GandCrab ransomware operator arrested in Belarus

An affiliate of the GandCrab ransomware-as-a-business (RaaS) has been arrested, according to some Russian news sources. Authorities in Russia were able to identify the individual in cooperation with law enforcement in Romania and the U.K. [...]

https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-operator-arrested-in-belarus/

Four suspects charged for roles in Twitter hack, Bitcoin scam

Four suspects were charged today for their supposed involvement in this month's Twitter hack according to press releases from the Department of Justice and State Attorney Andrew H. Warren. [...]

https://www.bleepingcomputer.com/news/security/four-suspects-charged-for-roles-in-twitter-hack-bitcoin-scam/

The Week in Ransomware - July 31st 2020 - Cooked Crab

With No More Ransom turning 4, Garmin suddenly recovering from their ransomware attack, and a GandCrab affiliate being arrested in Belarus, it has been quite a week when it comes to ransomware news. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-july-31st-2020-cooked-crab/

How to use Windows 10 to see what's using the most disk space

Managing the free storage space in Windows 10 is an important task, especially on computers with smaller drives that frequently fill up. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-use-windows-10-to-see-whats-using-the-most-disk-space/

How to fix Windows Update problems in Windows 10

While Windows Update usually works without a hitch, sometimes problems can happen and Windows Update process could get stuck and refuse to install a particular update. In this article, we've highlighted the steps that you can follow to resolve issues with Windows Update on Windows 10. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-fix-windows-update-problems-in-windows-10/

Confirmed: Garmin received decryptor for WastedLocker ransomware

BleepingComputer can confirm that Garmin has received the decryption key to recover their files encrypted in the WastedLocker Ransomware attack. [...]

https://www.bleepingcomputer.com/news/security/confirmed-garmin-received-decryptor-for-wastedlocker-ransomware/

Havenly discloses data breach after 1.3M accounts leaked online

Havenly, a US-based interior design web site, has disclosed a data breach after a hacker posted a database containing 1.3 million user records for free on a hacker forum. [...]

https://www.bleepingcomputer.com/news/security/havenly-discloses-data-breach-after-13m-accounts-leaked-online/

Hackers could have stolen PayPal funds from Meetup users

Researchers analyzing the Meetup platform for organizing free and paid group events discovered high-severity vulnerabilities that allowed attackers to become co-organizers or steal funds. [...]

https://www.bleepingcomputer.com/news/security/hackers-could-have-stolen-paypal-funds-from-meetup-users/

US govt exposes Chinese espionage malware secretly used since 2008

The U.S. government today released information on a malware variant used by Chinese government-sponsored hackers in cyber espionage campaigns targeting governments, corporations, and think tanks. [...]

https://www.bleepingcomputer.com/news/security/us-govt-exposes-chinese-espionage-malware-secretly-used-since-2008/

Netwalker ransomware earned $25 million in just five months

The Netwalker ransomware operation has generated a total of $25 million in ransom payments since March 1st according to a new report by McAfee. [...]

https://www.bleepingcomputer.com/news/security/netwalker-ransomware-earned-25-million-in-just-five-months/

FBI sees surge in online shopping scams, FTC says most reports ever

The U.S. Federal Bureau of Investigation (FBI) today warned of an increased number of reports coming from victims of online shopping scams. [...]

https://www.bleepingcomputer.com/news/security/fbi-sees-surge-in-online-shopping-scams-ftc-says-most-reports-ever/

Zello resets all user passwords after data breach

The push-to-talk app, Zello, has disclosed a data breach that revealed user's email addresses and hashed passwords after discovering unauthorized activity on their systems. [...]

https://www.bleepingcomputer.com/news/security/zello-resets-all-user-passwords-after-data-breach/

Newsletter plugin bugs let hackers inject backdoors on 300K sites

Owners of WordPress sites who use the Newsletter plugin are advised to update their installations to block attacks that could use a fixed vulnerability allowing hackers to inject backdoors, create rogue admins, and potentially take over their websites. [...]

https://www.bleepingcomputer.com/news/security/newsletter-plugin-bugs-let-hackers-inject-backdoors-on-300k-sites/

Windows 10: HOSTS file blocking telemetry is now flagged as a risk

Starting at the end of July, Microsoft has begun detecting HOSTS files that block Windows 10 telemetry servers as a 'Severe' security risk. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-hosts-file-blocking-telemetry-is-now-flagged-as-a-risk/

WastedLocker ransomware abuses Windows feature to evade detection

The WastedLocker ransomware is abusing a Windows memory management feature to evade detection by security software. [...]

https://www.bleepingcomputer.com/news/security/wastedlocker-ransomware-abuses-windows-feature-to-evade-detection/

Interpol: Lockbit ransomware attacks affecting American SMBs

American medium-sized companies are actively targeted by LockBit ransomware operators according to an Interpol report on the impact the COVID-19 pandemic had on cybercrime around the world. [...]

https://www.bleepingcomputer.com/news/security/interpol-lockbit-ransomware-attacks-affecting-american-smbs/

NodeJS module downloaded 7M times lets hackers inject code

A Node.js module downloaded millions of times has a security flaw that can enable attackers to perform a denial-of-service (DoS) attack on a server or get full-fledged remote shell access. [...]

https://www.bleepingcomputer.com/news/security/nodejs-module-downloaded-7m-times-lets-hackers-inject-code/

Microsoft paid almost $14M in bounties over the last 12 months

Microsoft has awarded $13.7 million to security researchers who have reported vulnerabilities over the last 12 months through 15 bug bounty programs, between July 1st, 2019, and June 30th, 2020. [...]

https://www.bleepingcomputer.com/news/security/microsoft-paid-almost-14m-in-bounties-over-the-last-12-months/

Vulnerable perimeter devices: a huge attack surface

With the increase of critical gateway devices deployed to support off-premise work, companies across the world have to adapt to a new threat landscape where perimeter and remote access devices are now in the first line. [...]

https://www.bleepingcomputer.com/news/security/vulnerable-perimeter-devices-a-huge-attack-surface/

NSA offers advice on how to reduce location tracking risks

The U.S. National Security Agency (NSA) today has published guidance on how to expose as little location information as possible while using mobile and IoT devices, social media, and mobile apps. [...]

https://www.bleepingcomputer.com/news/security/nsa-offers-advice-on-how-to-reduce-location-tracking-risks/

Suspicious Canon outage leads to image.canon data loss

Canon's image.canon cloud storage service has resumed operations after an almost six-day outage that led to data loss for stored images and videos. [...]

https://www.bleepingcomputer.com/news/technology/suspicious-canon-outage-leads-to-imagecanon-data-loss/