FBI: Networks exposed to attacks due to Windows 7 end of life

The U.S. Federal Bureau of Investigation (FBI) has warned private industry partners of increased security risks impacting computer network infrastructure because of devices still running Windows 7 after the operating system reached its end of life on January 14. [...]

https://www.bleepingcomputer.com/news/security/fbi-networks-exposed-to-attacks-due-to-windows-7-end-of-life/

Facebook plugin bug lets hackers hijack WordPress sites’ chat

A high severity bug found in Facebook's official chat plugin for WordPress websites with over 80,000 active installations could allow attackers to intercept messages sent by visitors to the vulnerable sites' owner. [...]

https://www.bleepingcomputer.com/news/security/facebook-plugin-bug-lets-hackers-hijack-wordpress-sites-chat/

Microsoft Teams can still fetch and run arbitrary payloads

Microsoft Teams can still double as a Living off the Land binary (LoLBin) and help attackers retrieve and execute malware from a remote location. [...]

https://www.bleepingcomputer.com/news/security/microsoft-teams-can-still-fetch-and-run-arbitrary-payloads/

Twitter for Android vulnerability gave access to direct messages

Twitter today announced that it fixed a security vulnerability in the Twitter for Android app that could have allowed attackers to gain access to users' private Twitter data including direct messages. [...]

https://www.bleepingcomputer.com/news/security/twitter-for-android-vulnerability-gave-access-to-direct-messages/

Canon hit by Maze Ransomware attack, 10TB data allegedly stolen

​Canon has suffered a ransomware attack that impacts numerous services, including Canon's email, Microsoft Teams, USA website, cloud photo and video storage service, and other internal applications. [...]

https://www.bleepingcomputer.com/news/security/canon-hit-by-maze-ransomware-attack-10tb-data-allegedly-stolen/

Google to pay $7.5M in class action settlement. That's $5 a victim.

As confirmed by BleepingComputer, users today are receiving emails titled, "Notice of Class Action Settlement re Google Plus..." that offer details on the two-year class-action lawsuit Google had been litigating because of the Google+ data leak. [...]

https://www.bleepingcomputer.com/news/google/google-to-pay-75m-in-class-action-settlement-thats-5-a-victim/

Microsoft releases Windows 10 Version 2004 security baseline

Microsoft announced the final version of its security configuration baseline settings for Windows 10, version 2004 and Windows Server, version 2004, downloadable today using the Microsoft Security Compliance Toolkit. [...]

https://www.bleepingcomputer.com/news/security/microsoft-releases-windows-10-version-2004-security-baseline/

Microsoft adds Windows 10 DNS over HTTPS settings section

Microsoft has announced that Windows 10 customers can now configure DNS over HTTPS (DoH) directly from the Settings app starting with the release of Windows 10 Insider Preview Build 20185 to Windows Insiders in the Dev Channel. [...]

https://www.bleepingcomputer.com/news/security/microsoft-adds-windows-10-dns-over-https-settings-section/

ProtonVPN: US servers downed in warzone for Call of Duty updates

Most of the U.S. ProtonVPN servers are under high load as users worldwide battle to be the first to download the latest Call of Duty: Warzone update. [...]

https://www.bleepingcomputer.com/news/software/protonvpn-us-servers-downed-in-warzone-for-call-of-duty-updates/

Microsoft fixes 'No Internet' bug in latest Windows 10 Dev build

Microsoft today fixed the "No Internet access" known issue affecting Windows 10 2004 devices with the release of Windows 10 Build 20185 for Windows Insiders in the Dev Channel. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-no-internet-bug-in-latest-windows-10-dev-build/

Microsoft now lets you run Android apps in Windows 10

Microsoft has announced a new feature that allows Windows 10 users running Insider builds to launch their Android apps directly in Windows 10. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-now-lets-you-run-android-apps-in-windows-10/

Google Home erroneous update reveals the $450 million ADT deal

What happens when your old budget smoke alarm suddenly becomes Google "smart"? [...]

https://www.bleepingcomputer.com/news/google/google-home-erroneous-update-reveals-the-450-million-adt-deal/

Office 365 services will drop support for older Office clients

Microsoft says that Office 365 (and Microsoft 365) services including Exchange Online, SharePoint Online, and OneDrive for Business will provide connectivity support for a smaller number of Office clients starting with October 13, 2020. [...]

https://www.bleepingcomputer.com/news/microsoft/office-365-services-will-drop-support-for-older-office-clients/

Google banned 2500+ Chinese YouTube channels for disinformation

Google says that it took down multiple coordinated influence operation campaigns linked to China, Russia, Iran, and Tunisia by terminating thousands of YouTube channels and several AdSense, Play Developer, and advertising accounts. [...]

https://www.bleepingcomputer.com/news/google/google-banned-2500-chinese-youtube-channels-for-disinformation/

Hackers abuse lookalike domains and favicons for credit card theft

Hackers are abusing a new technique: combining homoglyph domains with favicons to conduct credit card skimming attacks. [...]

https://www.bleepingcomputer.com/news/security/hackers-abuse-lookalike-domains-and-favicons-for-credit-card-theft/

Unpatched bug in Windows print spooler lets malware run as admin

Researchers found a way to bypass a patch Microsoft released to address a bug in the Windows printing services, which gives attackers a path to executing malicious code with elevated privileges. [...]

https://www.bleepingcomputer.com/news/security/unpatched-bug-in-windows-print-spooler-lets-malware-run-as-admin/

Canon confirms ransomware attack in internal memo

​Canon has suffered a ransomware attack that impacts numerous services, including Canon's email, Microsoft Teams, USA website, cloud photo and video storage service, and other internal applications. [...]

https://www.bleepingcomputer.com/news/security/canon-confirms-ransomware-attack-in-internal-memo/

KrØØk attack variants impact Qualcomm, MediaTek Wi-Fi chips

Qualcomm and MediaTek Wi-Fi chips were found to have been impacted by new variants of the KrØØk information disclosure vulnerability discovered by ESET researchers Robert Lipovský and Štefan Svorenčík. [...]

https://www.bleepingcomputer.com/news/security/kr-k-attack-variants-impact-qualcomm-mediatek-wi-fi-chips/

Nearly 50% of all smartphones affected by Qualcomm Snapdragon bugs

Several security vulnerabilities found in Qualcomm's Snapdragon chip Digital Signal Processor (DSP) chip could allow attackers to take control of almost 40% of all smartphones, spy on their users, and create un-removable malware capable of evading detection. [...]

https://www.bleepingcomputer.com/news/security/nearly-50-percent-of-all-smartphones-affected-by-qualcomm-snapdragon-bugs/

Intel leak: 20GB of source code and internal docs, backdoors mentioned

Classified and confidential documents from U.S. chipmaker Intel, apparently resulting from a breach, have been uploaded earlier today to a public file sharing service. [...]

https://www.bleepingcomputer.com/news/security/intel-leak-20gb-of-source-code-and-internal-docs-backdoors-mentioned/

Chromium browser sneaked through review, released on Microsoft Store

You can now download and install an old version of the open source Chromium browser directly from the Windows 10 Microsoft Store. [...]

https://www.bleepingcomputer.com/news/microsoft/chromium-browser-sneaked-through-review-released-on-microsoft-store/