Citrix fixes 11 flaws in ADC, Gateway, and SD-WAN WANOP appliances
Citrix today patched a set of 11 vulnerabilities found to affect its Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP (appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO) networking products. [...]
https://www.bleepingcomputer.com/news/security/citrix-fixes-11-flaws-in-adc-gateway-and-sd-wan-wanop-appliances/
Citrix today patched a set of 11 vulnerabilities found to affect its Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP (appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO) networking products. [...]
https://www.bleepingcomputer.com/news/security/citrix-fixes-11-flaws-in-adc-gateway-and-sd-wan-wanop-appliances/
BleepingComputer
Citrix fixes 11 flaws in ADC, Gateway, and SD-WAN WANOP appliances
Citrix today patched a set of 11 vulnerabilities found to affect its Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP (appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO) networking products.
First reported Russian BEC scam gang targets Fortune 500 firms
Over the past year, a new group of fraudsters believed to be from the Russian cybercriminal space has elevated Business Email Compromise (BEC) scams to a new level. [...]
https://www.bleepingcomputer.com/news/security/first-reported-russian-bec-scam-gang-targets-fortune-500-firms/
Over the past year, a new group of fraudsters believed to be from the Russian cybercriminal space has elevated Business Email Compromise (BEC) scams to a new level. [...]
https://www.bleepingcomputer.com/news/security/first-reported-russian-bec-scam-gang-targets-fortune-500-firms/
BleepingComputer
First reported Russian BEC scam gang targets Fortune 500 firms
Over the past year, a new group of fraudsters believed to be from the Russian cybercriminal space has elevated Business Email Compromise (BEC) scams to a new level.
US Treasury shares tips on spotting money mule and imposter scams
The US Financial Crimes Enforcement Network (FinCEN) today has issued a security alert designed to share potential indicators of imposter scams and money mule schemes with US financial institutions. [...]
https://www.bleepingcomputer.com/news/security/us-treasury-shares-tips-on-spotting-money-mule-and-imposter-scams/
The US Financial Crimes Enforcement Network (FinCEN) today has issued a security alert designed to share potential indicators of imposter scams and money mule schemes with US financial institutions. [...]
https://www.bleepingcomputer.com/news/security/us-treasury-shares-tips-on-spotting-money-mule-and-imposter-scams/
BleepingComputer
US Treasury shares tips on spotting money mule and imposter scams
The US Financial Crimes Enforcement Network (FinCEN) today has issued a security alert designed to share potential indicators of imposter scams and money mule schemes with US financial institutions.
Windows 10: The beginning of the end for Control Panel
Microsoft has started testing the removal of the venerable System control panel on Windows 10 and instead redirecting users to the modern About page. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-the-beginning-of-the-end-for-control-panel/
Microsoft has started testing the removal of the venerable System control panel on Windows 10 and instead redirecting users to the modern About page. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-the-beginning-of-the-end-for-control-panel/
BleepingComputer
Windows 10: The beginning of the end for Control Panel
Microsoft has started testing the removal of the venerable System control panel on Windows 10 and instead redirecting users to the modern About page.
Microsoft takes down domains used in COVID-19-related cybercrime
Microsoft took control of domains used by cybercriminals as part of the infrastructure needed to launch phishing attacks designed to exploit vulnerabilities and public fear resulting from the COVID-19 pandemic. [...]
https://www.bleepingcomputer.com/news/security/microsoft-takes-down-domains-used-in-covid-19-related-cybercrime/
Microsoft took control of domains used by cybercriminals as part of the infrastructure needed to launch phishing attacks designed to exploit vulnerabilities and public fear resulting from the COVID-19 pandemic. [...]
https://www.bleepingcomputer.com/news/security/microsoft-takes-down-domains-used-in-covid-19-related-cybercrime/
BleepingComputer
Microsoft takes down domains used in COVID-19-related cybercrime
Microsoft took control of domains used by cybercriminals as part of the infrastructure needed to launch phishing attacks designed to exploit vulnerabilities and public fear resulting from the COVID-19 pandemic.
How to uninstall Microsoft Edge forced-installed via Windows Update
If Microsoft Edge was installed in Windows 10 via Windows Update, you can not remove it via standard methods. That does not mean you cannot remove it, though, as a technique has been discovered to uninstall the program via the command prompt. [...]
https://www.bleepingcomputer.com/news/microsoft/how-to-uninstall-microsoft-edge-forced-installed-via-windows-update/
If Microsoft Edge was installed in Windows 10 via Windows Update, you can not remove it via standard methods. That does not mean you cannot remove it, though, as a technique has been discovered to uninstall the program via the command prompt. [...]
https://www.bleepingcomputer.com/news/microsoft/how-to-uninstall-microsoft-edge-forced-installed-via-windows-update/
BleepingComputer
How to uninstall Microsoft Edge forced-installed via Windows Update
If Microsoft Edge was installed in Windows 10 via Windows Update, you can not remove it via standard methods. That does not mean you cannot remove it, though, as a technique has been discovered to uninstall the program via the command prompt.
