Microsoft 365 adds endpoint data leak protection in public preview

Microsoft announced today the extension of Data Loss Prevention (Endpoint DLP) to Microsoft 365 customers' endpoints, making it easier for organizations to prevent data leaks, inappropriate or unintentional data sharing or transfer, and other similar risks. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-365-adds-endpoint-data-leak-protection-in-public-preview/

Windows 10 KB4559004 released to fix broken wireless LTE connectivity

Microsoft released the KB4559004 non-security preview cumulative update with a fix for an issue that caused Windows 10 computers with wireless wide area network (WWAN) LTE modems to lose Internet connectivity after installing the May KB4556799 update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4559004-released-to-fix-broken-wireless-lte-connectivity/

New ‘Meow’ attack has wiped dozens of unsecured databases

Dozens of unsecured databases exposed on the public web are the target of an automated 'meow' attack that wipes data without any explanation. [...]

https://www.bleepingcomputer.com/news/security/new-meow-attack-has-wiped-dozens-of-unsecured-databases/

US offers $2 million for info on Ukrainians charged for SEC hack

The U.S. Department of State today announced rewards of up to $1 million for information that would lead to the arrest or conviction of Ukrainian nationals Artem Viacheslavovich Radchenko and Oleksandr Vitalyevich Ieremenko. [...]

https://www.bleepingcomputer.com/news/security/us-offers-2-million-for-info-on-ukrainians-charged-for-sec-hack/

Critical SharePoint flaw dissected, RCE details now available

Details are now available for exploiting a critical security vulnerability that affects Microsoft SharePoint, increasing the risk of attacks on unpatched systems. [...]

https://www.bleepingcomputer.com/news/security/critical-sharepoint-flaw-dissected-rce-details-now-available/

D-Link blunder: Firmware encryption key exposed in unencrypted image

The router manufacturer leaks encryption keys in some firmware versions letting reverse engineers decrypt the latest firmware images. [...]

https://www.bleepingcomputer.com/news/security/d-link-blunder-firmware-encryption-key-exposed-in-unencrypted-image/

Microsoft Outlook crashes, deletes mails for some POP accounts

Some Microsoft 365 customers might experience Outlook crashes after updating to Version 2006 Build 13001.20266 and higher according to an Office support document. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-outlook-crashes-deletes-mails-for-some-pop-accounts/

Lazarus hackers deploy ransomware, steal data using MATA malware

A recently discovered malware framework known as MATA and linked to the North Korean-backed hacking group known as Lazarus was used in attacks targeting corporate entities from multiple countries since April 2018 for ransomware deployment and data theft. [...]

https://www.bleepingcomputer.com/news/security/lazarus-hackers-deploy-ransomware-steal-data-using-mata-malware/

Twilio exposes SDK, attackers inject it with malvertising code

Twilio today disclosed that its TaskRouter JS SDK was compromised by attackers after they gained access to one of its misconfigured Amazon AWS S3 buckets which left the SDK's path publicly readable and writable for roughly five years, since 2015. [...]

https://www.bleepingcomputer.com/news/security/twilio-exposes-sdk-attackers-inject-it-with-malvertising-code/

New cryptojacking botnet uses SMB exploit to spread to Windows systems

A new cryptojacking botnet is spreading across compromised networks via multiple methods that include the EternalBlue exploit for Windows Server Message Block (SMB) communication protocol. [...]

https://www.bleepingcomputer.com/news/security/new-cryptojacking-botnet-uses-smb-exploit-to-spread-to-windows-systems/

Twitter hackers read private messages of 36 high-profile accounts

Twitter today admitted that the attackers behind last week's incident read the private messages of 36 out of a total of 130 high-profile accounts targeted in the attack. [...]

https://www.bleepingcomputer.com/news/security/twitter-hackers-read-private-messages-of-36-high-profile-accounts/

Remove unwanted Windows 10 apps with this new open source tool

A new standalone utility named Bloatbox has been released that allows Windows 10 users to debloat the operating system by removing unwanted preinstalled apps. [...]

https://www.bleepingcomputer.com/news/microsoft/remove-unwanted-windows-10-apps-with-this-new-open-source-tool/

How to stop Microsoft Edge launching automatically on login

Microsoft shared info on how Edge users can prevent the web browser from launching automatically after they log into their Windows account by tweaking the system's Sign-in setting for automatically restarting apps on logon. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-stop-microsoft-edge-launching-automatically-on-login/

Garmin shuts down services after suspected ransomware attack

Wearable device maker Garmin today had to shut down some of its connected services and call centers following what the company calls a worldwide outage. [...]

https://www.bleepingcomputer.com/news/security/garmin-shuts-down-services-after-suspected-ransomware-attack/

UK govt warns of ransomware, BEC attacks against sports sector

The UK National Cyber Security Centre (NCSC) today highlighted the increasing risks posed by ransomware attacks, phishing campaigns, and Business Email Compromise (BEC) fraud schemes targeting sports organizations and teams, including Premier League football clubs. [...]

https://www.bleepingcomputer.com/news/security/uk-govt-warns-of-ransomware-bec-attacks-against-sports-sector/

5 severe D-Link router vulnerabilities disclosed, patch now

5 severe D-Link vulnerabilities have been disclosed that could allow an attacker to take complete control over a router without needing to login. [...]

https://www.bleepingcomputer.com/news/security/5-severe-d-link-router-vulnerabilities-disclosed-patch-now/

Cisco patches actively exploited ASA/FTD firewall vulnerability

Cisco fixed a high severity and actively exploited read-only path traversal vulnerability affecting the web services interface of two of its firewall products. [...]

https://www.bleepingcomputer.com/news/security/cisco-patches-actively-exploited-asa-ftd-firewall-vulnerability/

Emotet malware operation hacked to show memes to victims

Someone is poking fun at Emotet botnet and heavily disrupting its operations at the same time as payloads hosted on some compromised sites have been replaced by memes and GIFs. [...]

https://www.bleepingcomputer.com/news/security/emotet-malware-operation-hacked-to-show-memes-to-victims/

Garmin outage caused by confirmed WastedLocker ransomware attack

Wearable device maker Garmin today had to shut down some of its connected services and call centers following what the company calls a worldwide outage. [...]

https://www.bleepingcomputer.com/news/security/garmin-outage-caused-by-confirmed-wastedlocker-ransomware-attack/

The Week in Ransomware - July 24th 2020 - Navigation failure

This week has been quite busy with a new enterprise targeting ransomware called Exorcist and attacks against large companies. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-july-24th-2020-navigation-failure/

Microsoft working on a fix for Windows 10 Sandbox failing to open

Microsoft is investigating a known issue preventing the Windows Sandbox and Windows Defender Application Guard (WDAG) from opening on devices running Windows 10, version 1903 or later, Pro and Enterprise editions. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-working-on-a-fix-for-windows-10-sandbox-failing-to-open/