New ransomware actor OldGremlin uses custom malware to hit top orgs

A new ransomware group has been targeting large corporate networks using self-made backdoors and file-encrypting malware for the initial and final stages of the attack. [...]

https://www.bleepingcomputer.com/news/security/new-ransomware-actor-oldgremlin-uses-custom-malware-to-hit-top-orgs/

Windows 10 Package Manager can now install Microsoft Store apps

Microsoft released a new version of the Windows 10 WinGet Package Manager that adds experimental features, including the ability to install applications from the Microsoft Store and a command auto-completion feature. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-package-manager-can-now-install-microsoft-store-apps/

Shopify data breach illustrates the danger of insider threats

A recent data breach at Shopify that affected almost 200 merchange has been attributed to insiders. [...]

https://www.bleepingcomputer.com/news/security/shopify-data-breach-illustrates-the-danger-of-insider-threats/

Hackers sell access to your network via remote management apps

Remote monitoring and management (RMM) software is starting to get attention from hackers as this type of tools provides access to multiple machines across the network. [...]

https://www.bleepingcomputer.com/news/security/hackers-sell-access-to-your-network-via-remote-management-apps/

Tor Browser 10 released to sync with latest Firefox ESR version

The Tor Project has released Tor Browser 10.0 to align with the latest Firefox ESR version, Mozilla's enterprise version of the browser. [...]

https://www.bleepingcomputer.com/news/software/tor-browser-10-released-to-sync-with-latest-firefox-esr-version/

U.S. fitness chains suffer data breach affecting 600K customers

New York fitness chain Town Sports has suffered a data breach after a database containing the personal information of over 600,000 people was exposed on the Internet. [...]

https://www.bleepingcomputer.com/news/security/us-fitness-chains-suffer-data-breach-affecting-600k-customers/

AgeLocker ransomware targets QNAP NAS devices, steals data

QNAP NAS devices are being targeted in attacks by the AgeLocker ransomware, which encrypts the device's data, and in some cases, steal files from the victim. [...]

https://www.bleepingcomputer.com/news/security/agelocker-ransomware-targets-qnap-nas-devices-steals-data/

Government software provider Tyler Technologies hit by ransomware

Leading government technology services provider Tyler Technologies has suffered a ransomware attack that has disrupted its operations. [...]

https://www.bleepingcomputer.com/news/security/government-software-provider-tyler-technologies-hit-by-ransomware/

Microsoft: Hackers using Zerologon exploits in attacks, patch now!

Microsoft has warned that attackers are actively using the Windows Server Zerologon exploits in attacks and advises all Windows administrators to install the necessary security updates. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-hackers-using-zerologon-exploits-in-attacks-patch-now/

Instagram bug allowed crashing the app via image sent to device

Technical details about a high-severity vulnerability in Facebook's Instagram app for Android and iOS show how an attacker could exploit it to deny user access to the app, take full control of their account, or use their mobile device to spy on them. [...]

https://www.bleepingcomputer.com/news/security/instagram-bug-allowed-crashing-the-app-via-image-sent-to-device/

Scammers drain bank accounts using AnyDesk and SIM-swapping

Scammers with solid social engineering skills emptied the bank accounts of at least three victims by mixing into the con SIM-swapping and remote desktop software. [...]

https://www.bleepingcomputer.com/news/security/scammers-drain-bank-accounts-using-anydesk-and-sim-swapping/

Phishing attacks are targeting your social network accounts

Scammers are targeting your social network accounts with phishing emails that pretend to be copyright violations or promises of a shiny 'blue checkmark' next to your name. [...]

https://www.bleepingcomputer.com/news/security/phishing-attacks-are-targeting-your-social-network-accounts/

Microsoft Edge's new feature will reduce memory and CPU usage

Microsoft's sleeping tabs could improve memory usage by up to 26% and reduce CPU usage by up to 29%, which should also result in battery savings. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edges-new-feature-will-reduce-memory-and-cpu-usage/

Microsoft confirms Group Policy Editor bug in Windows Server 2016

Microsoft has confirmed that a bug in Windows 10 version 1607 and Windows Server 2016 is causing the Group Policy Editor to display errors. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-group-policy-editor-bug-in-windows-server-2016/

Mount Locker ransomware joins the multi-million dollar ransom game

​A new ransomware operation named Mount Locker is underway stealing victims' files before encrypting and then demanding multi-million dollar ransoms. [...]

https://www.bleepingcomputer.com/news/security/mount-locker-ransomware-joins-the-multi-million-dollar-ransom-game/

The Windows XP source code was allegedly leaked online

The source code for Windows XP SP1 and other versions of the operating system was allegedly leaked online today. [...]

https://www.bleepingcomputer.com/news/microsoft/the-windows-xp-source-code-was-allegedly-leaked-online/

Microsoft disrupts nation-state hacker op using Azure Cloud service

In a report today, Microsoft said that it disrupted operations of a nation-state threat group that was using its Azure cloud infrastructure for cyber attacks. [...]

https://www.bleepingcomputer.com/news/security/microsoft-disrupts-nation-state-hacker-op-using-azure-cloud-service/

Twitter is warning devs that API keys and tokens may have leaked

Twitter is emailing developers stating that their API keys, access tokens, and access token secrets may have been exposed in a browser's cache. [...]

https://www.bleepingcomputer.com/news/security/twitter-is-warning-devs-that-api-keys-and-tokens-may-have-leaked/

Apple fixes iPhone Wi-Fi and default apps issues in iOS 14.0.1

Apple has released iOS 14.0.1 to fix iPhone issues plaguing users since the release of iOS 14. [...]

https://www.bleepingcomputer.com/news/apple/apple-fixes-iphone-wi-fi-and-default-apps-issues-in-ios-1401/

Louis Vuitton fixes data leak and account takeover vulnerability

French fashion and luxury merchandise company Louis Vuitton has quietly patched a security vulnerability on its website that allowed for user account enumeration and even allowed account takeover via password resets. [...]

https://www.bleepingcomputer.com/news/security/louis-vuitton-fixes-data-leak-and-account-takeover-vulnerability/

The Week in Ransomware - September 25th 2020 - A Modern-Day Gold Rush

This week showed continued attacks against large organizations as new ransomware operations rush to join a modern-day ransomware gold rush. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-25th-2020-a-modern-day-gold-rush/