Mitigating critical F5 BIG-IP RCE flaw not enough, bypass found
F5 BIG-IP customers who only applied recommended mitigations and haven't yet patched their devices against the unauthenticated remote code execution (RCE) CVE-2020-5902 vulnerability are now advised to update them against a recently found bypass. [...]
https://www.bleepingcomputer.com/news/security/mitigating-critical-f5-big-ip-rce-flaw-not-enough-bypass-found/
F5 BIG-IP customers who only applied recommended mitigations and haven't yet patched their devices against the unauthenticated remote code execution (RCE) CVE-2020-5902 vulnerability are now advised to update them against a recently found bypass. [...]
https://www.bleepingcomputer.com/news/security/mitigating-critical-f5-big-ip-rce-flaw-not-enough-bypass-found/
BleepingComputer
Mitigating critical F5 BIG-IP RCE flaw not enough, bypass found
F5 BIG-IP customers who only applied recommended mitigations and haven't yet patched their devices against the unauthenticated remote code execution (RCE) CVE-2020-5902 vulnerability are now advised to update them against a recently found bypass.
ThiefQuest info-stealing Mac wiper gets free decryptor
Poor coding of the ThiefQuest ransomware in disguise that targets macOS users allows recovery of encrypted files, which would remain lost in lack of a backup. [...]
https://www.bleepingcomputer.com/news/security/thiefquest-info-stealing-mac-wiper-gets-free-decryptor/
Poor coding of the ThiefQuest ransomware in disguise that targets macOS users allows recovery of encrypted files, which would remain lost in lack of a backup. [...]
https://www.bleepingcomputer.com/news/security/thiefquest-info-stealing-mac-wiper-gets-free-decryptor/
BleepingComputer
ThiefQuest info-stealing Mac wiper gets free decryptor
Poor coding of the ThiefQuest ransomware in disguise that targets macOS users allows recovery of encrypted files, which would remain lost in lack of a backup.
DOJ indict Fxmsp hacker for selling access to hacked orgs, AV firms
The US Department of Justice has indicted a hacker known as 'Fxmsp' for hacking into and selling access to over three hundred organizations worldwide. [...]
https://www.bleepingcomputer.com/news/security/doj-indict-fxmsp-hacker-for-selling-access-to-hacked-orgs-av-firms/
The US Department of Justice has indicted a hacker known as 'Fxmsp' for hacking into and selling access to over three hundred organizations worldwide. [...]
https://www.bleepingcomputer.com/news/security/doj-indict-fxmsp-hacker-for-selling-access-to-hacked-orgs-av-firms/
BleepingComputer
DOJ indict Fxmsp hacker for selling access to hacked orgs, AV firms
The US Department of Justice has indicted a hacker known as 'Fxmsp' for hacking into and selling access to over three hundred organizations worldwide.
Risky blogspot.in domain for sale after Google fails to renew it
Google's registration of the Blogspot domain expired recently, and the domain was immediately purchased by a domain service provider: [...]
https://www.bleepingcomputer.com/news/google/risky-blogspotin-domain-for-sale-after-google-fails-to-renew-it/
Google's registration of the Blogspot domain expired recently, and the domain was immediately purchased by a domain service provider: [...]
https://www.bleepingcomputer.com/news/google/risky-blogspotin-domain-for-sale-after-google-fails-to-renew-it/
BleepingComputer
Risky blogspot.in domain for sale after Google fails to renew it
Google's registration of the Blogspot domain expired recently, and the domain was immediately purchased by a domain service provider:
Microsoft fixes Word, Skype hangs in July Office 2020 updates
Microsoft released the July 2020 non-security Microsoft Office updates with improvements and fixes for issues impacting Windows Installer (MSI) editions of Office 2016 and Office 2013 products. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-word-skype-hangs-in-july-office-2020-updates/
Microsoft released the July 2020 non-security Microsoft Office updates with improvements and fixes for issues impacting Windows Installer (MSI) editions of Office 2016 and Office 2013 products. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-word-skype-hangs-in-july-office-2020-updates/
BleepingComputer
Microsoft fixes Word, Skype hangs in July Office 2020 updates
Microsoft released the July 2020 non-security Microsoft Office updates with improvements and fixes for issues impacting Windows Installer (MSI) editions of Office 2016 and Office 2013 products.
