Microsoft Edge now blocks abusive notifications to reduce web spam

Websites increasingly ask to send notifications about their new contents and notifications are also abused for advertisements or web scams. To address this webspam mess, Microsoft Edge 84 introduces a new notification request experience called quiet notification requests. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-now-blocks-abusive-notifications-to-reduce-web-spam/

Linux-based malware analysis toolkit REMnux 7 released

A new version of REMnux Linux distro is now available for malware researchers, packed with hundreds of tools to dissect malicious executables, documents, scripts, and ill-intended code. [...]

https://www.bleepingcomputer.com/news/security/linux-based-malware-analysis-toolkit-remnux-7-released/

New ‘Meow’ attack has deleted almost 4,000 unsecured databases

Dozens of unsecured databases exposed on the public web are the target of an automated 'meow' attack that wipes data without any explanation. [...]

https://www.bleepingcomputer.com/news/security/new-meow-attack-has-deleted-almost-4-000-unsecured-databases/

Samsung is reportedly building an Exynos CPU for Windows 10 PCs

If the latest from the rumor mill turns out to be correct, Samsung could launch a new Exynos processor to power Windows 10 on ARM. [...]

https://www.bleepingcomputer.com/news/technology/samsung-is-reportedly-building-an-exynos-cpu-for-windows-10-pcs/

Microsoft's PowerToys 0.20 adds a built-in Windows 10 Color Picker

The next version of the Windows 10 PowerToys coming at the end of this month will introduce a new toy called 'Color Picker Tool' that lets you click on any portion of the screen and retrieve the location's hexadecimal or RGB color code. [...]

https://www.bleepingcomputer.com/news/microsoft/microsofts-powertoys-020-adds-a-built-in-windows-10-color-picker/

Dave data breach affects 7.5 million users, leaked on hacker forum

Overdraft protection and cash advance service Dave has suffered a data breach after a database containing 7.5 million user records was sold in an auction and then released later for free on hacker forums. [...]

https://www.bleepingcomputer.com/news/security/dave-data-breach-affects-75-million-users-leaked-on-hacker-forum/

No More Ransom turns 4: Saves $632 million in ransomware payments

The No More Ransom Project celebrates its fourth anniversary today after helping over 4.2 million visitors recover from a ransomware infection and saving an estimated $632 million in ransom payments. [...]

https://www.bleepingcomputer.com/news/security/no-more-ransom-turns-4-saves-632-million-in-ransomware-payments/

Source code from dozens of companies leaked online

Source code from exposed repositories of dozens of companies across various fields of activity (tech, finance, retail, food, eCommerce, manufacturing) is publicly available as a result of misconfigurations in their infrastructure. [...]

https://www.bleepingcomputer.com/news/security/source-code-from-dozens-of-companies-leaked-online/

Cerberus Android malware source code offered for sale for $100,000

The maintainer of Cerberus banking trojan for Android is auctioning the entire project for a price starting at $50,000 or close the deal for double the money. [...]

https://www.bleepingcomputer.com/news/security/cerberus-android-malware-source-code-offered-for-sale-for-100-000/

UK and US warn QNAP owners to upgrade firmware to block malware

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the UK's National Cyber Security Centre (NCSC) today issued an alert about the risks of infection faced by QNAP NAS devices if QSnatch malware attacks restart. [...]

https://www.bleepingcomputer.com/news/security/uk-and-us-warn-qnap-owners-to-upgrade-firmware-to-block-malware/

Garmin confirms ransomware attack, services coming back online

In a statement, Garmin has finally confirmed that they were the victim of a ransomware attack as they slowly bring their Garmin Connect, Strava, and navigation services back online. [...]

https://www.bleepingcomputer.com/news/security/garmin-confirms-ransomware-attack-services-coming-back-online/

Windows 10 Desktop Windows Manager crashes due to DirectX bug

Microsoft is working on a resolution for a new issue causing the Desktop Windows Manager to crash on laptops if the lid is repeatedly closed and opened. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-desktop-windows-manager-crashes-due-to-directx-bug/

Office 365 phishing baits employees with fake SharePoint alerts

Employees using Microsoft Office 365 are targeted in a phishing campaign that makes use of bait messages camouflaged as automated Sharepoint notifications to steal their accounts. [...]

https://www.bleepingcomputer.com/news/security/office-365-phishing-baits-employees-with-fake-sharepoint-alerts/

Office 365 adds new features to help identify malicious spam

Microsoft is planning to provide more info on spam emails detected as malicious by the Office 365 Advanced Threat Protection (ATP) filtering stack and allow organizations to export their list of the top targeted users by phishing attacks. [...]

https://www.bleepingcomputer.com/news/security/office-365-adds-new-features-to-help-identify-malicious-spam/

Promo.com discloses data breach after 22M user records leaked online

Promo.com, an Israeli-based marketing video creation site, has disclosed a data breach after a database containing 22 million user records was leaked for free on a hacker forum. [...]

https://www.bleepingcomputer.com/news/security/promocom-discloses-data-breach-after-22m-user-records-leaked-online/

Feature-rich Ensiko malware can encrypt, targets Windows, macOS, Linux

Threat researchers have found a new feature-rich malware that can encrypt files on any system running PHP, making it a high risk for Windows, macOS, and Linux web servers. [...]

https://www.bleepingcomputer.com/news/security/feature-rich-ensiko-malware-can-encrypt-targets-windows-macos-linux/

Netflix credential phishing hides behind working CAPTCHA

A recent wave of phishing attacks aiming to steal payment card info and credentials for Netflix streaming service starts with redirecting to a functioning CAPTCHA page to bypass email security controls. [...]

https://www.bleepingcomputer.com/news/security/netflix-credential-phishing-hides-behind-working-captcha/

Industrial VPN vulnerabilities put critical infrastructure at risk

Security researchers analyzing popular remote access solutions used for industrial control systems (ICS) found multiple vulnerabilities that could let unauthenticated attackers execute arbitrary code and breach the environment. [...]

https://www.bleepingcomputer.com/news/security/industrial-vpn-vulnerabilities-put-critical-infrastructure-at-risk/

Hacker leaks 386 million user records from 18 companies for free

A threat actor is flooding a hacker forum with databases exposing expose over 386 million user records that they claim were stolen from eighteen companies during data breaches. [...]

https://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/

North Korean hackers created VHD ransomware for enterprise attacks

North Korean-backed hackers tracked as the Lazarus Group have developed and are actively using VHD ransomware against enterprise targets according to a report published by Kaspersky researchers today. [...]

https://www.bleepingcomputer.com/news/security/north-korean-hackers-created-vhd-ransomware-for-enterprise-attacks/

Magento gets security updates for severe code execution bugs

Adobe today released security updates to fix two code execution vulnerabilities affecting Magento Commerce and Magento Open Source, rated as important and critical severity. [...]

https://www.bleepingcomputer.com/news/security/magento-gets-security-updates-for-severe-code-execution-bugs/