wiper gets free decryptor

Poor coding of the ThiefQuest ransomware in disguise that targets macOS users allows recovery of encrypted files, which would remain lost in lack of a backup. [...]

https://www.bleepingcomputer.com/news/security/thiefquest-info-stealing-mac-wiper-gets-free-decryptor/