NVIDIA fixes code execution bug in GeForce Experience software
NVIDIA has addressed a vulnerability in the Windows NVIDIA GeForce Experience (GFE) software that could allow local attackers to execute arbitrary code, trigger a denial of service (DoS) state, or access privileged information on unpatched systems. [...]
https://www.bleepingcomputer.com/news/security/nvidia-fixes-code-execution-bug-in-geforce-experience-software/
NVIDIA has addressed a vulnerability in the Windows NVIDIA GeForce Experience (GFE) software that could allow local attackers to execute arbitrary code, trigger a denial of service (DoS) state, or access privileged information on unpatched systems. [...]
https://www.bleepingcomputer.com/news/security/nvidia-fixes-code-execution-bug-in-geforce-experience-software/
BleepingComputer
NVIDIA fixes code execution bug in GeForce Experience software
NVIDIA has addressed a vulnerability in the Windows NVIDIA GeForce Experience (GFE) software that could allow local attackers to execute arbitrary code, trigger a denial of service (DoS) state, or access privileged information on unpatched systems.
First look: Microsoft's Project Freta detects Linux malware for free
Microsoft Research has announced a cloud-based malware detection service called Project Freta to detect rootkits, cryptominers, and previously undetected malware strains lurking in your Linux cloud VM images. [...]
https://www.bleepingcomputer.com/news/security/first-look-microsofts-project-freta-detects-linux-malware-for-free/
Microsoft Research has announced a cloud-based malware detection service called Project Freta to detect rootkits, cryptominers, and previously undetected malware strains lurking in your Linux cloud VM images. [...]
https://www.bleepingcomputer.com/news/security/first-look-microsofts-project-freta-detects-linux-malware-for-free/
BleepingComputer
First look: Microsoft's Project Freta detects Linux malware for free
Microsoft Research has announced a cloud-based malware detection service called Project Freta to detect rootkits, cryptominers, and previously undetected malware strains lurking in your Linux cloud VM images.
Microsoft warns of Office 365 phishing via malicious OAuth apps
Microsoft warns that with the shift to remote working, customers are exposed to additional security threats such as consent phishing, besides conventional credential theft and email phishing attacks. [...]
https://www.bleepingcomputer.com/news/security/microsoft-warns-of-office-365-phishing-via-malicious-oauth-apps/
Microsoft warns that with the shift to remote working, customers are exposed to additional security threats such as consent phishing, besides conventional credential theft and email phishing attacks. [...]
https://www.bleepingcomputer.com/news/security/microsoft-warns-of-office-365-phishing-via-malicious-oauth-apps/
BleepingComputer
Microsoft warns of Office 365 phishing via malicious OAuth apps
Microsoft warns that with the shift to remote working, customers are exposed to additional security threats such as consent phishing, besides conventional credential theft and email phishing attacks.
Palo Alto Networks fixes another severe flaw in PAN-OS devices
Palo Alto Networks (PAN) today addressed another severe vulnerability found in the PAN-OS GlobalProtect portal and affecting unpatched PAN next-generation firewalls. [...]
https://www.bleepingcomputer.com/news/security/palo-alto-networks-fixes-another-severe-flaw-in-pan-os-devices/
Palo Alto Networks (PAN) today addressed another severe vulnerability found in the PAN-OS GlobalProtect portal and affecting unpatched PAN next-generation firewalls. [...]
https://www.bleepingcomputer.com/news/security/palo-alto-networks-fixes-another-severe-flaw-in-pan-os-devices/
BleepingComputer
Palo Alto Networks fixes another severe flaw in PAN-OS devices
Palo Alto Networks (PAN) today addressed another severe vulnerability found in the PAN-OS GlobalProtect portal and affecting unpatched PAN next-generation firewalls.
Over 15 billion credentials in circulation on hacker forums
At least 15 billion credentials are currently circulating on various hacker forums, giving cybercriminals fodder for account takeover attacks and identity renting services. [...]
https://www.bleepingcomputer.com/news/security/over-15-billion-credentials-in-circulation-on-hacker-forums/
At least 15 billion credentials are currently circulating on various hacker forums, giving cybercriminals fodder for account takeover attacks and identity renting services. [...]
https://www.bleepingcomputer.com/news/security/over-15-billion-credentials-in-circulation-on-hacker-forums/
BleepingComputer
Over 15 billion credentials in circulation on hacker forums
At least 15 billion credentials are currently circulating on various hacker forums, giving cybercriminals fodder for account takeover attacks and identity renting services.
