Gun exchange site confirms data breach after database posted online

A hacker has released the databases of Utah-based gun exchange, hunting, and kratom sites for free on a cybercrime forum. [...]

https://www.bleepingcomputer.com/news/security/gun-exchange-site-confirms-data-breach-after-database-posted-online/

Memory leak in IBM DB2 gives access to sensitive data, causes DoS

A memory leak vulnerability in IBM Db2 relational database could allow an attacker to gain access to sensitive data or cause a denial-of-service (DoS) condition in the database. [...]

https://www.bleepingcomputer.com/news/security/memory-leak-in-ibm-db2-gives-access-to-sensitive-data-causes-dos/

MITRE shares this year's top 25 most dangerous software bugs

MITRE today shared a list of the top 25 most common and dangerous weaknesses plaguing software during the last two previous years.  [...]

https://www.bleepingcomputer.com/news/security/mitre-shares-this-years-top-25-most-dangerous-software-bugs/

Google fixes Gmail bug allowing attackers to send spoofed emails

Google fixed a critical bug affecting Gmail and G Suite that would have allowed attackers to send spoofed malicious emails as any other Google user or enterprise customer. [...]

https://www.bleepingcomputer.com/news/security/google-fixes-gmail-bug-allowing-attackers-to-send-spoofed-emails/

Windows 10 Updates Health Report - KB4566782 & KB4565351

This Windows 10 Health Report provides an overview of the problems people encounter with the recently released Windows 10 2004 KB4566782 and Windows 10 1909 KB4565351 cumulative updates. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-updates-health-report-kb4566782-and-kb4565351/

Microsoft enables TLS 1.3 by default in latest Windows 10 builds

Microsoft says that TLS 1.3 will be enabled by default in all Windows 10 Insider Preview builds beginning with Build 20170 as the start of a wider rollout to all Windows 10 systems. [...]

https://www.bleepingcomputer.com/news/security/microsoft-enables-tls-13-by-default-in-latest-windows-10-builds/

Windows 10 KB4566116 update fixes crashing settings, unlock bug

Microsoft released the August 2020 Windows 10 KB4566116 non-security preview cumulative update with fixes for an issue leading to the Settings page to crash, preventing users from properly configuring applications and Windows features. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4566116-update-fixes-crashing-settings-unlock-bug/

WSL2 now rolling out to devices running Windows 10 1903 and 1909

If you are still running Windows 10 version 1903 or 1909, then you have a nice little present coming as Microsoft just backported Windows Subsystem for Linux 2 to these older versions. [...]

https://www.bleepingcomputer.com/news/microsoft/wsl2-now-rolling-out-to-devices-running-windows-10-1903-and-1909/

University of Utah pays $450K ransom to stop leak of stolen data

The University of Utah has paid a $457,000 ransomware to prevent threat actors from releasing files stolen during a ransomware attack. [...]

https://www.bleepingcomputer.com/news/security/university-of-utah-pays-450k-ransom-to-stop-leak-of-stolen-data/

Malware can no longer disable Microsoft Defender via the Registry

Microsoft has removed the ability to disable Microsoft Defender and third-party security software via the Registry to prevent malware from tampering with protection settings. [...]

https://www.bleepingcomputer.com/news/microsoft/malware-can-no-longer-disable-microsoft-defender-via-the-registry/

Windows 10 2009 is almost here, released to enterprise for testing

The Windows 10 2009 feature update, also known as Windows 10 20H2, is almost ready, and Microsoft has released the latest version to the enterprise for testing via the Windows Server Update Service (WSUS). [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-2009-is-almost-here-released-to-enterprise-for-testing/

Community-provided Amazon Machine Images come with malware risk

Security researchers are sounding the alarm about Amazon Machine Images (AMIs) tainted with malicious code that could compromise an organization's cloud environment. [...]

https://www.bleepingcomputer.com/news/security/community-provided-amazon-machine-images-come-with-malware-risk/

US financial regulator warns of phishing sites impersonating brokers

The U.S. Financial Industry Regulatory Authority (FINRA) has issued a new regulatory notice warning members of threat actors using registered brokers' info to create phishing websites. [...]

https://www.bleepingcomputer.com/news/security/us-financial-regulator-warns-of-phishing-sites-impersonating-brokers/

DarkSide: New targeted ransomware demands million dollar ransoms

A new ransomware operation named DarkSide began attacking organizations earlier this month with customized attacks that have already earned them million-dollar payouts. [...]

https://www.bleepingcomputer.com/news/security/darkside-new-targeted-ransomware-demands-million-dollar-ransoms/

Windows 10 Settings gets a modern Disk Management tool

Microsoft continues to migrate legacy Windows tools into modern versions found in the Windows 10 settings with the introduction of a new Disk Managerment tool. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-settings-gets-a-modern-disk-management-tool/

WordPress WooCommerce stores under attack, patch now

Hackers are actively targeting and trying to exploit SQL injection, authorization issues, and unauthenticated stored cross-site scripting (XSS) security vulnerabilities in the Discount Rules for WooCommerce WordPress plugin with more than 30,000 installations. [...]

https://www.bleepingcomputer.com/news/security/wordpress-woocommerce-stores-under-attack-patch-now/

US govt warns remote workers of ongoing vishing campaign

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory warning teleworkers of an ongoing vishing campaign targeting entities from multiple US industry sectors. [...]

https://www.bleepingcomputer.com/news/security/us-govt-warns-remote-workers-of-ongoing-vishing-campaign/

Freepik data breach: Hackers stole 8.3M records via SQL injection

Freepik says that hackers were able to steal emails and password hashes for 8.3M Freepik and Flaticon users in an SQL injection attack against the company's Flaticon website. [...]

https://www.bleepingcomputer.com/news/security/freepik-data-breach-hackers-stole-83m-records-via-sql-injection/

The Week in Ransomware - August 21st 2020 - Ransomware Ahoy!

While it wasn't a big week for new ransomware variants, we did learn about some ransomware attacks against very large organizations. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-21st-2020-ransomware-ahoy/

How to run Windows 10 programs in a WSL Linux shell

The Windows Subsystem for Linux is bridging the divide between Windows and Linux by letting you run Windows 10 programs directly within a Linux shell. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-run-windows-10-programs-in-a-wsl-linux-shell/

Install Windows 10 updates manually with this open-source tool

Update Manager for Windows, also known as WuMgr, is a free open-source tool for Windows 10 that allows you to manage Windows Updates without using the first-party tools such as Settings and Control Panel [...]

https://www.bleepingcomputer.com/news/microsoft/install-windows-10-updates-manually-with-this-open-source-tool/