Phishing campaign uses Google Cloud Services to steal Office 365 logins

Fraudsters looking to collect login details are increasingly turning to public cloud services to host lure documents and phishing pages, making it more difficult for targets to detect the attack. [...]

https://www.bleepingcomputer.com/news/security/phishing-campaign-uses-google-cloud-services-to-steal-office-365-logins/

Adobe Photoshop gets fixes for critical security vulnerabilities

Adobe has released security updates to address twelve critical vulnerabilities in Adobe Photoshop, Adobe Prelude, and Adobe Bridge that could allow attackers to execute arbitrary code on Windows devices. [...]

https://www.bleepingcomputer.com/news/security/adobe-photoshop-gets-fixes-for-critical-security-vulnerabilities/

DeepSource resets logins after employee falls for Sawfish phishing

GitHub notified DeepSource earlier this month of detecting malicious activity related to the startup's GitHub app after one of their employees fell victim to the Sawfish phishing campaign. [...]

https://www.bleepingcomputer.com/news/security/deepsource-resets-logins-after-employee-falls-for-sawfish-phishing/

Outlook affected by one-minute startup delays on Windows 10

Microsoft says that Outlook might take a minute to start and display the splash screen on devices running Windows 10, version 1809 or later if User Experience Virtualization (UE-V) is enabled. [...]

https://www.bleepingcomputer.com/news/microsoft/outlook-affected-by-one-minute-startup-delays-on-windows-10/

US indicts hackers working with China's Ministry of State Security

Two hackers working with China's Ministry of State Security were charged with hacking into computer systems of government organizations and companies in the United States and around the world, stealing terabytes of data in the process. [...]

https://www.bleepingcomputer.com/news/security/us-indicts-hackers-working-with-chinas-ministry-of-state-security/

Malwarebytes fixes bug causing Windows 10 2004 performance issues

Malwarebytes has fixed bugs in the latest beta version of their software that were causing performance issues in Windows 10 2004. [...]

https://www.bleepingcomputer.com/news/microsoft/malwarebytes-fixes-bug-causing-windows-10-2004-performance-issues/

Emotet botnet is now heavily spreading QakBot malware

Researchers tracking Emotet botnet noticed that the malware started to push QakBot banking trojan at an unusually high rate, replacing the longtime TrickBot payload. [...]

https://www.bleepingcomputer.com/news/security/emotet-botnet-is-now-heavily-spreading-qakbot-malware/

Microsoft Edge gets new features on desktop and mobile

As part of the July update, Microsoft Edge for Windows, macOS, Android and iOS is getting Collections on mobile and slew of other improvements. The new features for Microsoft Edge were announced and highlighted during Microsoft's online Inspire developer conference. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-gets-new-features-on-desktop-and-mobile/

Microsoft 365 adds endpoint data leak protection in public preview

Microsoft announced today the extension of Data Loss Prevention (Endpoint DLP) to Microsoft 365 customers' endpoints, making it easier for organizations to prevent data leaks, inappropriate or unintentional data sharing or transfer, and other similar risks. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-365-adds-endpoint-data-leak-protection-in-public-preview/

Windows 10 KB4559004 released to fix broken wireless LTE connectivity

Microsoft released the KB4559004 non-security preview cumulative update with a fix for an issue that caused Windows 10 computers with wireless wide area network (WWAN) LTE modems to lose Internet connectivity after installing the May KB4556799 update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4559004-released-to-fix-broken-wireless-lte-connectivity/

New ‘Meow’ attack has wiped dozens of unsecured databases

Dozens of unsecured databases exposed on the public web are the target of an automated 'meow' attack that wipes data without any explanation. [...]

https://www.bleepingcomputer.com/news/security/new-meow-attack-has-wiped-dozens-of-unsecured-databases/

US offers $2 million for info on Ukrainians charged for SEC hack

The U.S. Department of State today announced rewards of up to $1 million for information that would lead to the arrest or conviction of Ukrainian nationals Artem Viacheslavovich Radchenko and Oleksandr Vitalyevich Ieremenko. [...]

https://www.bleepingcomputer.com/news/security/us-offers-2-million-for-info-on-ukrainians-charged-for-sec-hack/

Critical SharePoint flaw dissected, RCE details now available

Details are now available for exploiting a critical security vulnerability that affects Microsoft SharePoint, increasing the risk of attacks on unpatched systems. [...]

https://www.bleepingcomputer.com/news/security/critical-sharepoint-flaw-dissected-rce-details-now-available/

D-Link blunder: Firmware encryption key exposed in unencrypted image

The router manufacturer leaks encryption keys in some firmware versions letting reverse engineers decrypt the latest firmware images. [...]

https://www.bleepingcomputer.com/news/security/d-link-blunder-firmware-encryption-key-exposed-in-unencrypted-image/

Microsoft Outlook crashes, deletes mails for some POP accounts

Some Microsoft 365 customers might experience Outlook crashes after updating to Version 2006 Build 13001.20266 and higher according to an Office support document. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-outlook-crashes-deletes-mails-for-some-pop-accounts/

Lazarus hackers deploy ransomware, steal data using MATA malware

A recently discovered malware framework known as MATA and linked to the North Korean-backed hacking group known as Lazarus was used in attacks targeting corporate entities from multiple countries since April 2018 for ransomware deployment and data theft. [...]

https://www.bleepingcomputer.com/news/security/lazarus-hackers-deploy-ransomware-steal-data-using-mata-malware/

Twilio exposes SDK, attackers inject it with malvertising code

Twilio today disclosed that its TaskRouter JS SDK was compromised by attackers after they gained access to one of its misconfigured Amazon AWS S3 buckets which left the SDK's path publicly readable and writable for roughly five years, since 2015. [...]

https://www.bleepingcomputer.com/news/security/twilio-exposes-sdk-attackers-inject-it-with-malvertising-code/

New cryptojacking botnet uses SMB exploit to spread to Windows systems

A new cryptojacking botnet is spreading across compromised networks via multiple methods that include the EternalBlue exploit for Windows Server Message Block (SMB) communication protocol. [...]

https://www.bleepingcomputer.com/news/security/new-cryptojacking-botnet-uses-smb-exploit-to-spread-to-windows-systems/

Twitter hackers read private messages of 36 high-profile accounts

Twitter today admitted that the attackers behind last week's incident read the private messages of 36 out of a total of 130 high-profile accounts targeted in the attack. [...]

https://www.bleepingcomputer.com/news/security/twitter-hackers-read-private-messages-of-36-high-profile-accounts/

Remove unwanted Windows 10 apps with this new open source tool

A new standalone utility named Bloatbox has been released that allows Windows 10 users to debloat the operating system by removing unwanted preinstalled apps. [...]

https://www.bleepingcomputer.com/news/microsoft/remove-unwanted-windows-10-apps-with-this-new-open-source-tool/

How to stop Microsoft Edge launching automatically on login

Microsoft shared info on how Edge users can prevent the web browser from launching automatically after they log into their Windows account by tweaking the system's Sign-in setting for automatically restarting apps on logon. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-stop-microsoft-edge-launching-automatically-on-login/