Microsoft August 2020 Patch Tuesday fixes 2 zero-days, 120 flaws

Today is Microsoft's August 2020 Patch Tuesday, and while this is just a typical day for most of you, Windows administrators around the world want to pull their hair out. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2020-patch-tuesday-fixes-2-zero-days-120-flaws/

Network intruders selling access to high-value companies

Breaching corporate networks and selling access to them is a business in and of itself. For many hackers, this is how they make their living, others do it forced by financial struggles to supplement their revenue. [...]

https://www.bleepingcomputer.com/news/security/network-intruders-selling-access-to-high-value-companies/

SANS infosec training org suffers data breach after phishing attack

The SANS cybersecurity training organization has suffered a data breach after one of their employees fell victim to a phishing attack. [...]

https://www.bleepingcomputer.com/news/security/sans-infosec-training-org-suffers-data-breach-after-phishing-attack/

SAP updates security note for critical RECON vulnerability

SAP today released its security patches for August, alerting of new critical and high-severity vulnerabilities in several of its products, mostly NetWeaver Application Server (AS). [...]

https://www.bleepingcomputer.com/news/security/sap-updates-security-note-for-critical-recon-vulnerability/

Dharma ransomware created a hacking toolkit to make cybercrime easy

The Darhma Ransomware-as-a-Service (RaaS) operation makes it easy for a wannabe cyber-criminal to get into the ransomware business by offering a toolkit that does almost everything for them. [...]

https://www.bleepingcomputer.com/news/security/dharma-ransomware-created-a-hacking-toolkit-to-make-cybercrime-easy/

Windows 10 to give power users more control over their GPUs

Microsoft will soon offer Windows 10 power users with multiple GPUs greater control over how they can use their graphics cards when running applications in Windows 10. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-to-give-power-users-more-control-over-their-gpus/

Windows, IE11 zero-day vulnerabilities chained in targeted attack

An advanced threat actor exploited one of the two zero-day vulnerabilities that Microsoft patched on Tuesday in a targeted attack earlier this year. [...]

https://www.bleepingcomputer.com/news/security/windows-ie11-zero-day-vulnerabilities-chained-in-targeted-attack/

Windows 10 Tips apps will soon show new features in an update

Microsoft is adding a new post-update experience to Windows 10 that displays the prominent changes in a just installed update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-tips-apps-will-soon-show-new-features-in-an-update/

U.S. stock broker regulator FINRA warns of copycat phishing site

The U.S. Financial Industry Regulatory Authority (FINRA) is warning of copycat site impersonating them and potentially being used in phishing attacks. [...]

https://www.bleepingcomputer.com/news/security/us-stock-broker-regulator-finra-warns-of-copycat-phishing-site/

CISA alerts of phishing attack targeting SBA loan relief accounts

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday released an alert about phishing attacks targeting various government organizations to steal logins for the Small Business Administration COVID-19 loan relief accounts. [...]

https://www.bleepingcomputer.com/news/security/cisa-alerts-of-phishing-attack-targeting-sba-loan-relief-accounts/

Stealthy RedCurl hackers steal corporate documents

For the past couple of years, a little known cyberespionage group has been conducting carefully planned attacks against victims in a wide geography to steal confidential corporate documents. [...]

https://www.bleepingcomputer.com/news/security/stealthy-redcurl-hackers-steal-corporate-documents/

Mekotio banking trojan imitates update alerts to steal Bitcoin

A versatile banking trojan targeting users in Latin America has been circulating in multiple countries including Mexico, Brazil, Chile, Spain, Peru, and Portugal. [...]

https://www.bleepingcomputer.com/news/security/mekotio-banking-trojan-imitates-update-alerts-to-steal-bitcoin/

NSA discloses new Russian-made Drovorub malware targeting Linux

The National Security Agency is warning about espionage operations from the Russian Intelligence Directorate (GRU) using a previously undisclosed Linux malware toolset called Drovorub. [...]

https://www.bleepingcomputer.com/news/security/nsa-discloses-new-russian-made-drovorub-malware-targeting-linux/

Surface Duo: All the Specs, Features, Software, Price and Release Date

Microsoft describes Surface Duo as the "next wave of mobile productivity" that will inspire "people to rethink what is possible with the device in their pocket". [...]

https://www.bleepingcomputer.com/news/microsoft/surface-duo-all-the-specs-features-software-price-and-release-date/

Hacker leaks data for U.S. gun exchange site on cybercrime forum

A hacker has released the databases of Utah-based gun exchange, hunting, and kratom sites for free on a cybercrime forum. [...]

https://www.bleepingcomputer.com/news/security/hacker-leaks-data-for-us-gun-exchange-site-on-cybercrime-forum/

Expired certificate led to an undercount of COVID-19 results

An expired certificate and outage led to an undercounting of COVID-19 cases reported in California after 250,00-300,000 lab results were prevented from being uploaded to California's CalREDIE reporting system. [...]

https://www.bleepingcomputer.com/news/technology/expired-certificate-led-to-an-undercount-of-covid-19-results/

Canon USA's stolen files leaked by Maze ransomware gang

A ransomware gang has published unencrypted files allegedly stolen from Canon during a ransomware attack earlier this month. [...]

https://www.bleepingcomputer.com/news/security/canon-usas-stolen-files-leaked-by-maze-ransomware-gang/

Microsoft Edge Dev gets new security and privacy features

A new update is now available for Microsoft Edge Insiders within the Dev channel and the main focus of today's update is the introduction of Kiosk mode and SameSite cookies. In addition, there are a host of improvements, enhancements, and fixes included in Microsoft Edge Dev v86.0.601.1. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-dev-gets-new-security-and-privacy-features/

Windows Defender deletes Citrix components mislabeled as malware

Citrix released an advisory on Thursday about troublesome Windows Defender definition updates that break Delivery Controllers and Cloud Connectors running Microsoft's antivirus. [...]

https://www.bleepingcomputer.com/news/security/windows-defender-deletes-citrix-components-mislabeled-as-malware/

Emotet malware strikes U.S. businesses with COVID-19 spam

The Emotet malware has begun to spam COVID-19 related emails to U.S. businesses after not being active for most of the USA pandemic. [...]

https://www.bleepingcomputer.com/news/security/emotet-malware-strikes-us-businesses-with-covid-19-spam/

Over 25% of all UK universities were attacked by ransomware

A third of the universities in the United Kingdom responding to a freedom of information (FOI) request admitted to being a victim of a ransomware attack. These represent more than 25% of the universities and colleges in the country. [...]

https://www.bleepingcomputer.com/news/security/over-25-percent-of-all-uk-universities-were-attacked-by-ransomware/