Microsoft releases open-source Linux version of Procmon tool

Microsoft has ported the popular Sysinternals Procmon utility to Linux so that users can monitor running processes' activity. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-open-source-linux-version-of-procmon-tool/

Magento adds 2FA to protect against card skimming attacks

Adobe has added two-factor authentication (2FA) throughout the Magento platform in response to the widespread number of attacks where skimmer scripts are deployed on hacked e-commerce sites to steal customers' credit cards. [...]

https://www.bleepingcomputer.com/news/security/magento-adds-2fa-to-protect-against-card-skimming-attacks/

Emotet spam trojan surges back to life after 5 months of silence

After months of inactivity, the notorious Emotet spamming trojan has come alive again as it spews out a massive campaign of malicious emails targeting users worldwide. [...]

https://www.bleepingcomputer.com/news/security/emotet-spam-trojan-surges-back-to-life-after-5-months-of-silence/

Twitter: Hackers targeted 130 accounts, no passwords accessed

Twitter today revealed that hackers targeted roughly 130 accounts during the massive attack that allowed them to take over dozens of high-profile accounts of tech companies, executives, and celebrities to promote a Bitcoin scam. [...]

https://www.bleepingcomputer.com/news/security/twitter-hackers-targeted-130-accounts-no-passwords-accessed/

Cloudflare outage takes down Discord, BleepingComputer, and other sites

Cloudflare is having an outage that is affecting a lot of sites including Discord, BleepingComputer, and many other sites. It is not known what is causing the outage. [...]

https://www.bleepingcomputer.com/news/technology/cloudflare-outage-takes-down-discord-bleepingcomputer-and-other-sites/

The Week in Ransomware - July 17th 2020 - Freshly squeezed

With Twitter hackers, 10/10 vulnerabilities, and Cloudflare outages this week, thankfully ransomware has been pretty slow this week. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-july-17th-2020-freshly-squeezed/

New phishing campaign abuses a trio of enterprise cloud services

A new phishing campaign uses a trio of enterprise cloud services, Microsoft Azure, Microsoft Dynamics, and IBM Cloud, as part of an attempt to steal your login credentials. [...]

https://www.bleepingcomputer.com/news/security/new-phishing-campaign-abuses-a-trio-of-enterprise-cloud-services/

Windows 10 2004: List of compatibility issues blocking updates

While the Windows 10 May 2020 Update started gradually rolling out to customers worldwide on May 27, not everyone can update their devices to Windows 10, version 2004. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-2004-list-of-compatibility-issues-blocking-updates/

Microsoft Edge 84 introduces Storage Access API to improve privacy

Microsoft Edge 84 is now available for the desktop users and it comes with support for Storage Access API, PDF reader improvements, and more. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-84-introduces-storage-access-api-to-improve-privacy/

How to use Windows 10 File History to make secure backups

With File History feature on Windows, you can back up copies of files that are in the Documents, Music, Pictures, Videos, and Desktop folders. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-use-windows-10-file-history-to-make-secure-backups/

Critical SIGred Windows DNS bug gets micropatch after PoCs released

The critical remote code execution security vulnerability in Windows DNS known as SIGRed has received a micropatch for servers without an Extended Security Updates (ESU) license. [...]

https://www.bleepingcomputer.com/news/security/critical-sigred-windows-dns-bug-gets-micropatch-after-pocs-released/

Windows 10 Store 'wsreset' tool lets attackers bypass antivirus

A technique that exploits Windows 10 Microsoft Store called 'wsreset.exe' can delete files to bypass antivirus protection on a host without being detected. [...]

https://www.bleepingcomputer.com/news/security/windows-10-store-wsreset-tool-lets-attackers-bypass-antivirus/

Microsoft investigating Windows 10 2004 'No Internet' bug, how to fix

Microsoft is investigating a known issue where Windows 10 2004 customers might see "No Internet access" tray indicators even though their devices are connected to the Internet. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-investigating-windows-10-2004-no-internet-bug-how-to-fix/

Office 365 adds new security configuration analysis feature

Microsoft is working on a new Office 365 Advanced Threat Protection (ATP) feature which will make it easy to determine your security policies settings' effectiveness when compared to recommended settings. [...]

https://www.bleepingcomputer.com/news/security/office-365-adds-new-security-configuration-analysis-feature/

Coinbase blocked Twitter hackers from stealing an extra $280K

Coinbase says that it was able to block its customers from sending approximately $280,000 to the Twitter hackers who, last week, took over high-profile accounts to push a massive bitcoin scam. [...]

https://www.bleepingcomputer.com/news/security/coinbase-blocked-twitter-hackers-from-stealing-an-extra-280k/

Emotet-TrickBot malware duo is back infecting Windows machines

After awakening last week and starting to send spam worldwide, Emotet is now once again installing the TrickBot trojan on infected Windows computers. [...]

https://www.bleepingcomputer.com/news/security/emotet-trickbot-malware-duo-is-back-infecting-windows-machines/

Microsoft will disable insecure TLS in Office 365 on Oct 15

Microsoft has set the official retirement date for the insecure Transport Layer Security (TLS) 1.0 and 1.1 protocols in Office 365 starting with October 15, 2020, after temporarily halting deprecation enforcement for commercial customers due to COVID-19. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-will-disable-insecure-tls-in-office-365-on-oct-15/

Lorien Health Services discloses ransomware attack affecting nearly 50,000

Lorien Health Services in Maryland announced that it was the victim of a ransomware incident in early June. Data was stolen and then encrypted during the incident. [...]

https://www.bleepingcomputer.com/news/security/lorien-health-services-discloses-ransomware-attack-affecting-nearly-50-000/

Phishing campaign uses Google Cloud Services to steal Office 365 logins

Fraudsters looking to collect login details are increasingly turning to public cloud services to host lure documents and phishing pages, making it more difficult for targets to detect the attack. [...]

https://www.bleepingcomputer.com/news/security/phishing-campaign-uses-google-cloud-services-to-steal-office-365-logins/

Adobe Photoshop gets fixes for critical security vulnerabilities

Adobe has released security updates to address twelve critical vulnerabilities in Adobe Photoshop, Adobe Prelude, and Adobe Bridge that could allow attackers to execute arbitrary code on Windows devices. [...]

https://www.bleepingcomputer.com/news/security/adobe-photoshop-gets-fixes-for-critical-security-vulnerabilities/

DeepSource resets logins after employee falls for Sawfish phishing

GitHub notified DeepSource earlier this month of detecting malicious activity related to the startup's GitHub app after one of their employees fell victim to the Sawfish phishing campaign. [...]

https://www.bleepingcomputer.com/news/security/deepsource-resets-logins-after-employee-falls-for-sawfish-phishing/