US govt exposes Chinese espionage malware secretly used since 2008

The U.S. government today released information on a malware variant used by Chinese government-sponsored hackers in cyber espionage campaigns targeting governments, corporations, and think tanks. [...]

https://www.bleepingcomputer.com/news/security/us-govt-exposes-chinese-espionage-malware-secretly-used-since-2008/

Netwalker ransomware earned $25 million in just five months

The Netwalker ransomware operation has generated a total of $25 million in ransom payments since March 1st according to a new report by McAfee. [...]

https://www.bleepingcomputer.com/news/security/netwalker-ransomware-earned-25-million-in-just-five-months/

FBI sees surge in online shopping scams, FTC says most reports ever

The U.S. Federal Bureau of Investigation (FBI) today warned of an increased number of reports coming from victims of online shopping scams. [...]

https://www.bleepingcomputer.com/news/security/fbi-sees-surge-in-online-shopping-scams-ftc-says-most-reports-ever/

Zello resets all user passwords after data breach

The push-to-talk app, Zello, has disclosed a data breach that revealed user's email addresses and hashed passwords after discovering unauthorized activity on their systems. [...]

https://www.bleepingcomputer.com/news/security/zello-resets-all-user-passwords-after-data-breach/

Newsletter plugin bugs let hackers inject backdoors on 300K sites

Owners of WordPress sites who use the Newsletter plugin are advised to update their installations to block attacks that could use a fixed vulnerability allowing hackers to inject backdoors, create rogue admins, and potentially take over their websites. [...]

https://www.bleepingcomputer.com/news/security/newsletter-plugin-bugs-let-hackers-inject-backdoors-on-300k-sites/

Windows 10: HOSTS file blocking telemetry is now flagged as a risk

Starting at the end of July, Microsoft has begun detecting HOSTS files that block Windows 10 telemetry servers as a 'Severe' security risk. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-hosts-file-blocking-telemetry-is-now-flagged-as-a-risk/

WastedLocker ransomware abuses Windows feature to evade detection

The WastedLocker ransomware is abusing a Windows memory management feature to evade detection by security software. [...]

https://www.bleepingcomputer.com/news/security/wastedlocker-ransomware-abuses-windows-feature-to-evade-detection/

Interpol: Lockbit ransomware attacks affecting American SMBs

American medium-sized companies are actively targeted by LockBit ransomware operators according to an Interpol report on the impact the COVID-19 pandemic had on cybercrime around the world. [...]

https://www.bleepingcomputer.com/news/security/interpol-lockbit-ransomware-attacks-affecting-american-smbs/

NodeJS module downloaded 7M times lets hackers inject code

A Node.js module downloaded millions of times has a security flaw that can enable attackers to perform a denial-of-service (DoS) attack on a server or get full-fledged remote shell access. [...]

https://www.bleepingcomputer.com/news/security/nodejs-module-downloaded-7m-times-lets-hackers-inject-code/

Microsoft paid almost $14M in bounties over the last 12 months

Microsoft has awarded $13.7 million to security researchers who have reported vulnerabilities over the last 12 months through 15 bug bounty programs, between July 1st, 2019, and June 30th, 2020. [...]

https://www.bleepingcomputer.com/news/security/microsoft-paid-almost-14m-in-bounties-over-the-last-12-months/

Vulnerable perimeter devices: a huge attack surface

With the increase of critical gateway devices deployed to support off-premise work, companies across the world have to adapt to a new threat landscape where perimeter and remote access devices are now in the first line. [...]

https://www.bleepingcomputer.com/news/security/vulnerable-perimeter-devices-a-huge-attack-surface/

NSA offers advice on how to reduce location tracking risks

The U.S. National Security Agency (NSA) today has published guidance on how to expose as little location information as possible while using mobile and IoT devices, social media, and mobile apps. [...]

https://www.bleepingcomputer.com/news/security/nsa-offers-advice-on-how-to-reduce-location-tracking-risks/

Suspicious Canon outage leads to image.canon data loss

Canon's image.canon cloud storage service has resumed operations after an almost six-day outage that led to data loss for stored images and videos. [...]

https://www.bleepingcomputer.com/news/technology/suspicious-canon-outage-leads-to-imagecanon-data-loss/

FBI: Networks exposed to attacks due to Windows 7 end of life

The U.S. Federal Bureau of Investigation (FBI) has warned private industry partners of increased security risks impacting computer network infrastructure because of devices still running Windows 7 after the operating system reached its end of life on January 14. [...]

https://www.bleepingcomputer.com/news/security/fbi-networks-exposed-to-attacks-due-to-windows-7-end-of-life/

Facebook plugin bug lets hackers hijack WordPress sites’ chat

A high severity bug found in Facebook's official chat plugin for WordPress websites with over 80,000 active installations could allow attackers to intercept messages sent by visitors to the vulnerable sites' owner. [...]

https://www.bleepingcomputer.com/news/security/facebook-plugin-bug-lets-hackers-hijack-wordpress-sites-chat/

Microsoft Teams can still fetch and run arbitrary payloads

Microsoft Teams can still double as a Living off the Land binary (LoLBin) and help attackers retrieve and execute malware from a remote location. [...]

https://www.bleepingcomputer.com/news/security/microsoft-teams-can-still-fetch-and-run-arbitrary-payloads/

Twitter for Android vulnerability gave access to direct messages

Twitter today announced that it fixed a security vulnerability in the Twitter for Android app that could have allowed attackers to gain access to users' private Twitter data including direct messages. [...]

https://www.bleepingcomputer.com/news/security/twitter-for-android-vulnerability-gave-access-to-direct-messages/

Canon hit by Maze Ransomware attack, 10TB data allegedly stolen

​Canon has suffered a ransomware attack that impacts numerous services, including Canon's email, Microsoft Teams, USA website, cloud photo and video storage service, and other internal applications. [...]

https://www.bleepingcomputer.com/news/security/canon-hit-by-maze-ransomware-attack-10tb-data-allegedly-stolen/

Google to pay $7.5M in class action settlement. That's $5 a victim.

As confirmed by BleepingComputer, users today are receiving emails titled, "Notice of Class Action Settlement re Google Plus..." that offer details on the two-year class-action lawsuit Google had been litigating because of the Google+ data leak. [...]

https://www.bleepingcomputer.com/news/google/google-to-pay-75m-in-class-action-settlement-thats-5-a-victim/

Microsoft releases Windows 10 Version 2004 security baseline

Microsoft announced the final version of its security configuration baseline settings for Windows 10, version 2004 and Windows Server, version 2004, downloadable today using the Microsoft Security Compliance Toolkit. [...]

https://www.bleepingcomputer.com/news/security/microsoft-releases-windows-10-version-2004-security-baseline/

Microsoft adds Windows 10 DNS over HTTPS settings section

Microsoft has announced that Windows 10 customers can now configure DNS over HTTPS (DoH) directly from the Settings app starting with the release of Windows 10 Insider Preview Build 20185 to Windows Insiders in the Dev Channel. [...]

https://www.bleepingcomputer.com/news/security/microsoft-adds-windows-10-dns-over-https-settings-section/