Joker Android malware keeps evading Google Play Store defenses
The threat actor behind the Joker Android malware has once again succeeded to successfully slip spyware infected apps onto the Play Store, Google's official Android app store. [...]
https://www.bleepingcomputer.com/news/security/joker-android-malware-keeps-evading-google-play-store-defenses/
The threat actor behind the Joker Android malware has once again succeeded to successfully slip spyware infected apps onto the Play Store, Google's official Android app store. [...]
https://www.bleepingcomputer.com/news/security/joker-android-malware-keeps-evading-google-play-store-defenses/
BleepingComputer
Joker Android malware keeps evading Google Play Store defenses
The threat actor behind the Joker Android malware has once again succeeded to successfully slip spyware infected apps onto the Play Store, Google's official Android app store.
Evilnum hackers use the same malware supplier as FIN6, Cobalt
Hackers in the Evilnum group have developed a toolset that combines custom malware, legitimate utilities, and tools bought from a malware-as-a-service (MaaS) provider that caters for big fintech threat actors. [...]
https://www.bleepingcomputer.com/news/security/evilnum-hackers-use-the-same-malware-supplier-as-fin6-cobalt/
Hackers in the Evilnum group have developed a toolset that combines custom malware, legitimate utilities, and tools bought from a malware-as-a-service (MaaS) provider that caters for big fintech threat actors. [...]
https://www.bleepingcomputer.com/news/security/evilnum-hackers-use-the-same-malware-supplier-as-fin6-cobalt/
BleepingComputer
Evilnum hackers use the same malware supplier as FIN6, Cobalt
Hackers in the Evilnum group have developed a toolset that combines custom malware, legitimate utilities, and tools bought from a malware-as-a-service (MaaS) provider that caters to big fintech threat actors.
Persuasive Office 365 phishing uses fake Zoom suspension alerts
Microsoft Office 365 users are targeted by a new phishing campaign using fake Zoom notifications to warn those who work in corporate environments that their Zoom accounts have been suspended, with the end goal of stealing Office 365 logins. [...]
https://www.bleepingcomputer.com/news/security/persuasive-office-365-phishing-uses-fake-zoom-suspension-alerts/
Microsoft Office 365 users are targeted by a new phishing campaign using fake Zoom notifications to warn those who work in corporate environments that their Zoom accounts have been suspended, with the end goal of stealing Office 365 logins. [...]
https://www.bleepingcomputer.com/news/security/persuasive-office-365-phishing-uses-fake-zoom-suspension-alerts/
BleepingComputer
Persuasive Office 365 phishing uses fake Zoom suspension alerts
Microsoft Office 365 users are targeted by a new phishing campaign using fake Zoom notifications to warn those who work in corporate environments that their Zoom accounts have been suspended, with the end goal of stealing Office 365 logins.
Microsoft testing new Windows 10 KDP anti-malware protection
Microsoft is testing a new Windows 10 security feature dubbed Kernel Data Protection (KDP) and designed to block malicious actors from altering Windows drivers and systems' protected kernel memory as part of their attacks. [...]
https://www.bleepingcomputer.com/news/security/microsoft-testing-new-windows-10-kdp-anti-malware-protection/
Microsoft is testing a new Windows 10 security feature dubbed Kernel Data Protection (KDP) and designed to block malicious actors from altering Windows drivers and systems' protected kernel memory as part of their attacks. [...]
https://www.bleepingcomputer.com/news/security/microsoft-testing-new-windows-10-kdp-anti-malware-protection/
BleepingComputer
Microsoft testing new Windows 10 KDP anti-malware protection
Microsoft is testing a new Windows 10 security feature dubbed Kernel Data Protection (KDP) and designed to block malicious actors from altering Windows drivers and systems' protected kernel memory as part of their attacks.
Google will ban ads for stalkerware starting August 11
Google will update its Google Ads Enabling Dishonest Behavior policy to globally ban advertising for spyware and surveillance technology known as stalkerware starting with August 11, 2020. [...]
https://www.bleepingcomputer.com/news/security/google-will-ban-ads-for-stalkerware-starting-august-11/
Google will update its Google Ads Enabling Dishonest Behavior policy to globally ban advertising for spyware and surveillance technology known as stalkerware starting with August 11, 2020. [...]
https://www.bleepingcomputer.com/news/security/google-will-ban-ads-for-stalkerware-starting-august-11/
BleepingComputer
Google will ban ads for stalkerware starting August 11
Google will update its Google Ads Enabling Dishonest Behavior policy to globally ban advertising for spyware and surveillance technology known as stalkerware starting with August 11, 2020.