Hackers actively exploiting severe bug in over 300K WordPress sites

Hackers are actively exploiting a critical remote code execution vulnerability allowing unauthenticated attackers to upload scripts and execute arbitrary code on WordPress sites running vulnerable File Manager plugin versions. [...]

https://www.bleepingcomputer.com/news/security/hackers-actively-exploiting-severe-bug-in-over-300k-wordpress-sites/

New Intel microcode updates for Windows 10 fix CPU hardware bugs

Microsoft has released a new batch of Intel microcode updates for Windows 10 2004, 1909, 1903, and older versions to fix hardware bugs in Intel CPUs. [...]

https://www.bleepingcomputer.com/news/microsoft/new-intel-microcode-updates-for-windows-10-fix-cpu-hardware-bugs/

Microsoft Office update changes Outlook fallback encryption

Microsoft released the September 2020 non-security Microsoft Office updates with performance improvements and fixes for several issues affecting Windows Installer (MSI) editions of Office 2016 and Office 2013 products. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-office-update-changes-outlook-fallback-encryption/

AlphaBay dark web marketplace moderator gets 11 years in prison

Bryan Connor Herrell, a 25-year-old from Colorado, was sentenced to 11 years of prison time for acting as a moderator on the dark web marketplace AlphaBay. [...]

https://www.bleepingcomputer.com/news/security/alphabay-dark-web-marketplace-moderator-gets-11-years-in-prison/

Epic Fail: Emotet malware uses fake ‘Windows 10 Mobile’ attachments

The Emotet malware is now using malicious email attachment that pretends to be made by Windows 10 Mobile, an operating system that reached the end of life in January 2020. [...]

https://www.bleepingcomputer.com/news/security/epic-fail-emotet-malware-uses-fake-windows-10-mobile-attachments/

Cisco fixes critical code execution bug in Jabber for Windows

Cisco today addressed a critical severity remote code execution vulnerability affecting multiple versions of its Cisco Jabber for Windows software. [...]

https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-code-execution-bug-in-jabber-for-windows/

Windows 10 preview build 20206 includes new Emoji Picker, Voice Typing

Microsoft has released the Windows 10 preview build 20206 to Insiders on the Dev ring. With this release, Microsoft introduces a new Voice Typing dictation feature, an updated Emoji Picker, and an improved touch keyboard. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-preview-build-20206-includes-new-emoji-picker-voice-typing/

Microsoft Defender can ironically be used to download malware

A recent update to Windows 10's Microsoft Defender antivirus solution ironically allows it to download malware and other files to a Windows computer. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-can-ironically-be-used-to-download-malware/

Google rolls out Secure DNS support to Chrome for Android

Google is rolling out DNS-over-HTTPS (DoH) support to Chrome for Android, starting with devices where the web browser has been updated to version 85 [...]

https://www.bleepingcomputer.com/news/security/google-rolls-out-secure-dns-support-to-chrome-for-android/

India's CNN-News18 allegedly hacked to refute PayTM hacking claims

A hacking group claims to have breached India's CNN-News18 news site to use it to refute claims that they hacked PayTM Mall earlier this week, BleepingComputer has learned.In their quest to refute claims that they had hacked PayTM. [...]

https://www.bleepingcomputer.com/news/security/indias-cnn-news18-allegedly-hacked-to-refute-paytm-hacking-claims/

Microsoft brings iOS' spacebar cursor control to Windows 10

Microsoft is bringing a popular Apple iOS feature to Windows 10 that allows you to control your cursor by pressing and holding the spacebar while moving your finger. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-brings-ios-spacebar-cursor-control-to-windows-10/

FBI: Thousands of orgs targeted by RDoS extortion campaign

The FBI warns US companies that thousands of organizations around the world, from various industry sectors, have been threatened with DDoS attacks within six days unless they pay a Bitcoin ransom. [...]

https://www.bleepingcomputer.com/news/security/fbi-thousands-of-orgs-targeted-by-rdos-extortion-campaign/

Warner Music Group finds hackers compromised its online stores

Warner Music Group (WMG), the third-largest global music recording company, has disclosed a data breach affecting customers' personal and financial information after several of its US-based e-commerce stores were hacked in April 2020 in what looks like a Magecart attack. [...]

https://www.bleepingcomputer.com/news/security/warner-music-group-finds-hackers-compromised-its-online-stores/

Microsoft releases KB4571744 to fix Windows 10 update issue

Microsoft released the KB4571744 non-security preview cumulative update for Windows 10, version 2004  to address an issue leading to the Windows Update service becoming unresponsive when customers are checking for updates.  [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-kb4571744-to-fix-windows-10-update-issue/

U.S. Department of Defense discloses critical and high severity bugs

The U.S. Department of Defense has disclosed today details about four security vulnerabilities on its infrastructure. Two of them have a severity high severity rating while the other two received a critical score. [...]

https://www.bleepingcomputer.com/news/security/us-department-of-defense-discloses-critical-and-high-severity-bugs/

Phishing adds overlay on official company page to steal logins

A phishing campaign deployed recently at various businesses uses the company's home page to disguise the attack and trick potential victims into providing login credentials. [...]

https://www.bleepingcomputer.com/news/security/phishing-adds-overlay-on-official-company-page-to-steal-logins/

Thanos Ransomware adds Windows MBR locker that fails every time

A new Thanos ransomware strain is trying and failing to deliver the ransom note onto compromised systems by overwriting the computers' Windows master boot record (MBR). [...]

https://www.bleepingcomputer.com/news/security/thanos-ransomware-adds-windows-mbr-locker-that-fails-every-time/

Microsoft to finally kill Adobe Flash support by January 2021

Microsoft today said that it will finally end support for Adobe Flash Player in its web browsers by January 2021, confirming a coordinated announcement made together with Apple, Adobe, Facebook, Google, and Mozilla in July 2017. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-to-finally-kill-adobe-flash-support-by-january-2021/

SunCrypt Ransomware shuts down North Carolina school district

A school district in North Carolina has suffered a data breach after having unencrypted files stolen during an attack by the SunCrypt Ransomware operators, BleepingComputer has discovered. [...]

https://www.bleepingcomputer.com/news/security/suncrypt-ransomware-shuts-down-north-carolina-school-district/

FBI issues second alert about ProLock ransomware stealing data

The FBI issued a second warning this week to alert US companies of ProLock ransomware operators stealing data from compromised networks before encrypting their victims' systems. [...]

https://www.bleepingcomputer.com/news/security/fbi-issues-second-alert-about-prolock-ransomware-stealing-data/

The Week in Ransomware - September 4th 2020 - Stay Alert!

In this action-packed two-week edition of the 'Week in Ransomware', we see many new variants, with some being actively distributed. We have also seen some recent reports regarding existing ransomware, such as Conti and Dharma. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-4th-2020-stay-alert/