WordPress WooCommerce stores under attack, patch now

Hackers are actively targeting and trying to exploit SQL injection, authorization issues, and unauthenticated stored cross-site scripting (XSS) security vulnerabilities in the Discount Rules for WooCommerce WordPress plugin with more than 30,000 installations. [...]

https://www.bleepingcomputer.com/news/security/wordpress-woocommerce-stores-under-attack-patch-now/

US govt warns remote workers of ongoing vishing campaign

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory warning teleworkers of an ongoing vishing campaign targeting entities from multiple US industry sectors. [...]

https://www.bleepingcomputer.com/news/security/us-govt-warns-remote-workers-of-ongoing-vishing-campaign/

Freepik data breach: Hackers stole 8.3M records via SQL injection

Freepik says that hackers were able to steal emails and password hashes for 8.3M Freepik and Flaticon users in an SQL injection attack against the company's Flaticon website. [...]

https://www.bleepingcomputer.com/news/security/freepik-data-breach-hackers-stole-83m-records-via-sql-injection/

The Week in Ransomware - August 21st 2020 - Ransomware Ahoy!

While it wasn't a big week for new ransomware variants, we did learn about some ransomware attacks against very large organizations. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-21st-2020-ransomware-ahoy/

How to run Windows 10 programs in a WSL Linux shell

The Windows Subsystem for Linux is bridging the divide between Windows and Linux by letting you run Windows 10 programs directly within a Linux shell. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-run-windows-10-programs-in-a-wsl-linux-shell/

Install Windows 10 updates manually with this open-source tool

Update Manager for Windows, also known as WuMgr, is a free open-source tool for Windows 10 that allows you to manage Windows Updates without using the first-party tools such as Settings and Control Panel [...]

https://www.bleepingcomputer.com/news/microsoft/install-windows-10-updates-manually-with-this-open-source-tool/

Iranian hackers attack exposed RDP to deploy Dharma ransomware

Low-skilled hackers likely from Iran have joined the ransomware business targeting companies in Russia, India, China, and Japan. They are going after easy hits, using publicly available tools in their activity. [...]

https://www.bleepingcomputer.com/news/security/iranian-hackers-attack-exposed-rdp-to-deploy-dharma-ransomware/

Dark web market Empire down for days from DDoS attack

The popular dark web site Empire Market has been down for at least 48 hours, with some users suspecting an exit scam and others blaming a prolonged distributed denial-of-service (DDoS) attack. [...]

https://www.bleepingcomputer.com/news/cryptocurrency/dark-web-market-empire-down-for-days-from-ddos-attack/

Zoom is down and schools get a digital snow day

Zoom users around the world are currently unable to join meetings and video webinars using the Zoom web client and the desktop app just as students going back to school today have had to rely on Zoom's teleconferencing platform for online lessons. [...]

https://www.bleepingcomputer.com/news/technology/zoom-is-down-and-schools-get-a-digital-snow-day/

What's new in Windows 10 21H1, arriving next year

In this article, we've highlighted the new features that Microsoft is currently testing for Windows 10 21H1 and greater. [...]

https://www.bleepingcomputer.com/news/microsoft/whats-new-in-windows-10-21h1-arriving-next-year/

Google Chrome 85 fixes WebGL code execution vulnerability

Google addressed a use-after-free bug in the WebGL (Web Graphics Library) component of the Google Chrome web browser that could lead to arbitrary code execution in the context of the browser's process following successful exploitation. [...]

https://www.bleepingcomputer.com/news/security/google-chrome-85-fixes-webgl-code-execution-vulnerability/

Microsoft 365 Admin Portal is down, Office 365 services also affected

Microsoft is working on resolving an issue caused by a recent update preventing users from accessing the Microsoft 365 Admin Portal. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-365-admin-portal-is-down-office-365-services-also-affected/

Office 365 now opens attachments in a sandbox to prevent infections

Microsoft today announced the launch of Application Guard for Office in public preview to protect enterprise users from threats using malicious attachments as an attack vector. [...]

https://www.bleepingcomputer.com/news/security/office-365-now-opens-attachments-in-a-sandbox-to-prevent-infections/

Office 365 adds transcription, voice commands in Word for the web

Microsoft today started rolling out new transcription capabilities and support for voice commands to Word for the web for all Microsoft 365 subscribers. [...]

https://www.bleepingcomputer.com/news/microsoft/office-365-adds-transcription-voice-commands-in-word-for-the-web/

DarkSide Ransomware hits North American real estate developer

North American land developer and home builder Brookfield Residential is one of the first victims of the new DarkSide Ransomware. [...]

https://www.bleepingcomputer.com/news/security/darkside-ransomware-hits-north-american-real-estate-developer/

Firefox 80 released with new and faster extensions blocklist

Mozilla has released Firefox 80 today, August 25th, 2020, to the Stable desktop channel for Windows, macOS, and Linux with new features, bug fixes, changes, enterprise improvements, and several security fixes. [...]

https://www.bleepingcomputer.com/news/software/firefox-80-released-with-new-and-faster-extensions-blocklist/

Ryuk successor Conti Ransomware releases data leak site

Conti ransomware, the successor of the notorious Ryuk, has released a data leak site as part of their extortion strategy to force victims into paying a ransom. [...]

https://www.bleepingcomputer.com/news/security/ryuk-successor-conti-ransomware-releases-data-leak-site/

Google Chrome is now faster, delivers 10% quicker page loads

With the release of Google Chrome 85 the web browser is now delivering up to 10% faster page loads on Windows and Mac devices due to the use of a new compiler optimization technique known as Profile Guided Optimization (PGO). [...]

https://www.bleepingcomputer.com/news/google/google-chrome-is-now-faster-delivers-10-percent-quicker-page-loads/

Chrome 85 released with security fixes, app shortcuts, AVIF support

Google has released Chrome 85 today, August 25th, 2020, to the Stable desktop channel, and it includes numerous security enhancements, features, and APIs for developers. [...]

https://www.bleepingcomputer.com/news/google/chrome-85-released-with-security-fixes-app-shortcuts-avif-support/

Lazarus hackers target cryptocurrency orgs with fake job offers

North Korean hackers tracked as the Lazarus Group have been observed while using LinkedIn lures in an ongoing spear-phishing campaign targeting the cryptocurrency vertical in the United States, the United Kingdom, Germany, Singapore, the Netherlands, Japan, and other countries. [...]

https://www.bleepingcomputer.com/news/security/lazarus-hackers-target-cryptocurrency-orgs-with-fake-job-offers/

Hackers for hire attack architecture firm via 3ds Max exploit

An advanced hackers-for-hire group has compromised computers of an architecture firm involved in luxury real-estate projects worth billions of US dollars. [...]

https://www.bleepingcomputer.com/news/security/hackers-for-hire-attack-architecture-firm-via-3ds-max-exploit/