Slack pays stingy $1,750 reward for a desktop hijack vulnerability

A researcher responsibly disclosed multiple vulnerabilities to Slack that allowed an attacker to hijack a user's computer, and they were only rewarded a measly $1,750. [...]

https://www.bleepingcomputer.com/news/security/slack-pays-stingy-1-750-reward-for-a-desktop-hijack-vulnerability/

CenturyLink routing issue led to outages on Hulu, Steam, Discord, more

A CenturyLink BGP routing mistake has led to a ripple effect across the Internet that led to outages for numerous Internet-connected services such as Cloudflare, Amazon, Garmin, Steam, Discord, Blizzard, and many more. [...]

https://www.bleepingcomputer.com/news/technology/centurylink-routing-issue-led-to-outages-on-hulu-steam-discord-more/

You have two days left to purchase 2-year TLS/SSL certificates

If you are looking to purchase a 2-year TLS or SSL certificate, you have only two days left before all new certificates will have a maximum 397 day validity period. [...]

https://www.bleepingcomputer.com/news/technology/you-have-two-days-left-to-purchase-2-year-tls-ssl-certificates/

Cisco warns of actively exploited bug in carrier-grade routers

Cisco warned over the weekend that threat actors are trying to exploit a high severity memory exhaustion denial-of-service (DoS) vulnerability in the company's Cisco IOS XR software that runs on carrier-grade routers. [...]

https://www.bleepingcomputer.com/news/security/cisco-warns-of-actively-exploited-bug-in-carrier-grade-routers/

RobinHood, Vanguard, TD Ameritrade affected by stock trading outages

Customers are reporting performance issues trying to trade on Vanguard, Schwab, TD Ameritrade, Robinhood, and Merril Lynch this morning. [...]

https://www.bleepingcomputer.com/news/technology/robinhood-vanguard-td-ameritrade-affected-by-stock-trading-outages/

Attackers are exploiting a QNAP NAS remote code execution flaw

Hackers are scanning for vulnerable network-attached storage (NAS) devices running multiple QNAP firmware versions, trying to exploit a remote code execution (RCE) vulnerability addressed by QNAP in a previous release. [...]

https://www.bleepingcomputer.com/news/security/attackers-are-exploiting-a-qnap-nas-remote-code-execution-flaw/

Malware authors trick Apple into trusting malicious Shlayer apps

The authors of the Mac malware known as Shlayer have successfully managed to get their malicious payloads through Apple's automated notarizing process. [...]

https://www.bleepingcomputer.com/news/security/malware-authors-trick-apple-into-trusting-malicious-shlayer-apps/

Lenovo warns of Windows 10 2004 crashing ThinkPad laptops

Lenovo has issued an advisory warning that Windows 10 2004, the May 2020 Update, can cause BSODs in various ThinkPad laptop models. [...]

https://www.bleepingcomputer.com/news/microsoft/lenovo-warns-of-windows-10-2004-crashing-thinkpad-laptops/

American Payroll Association discloses credit card theft incident

The American Payroll Association (APA) disclosed a data breach affecting members and customers after attackers successfully planted a web skimmer on the organization's website login and online store checkout pages. [...]

https://www.bleepingcomputer.com/news/security/american-payroll-association-discloses-credit-card-theft-incident/

Windows 10 2004 now blocked on devices with LTE cellular modems

Microsoft has acknowledged another known issue affecting Windows 10 devices with WWAN LTE cellular modems and is now blocking Windows 10, version 2004 from being installed on them until a solution will be available. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-2004-now-blocked-on-devices-with-lte-cellular-modems/

Over 400 GOV.UK domains found on spam blacklists

Hundreds of domains managed by the U.K. government are on DNS-based blacklists creating email communication problems. [...]

https://www.bleepingcomputer.com/news/security/over-400-govuk-domains-found-on-spam-blacklists/

Windows Subsystem for Linux is getting these useful new features

In the next feature update, Windows 10 Subsystem for Linux will be getting command line love, GPU support, and deeper integration with File Explorer. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-subsystem-for-linux-is-getting-these-useful-new-features/

Cisco warns of actively exploited bugs in carrier-grade routers

Cisco warned over the weekend that threat actors are trying to exploit two high severity memory exhaustion denial-of-service (DoS) vulnerabilities in the company's Cisco IOS XR software that runs on carrier-grade routers. [...]

https://www.bleepingcomputer.com/news/security/cisco-warns-of-actively-exploited-bugs-in-carrier-grade-routers/

Credit card data smuggled via private Telegram channel

Security researchers noticed that some cybercriminals attacking online stores are using private Telegram channels to steal credit card information from customers making a purchase on victim sites. [...]

https://www.bleepingcomputer.com/news/security/credit-card-data-smuggled-via-private-telegram-channel/

Microsoft confirms why Windows Defender can’t be disabled via registry

Microsoft has confirmed that they no longer allow Microsoft Defender to be disabled via the Windows 10 Registry to support the Tamper Protection security feature. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-why-windows-defender-can-t-be-disabled-via-registry/

Firefox 80.0.1 rolls out to fix crashes and download issues

Mozilla today released Firefox 80.0.1, an out of band update designed to fix crashes caused by GPU resets and issues affecting downloads triggered by browser extensions. [...]

https://www.bleepingcomputer.com/news/software/firefox-8001-rolls-out-to-fix-crashes-and-download-issues/

Iranian hackers are selling access to corporate networks

An Iranian-backed hacker group has been observed while seeking to sell access to compromised corporate networks to other threat actors on underground forums and attempting to exploit F5 BIG-IP devices vulnerable to CVE-2020-5902 exploits. [...]

https://www.bleepingcomputer.com/news/security/iranian-hackers-are-selling-access-to-corporate-networks/

Google now pays for bugs used to bypass its anti-fraud systems

Google today announced that the company's Vulnerability Reward Program has expanded to also include bug reports on methods threat actors can use to bypass the company's abuse, fraud, and spam systems. [...]

https://www.bleepingcomputer.com/news/security/google-now-pays-for-bugs-used-to-bypass-its-anti-fraud-systems/

Hackers breached Norwegian Parliament emails to steal data

Attackers have compromised a limited number of email accounts of Norwegian Parliament (Storting) representatives and employees according to Storting's managing director Marianne Andreassen. [...]

https://www.bleepingcomputer.com/news/security/hackers-breached-norwegian-parliament-emails-to-steal-data/

Windows 10 DirectStorage API will greatly reduce gaming load times

Microsoft is bringing its DirectStorage API to Windows 10 to increase PC gaming performance by greatly reducing load times. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-directstorage-api-will-greatly-reduce-gaming-load-times/

Valorant update causes VCRUNTIME140.dll is missing error, how to fix

After installing today's Valorant update, Windows users are reporting that they are unable to launch the game and are shown a  'VCRUNTIME140.dll is missing' error. [...]

https://www.bleepingcomputer.com/news/microsoft/valorant-update-causes-vcruntime140dll-is-missing-error-how-to-fix/