Office 365 phishing abuses Google Ads to bypass email filters

An Office 365 phishing campaign abused Google Ads to bypass secure email gateways (SEGs), redirecting employees of targeted organizations to phishing landing pages and stealing their Microsoft credentials. (6f4c434995edef0548165457c4d90ce3)[...]

https://www.bleepingcomputer.com/news/security/office-365-phishing-abuses-google-ads-to-bypass-email-filters/

KDE archive tool flaw let hackers take over Linux accounts

A vulnerability exists in the default KDE extraction utility called ARK that allows attackers to overwrite files or execute code on victim's computers simply by tricking them into downloading an archive and extracting it.  (47a9275c481dbf25e49cf753f7102ec1)[...]

https://www.bleepingcomputer.com/news/security/kde-archive-tool-flaw-let-hackers-take-over-linux-accounts/

Linux warning: TrickBot malware is now infecting your systems

TrickBot's Anchor malware platform has been ported to infect Linux devices and compromise further high-impact and high-value targets using covert channels. (47a9275c481dbf25e49cf753f7102ec1)[...]

https://www.bleepingcomputer.com/news/security/linux-warning-trickbot-malware-is-now-infecting-your-systems/

Canadian MSP discloses data breach, failed ransomware attack

Managed service provider Pivot Technology Solutions has disclosed that it was the victim of a ransomware attack that resulted with sensitive information being accessed by the hackers. 9d677006e13fc8d17c1f59b05bbb9047 [...]

https://www.bleepingcomputer.com/news/security/canadian-msp-discloses-data-breach-failed-ransomware-attack/

Hackers stole Twitter employee credentials via phone phishing

Twitter today said that the attackers behind this month's hack were able to take control of high-profile accounts after stealing Twitter employees' credentials as part of a phone spear phishing attack on July 15, 2020. 9d677006e13fc8d17c1f59b05bbb9047 [...]

https://www.bleepingcomputer.com/news/security/hackers-stole-twitter-employee-credentials-via-phone-phishing/

Bypassing Windows 10 UAC with mock folders and DLL hijacking

A new technique uses a simplified process of  DLL hijacking and mock directories to bypass Windows 10's UAC security feature and run elevated commands without alerting a user. 9d677006e13fc8d17c1f59b05bbb9047 [...]

https://www.bleepingcomputer.com/news/security/bypassing-windows-10-uac-with-mock-folders-and-dll-hijacking/

QNAP urges users to update Malware Remover after QSnatch alert

QNAP urges its users to update the Malware Remover app and bolster their NAS devices' security following a QSnatch malware joint alert published earlier this week by UK's NCSC and the US CISA government cybersecurity agencies. [...]

https://www.bleepingcomputer.com/news/security/qnap-urges-users-to-update-malware-remover-after-qsnatch-alert/

Windows 10 2004 KB4568831 update released with printing fixes

​Microsoft released the Windows 10 2004 KB4568831 non-security preview cumulative update with fixes for network printing, family safety, and cellular connectivity issues. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-2004-kb4568831-update-released-with-printing-fixes/

Microsoft fixes Windows 10 2004 Bluetooth and Intel GPU issues

Microsoft today addressed two known issues preventing Windows 10 devices with Realtek Bluetooth radios and Intel integrated graphics processing units (iGPUs) from receiving the Windows 10 May 2020 Update. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-2004-bluetooth-and-intel-gpu-issues/

US government sites abused to redirect users to porn sites

In an ongoing blackhat SEO campaign tracked by BleepingComputer, scammers are using open redirects found on government websites to redirect visitors to pornography sites. [...]

https://www.bleepingcomputer.com/news/security/us-government-sites-abused-to-redirect-users-to-porn-sites/

Microsoft PowerToys update fixes launcher, adds color picker

Microsoft today updated the Windows 10 PowerToys toolset with a new Color Picker utility that adds a system-wide tool to help you pick colors from anywhere on your screen and copy them to your clipboard. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-powertoys-update-fixes-launcher-adds-color-picker/

GandCrab ransomware operator arrested in Belarus

An affiliate of the GandCrab ransomware-as-a-business (RaaS) has been arrested, according to some Russian news sources. Authorities in Russia were able to identify the individual in cooperation with law enforcement in Romania and the U.K. [...]

https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-operator-arrested-in-belarus/

Four suspects charged for roles in Twitter hack, Bitcoin scam

Four suspects were charged today for their supposed involvement in this month's Twitter hack according to press releases from the Department of Justice and State Attorney Andrew H. Warren. [...]

https://www.bleepingcomputer.com/news/security/four-suspects-charged-for-roles-in-twitter-hack-bitcoin-scam/

The Week in Ransomware - July 31st 2020 - Cooked Crab

With No More Ransom turning 4, Garmin suddenly recovering from their ransomware attack, and a GandCrab affiliate being arrested in Belarus, it has been quite a week when it comes to ransomware news. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-july-31st-2020-cooked-crab/

How to use Windows 10 to see what's using the most disk space

Managing the free storage space in Windows 10 is an important task, especially on computers with smaller drives that frequently fill up. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-use-windows-10-to-see-whats-using-the-most-disk-space/

How to fix Windows Update problems in Windows 10

While Windows Update usually works without a hitch, sometimes problems can happen and Windows Update process could get stuck and refuse to install a particular update. In this article, we've highlighted the steps that you can follow to resolve issues with Windows Update on Windows 10. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-fix-windows-update-problems-in-windows-10/

Confirmed: Garmin received decryptor for WastedLocker ransomware

BleepingComputer can confirm that Garmin has received the decryption key to recover their files encrypted in the WastedLocker Ransomware attack. [...]

https://www.bleepingcomputer.com/news/security/confirmed-garmin-received-decryptor-for-wastedlocker-ransomware/

Havenly discloses data breach after 1.3M accounts leaked online

Havenly, a US-based interior design web site, has disclosed a data breach after a hacker posted a database containing 1.3 million user records for free on a hacker forum. [...]

https://www.bleepingcomputer.com/news/security/havenly-discloses-data-breach-after-13m-accounts-leaked-online/

Hackers could have stolen PayPal funds from Meetup users

Researchers analyzing the Meetup platform for organizing free and paid group events discovered high-severity vulnerabilities that allowed attackers to become co-organizers or steal funds. [...]

https://www.bleepingcomputer.com/news/security/hackers-could-have-stolen-paypal-funds-from-meetup-users/

US govt exposes Chinese espionage malware secretly used since 2008

The U.S. government today released information on a malware variant used by Chinese government-sponsored hackers in cyber espionage campaigns targeting governments, corporations, and think tanks. [...]

https://www.bleepingcomputer.com/news/security/us-govt-exposes-chinese-espionage-malware-secretly-used-since-2008/

Netwalker ransomware earned $25 million in just five months

The Netwalker ransomware operation has generated a total of $25 million in ransom payments since March 1st according to a new report by McAfee. [...]

https://www.bleepingcomputer.com/news/security/netwalker-ransomware-earned-25-million-in-just-five-months/