Cerberus Android malware source code offered for sale for $100,000

The maintainer of Cerberus banking trojan for Android is auctioning the entire project for a price starting at $50,000 or close the deal for double the money. [...]

https://www.bleepingcomputer.com/news/security/cerberus-android-malware-source-code-offered-for-sale-for-100-000/

UK and US warn QNAP owners to upgrade firmware to block malware

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the UK's National Cyber Security Centre (NCSC) today issued an alert about the risks of infection faced by QNAP NAS devices if QSnatch malware attacks restart. [...]

https://www.bleepingcomputer.com/news/security/uk-and-us-warn-qnap-owners-to-upgrade-firmware-to-block-malware/

Garmin confirms ransomware attack, services coming back online

In a statement, Garmin has finally confirmed that they were the victim of a ransomware attack as they slowly bring their Garmin Connect, Strava, and navigation services back online. [...]

https://www.bleepingcomputer.com/news/security/garmin-confirms-ransomware-attack-services-coming-back-online/

Windows 10 Desktop Windows Manager crashes due to DirectX bug

Microsoft is working on a resolution for a new issue causing the Desktop Windows Manager to crash on laptops if the lid is repeatedly closed and opened. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-desktop-windows-manager-crashes-due-to-directx-bug/

Office 365 phishing baits employees with fake SharePoint alerts

Employees using Microsoft Office 365 are targeted in a phishing campaign that makes use of bait messages camouflaged as automated Sharepoint notifications to steal their accounts. [...]

https://www.bleepingcomputer.com/news/security/office-365-phishing-baits-employees-with-fake-sharepoint-alerts/

Office 365 adds new features to help identify malicious spam

Microsoft is planning to provide more info on spam emails detected as malicious by the Office 365 Advanced Threat Protection (ATP) filtering stack and allow organizations to export their list of the top targeted users by phishing attacks. [...]

https://www.bleepingcomputer.com/news/security/office-365-adds-new-features-to-help-identify-malicious-spam/

Promo.com discloses data breach after 22M user records leaked online

Promo.com, an Israeli-based marketing video creation site, has disclosed a data breach after a database containing 22 million user records was leaked for free on a hacker forum. [...]

https://www.bleepingcomputer.com/news/security/promocom-discloses-data-breach-after-22m-user-records-leaked-online/

Feature-rich Ensiko malware can encrypt, targets Windows, macOS, Linux

Threat researchers have found a new feature-rich malware that can encrypt files on any system running PHP, making it a high risk for Windows, macOS, and Linux web servers. [...]

https://www.bleepingcomputer.com/news/security/feature-rich-ensiko-malware-can-encrypt-targets-windows-macos-linux/

Netflix credential phishing hides behind working CAPTCHA

A recent wave of phishing attacks aiming to steal payment card info and credentials for Netflix streaming service starts with redirecting to a functioning CAPTCHA page to bypass email security controls. [...]

https://www.bleepingcomputer.com/news/security/netflix-credential-phishing-hides-behind-working-captcha/

Industrial VPN vulnerabilities put critical infrastructure at risk

Security researchers analyzing popular remote access solutions used for industrial control systems (ICS) found multiple vulnerabilities that could let unauthenticated attackers execute arbitrary code and breach the environment. [...]

https://www.bleepingcomputer.com/news/security/industrial-vpn-vulnerabilities-put-critical-infrastructure-at-risk/

Hacker leaks 386 million user records from 18 companies for free

A threat actor is flooding a hacker forum with databases exposing expose over 386 million user records that they claim were stolen from eighteen companies during data breaches. [...]

https://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/

North Korean hackers created VHD ransomware for enterprise attacks

North Korean-backed hackers tracked as the Lazarus Group have developed and are actively using VHD ransomware against enterprise targets according to a report published by Kaspersky researchers today. [...]

https://www.bleepingcomputer.com/news/security/north-korean-hackers-created-vhd-ransomware-for-enterprise-attacks/

Magento gets security updates for severe code execution bugs

Adobe today released security updates to fix two code execution vulnerabilities affecting Magento Commerce and Magento Open Source, rated as important and critical severity. [...]

https://www.bleepingcomputer.com/news/security/magento-gets-security-updates-for-severe-code-execution-bugs/

Emotet malware now steals your email attachments to attack contacts

The Emotet malware botnet is now also using stolen attachments to increase the authenticity of spam emails attempting to infect targets' systems. [...]

https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Critical Wordpress plugin bug lets hackers take over hosting account

Hackers can exploit a maximum severity vulnerability in the wpDiscuz plugin installed on over 70,000 WordPress sites to execute code remotely after uploading arbitrary files on servers hosting vulnerable sites. [...]

https://www.bleepingcomputer.com/news/security/critical-wordpress-plugin-bug-lets-hackers-take-over-hosting-account/

Business giant Dussmann Group's data leaked after ransomware attack

The Nefilim ransomware operation has begun to publish unencrypted files stolen from a Dussmann Group subsidiary during a recent attack. [...]

https://www.bleepingcomputer.com/news/security/business-giant-dussmann-groups-data-leaked-after-ransomware-attack/

The IRS asks tax professionals to enable multi-factor authentication

The U.S. Internal Revenue Service is asking tax professionals to enable additional forms of authentication in software that provides the option as an improved defense against hacker takeover attempts. [...]

https://www.bleepingcomputer.com/news/security/the-irs-asks-tax-professionals-to-enable-multi-factor-authentication/

FBI warns of Netwalker ransomware targeting US government and orgs

The FBI has issued a security alert about Netwalker ransomware operators targeting U.S. and foreign government organizations, advising their victims not to pay the ransom and reporting incidents to their local FBI field offices. [...]

https://www.bleepingcomputer.com/news/security/fbi-warns-of-netwalker-ransomware-targeting-us-government-and-orgs/

Microsoft to remove all Windows downloads signed with SHA-1

Microsoft is removing all Windows downloads from the Microsoft Download Center that are signed using SHA-1 certificates on August 3rd, 2020. (9d677006e13fc8d17c1f59b05bbb9047)[...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-to-remove-all-windows-downloads-signed-with-sha-1/

BootHole GRUB bootloader bug lets hackers hide malware in Linux, Windows

A severe vulnerability exists in almost all signed versions of GRUB2 bootloader used by most Linux systems. When properly exploited, it could allow threat actors to compromise an operating system's booting process even if the Secure Boot verification mechanism is active. (d6e07de8573fc9018707f22eee885a5d)[...]

https://www.bleepingcomputer.com/news/security/boothole-grub-bootloader-bug-lets-hackers-hide-malware-in-linux-windows/

Cisco fixes severe flaws in data center management solution

Cisco today has released several security updates to address three critical authentication bypass, buffer overflow, and authorization bypass vulnerabilities found to affect Cisco Data Center Network Manager (DCNM) and multiple Cisco SD-WAN software products. (eaf4eb782b57d2f002da312b3ed275fe)[...]

https://www.bleepingcomputer.com/news/security/cisco-fixes-severe-flaws-in-data-center-management-solution/