US govt warns of sanction risks for facilitating ransomware payments

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) today said that organizations that assist ransomware victims to make ransom payments are facing sanctions risks as their actions could violate OFAC regulations. [...]

https://www.bleepingcomputer.com/news/security/us-govt-warns-of-sanction-risks-for-facilitating-ransomware-payments/

New service checks if your email was used in Emotet attacks

A new service has been launched that allows you to check if an email domain or address was in an Emotet spam campaign. [...]

https://www.bleepingcomputer.com/news/security/new-service-checks-if-your-email-was-used-in-emotet-attacks/

NVIDIA fixes high severity flaws in Windows display driver

NVIDIA has released security updates to address high severity vulnerabilities in the Windows GPU display driver that could lead to code execution, escalation of privileges, information disclosure, and denial of service. [...]

https://www.bleepingcomputer.com/news/security/nvidia-fixes-high-severity-flaws-in-windows-display-driver/

Windows 10 KB4577063 update fixes Internet connectivity, WSL2 issues

​Microsoft released the Windows 10 2004 KB4577063 non-security preview cumulative update with fixes for Internet connectivity and Windows Subsystem for Linux 2 (WSL2) issues. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4577063-update-fixes-internet-connectivity-wsl2-issues/

Ransomware gangs add DDoS attacks to their extortion arsenal

A ransomware operation has started to utilize a new tactic to extort their victims: DDoS a victim's website until they return to the negotiation table. [...]

https://www.bleepingcomputer.com/news/security/ransomware-gangs-add-ddos-attacks-to-their-extortion-arsenal/

Microsoft explains the cause of the recent Office 365 outage

A preliminary report by Microsoft states that a bug in the deployment of an Azure AD service update caused Monday's Office 365 outage. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-explains-the-cause-of-the-recent-office-365-outage/

XDSpy cyber-espionage group operated discretely for nine years

Researchers at ESET today published details about a threat actor that has been operating for at least nine years, yet their activity attracted almost no public attention. [...]

https://www.bleepingcomputer.com/news/security/xdspy-cyber-espionage-group-operated-discretely-for-nine-years/

Researchers use ‘fingerprints’ to track Windows exploit developers

Researchers can now find the developer of a specific Windows exploit using a new "fingerprinting" technique specifically devised to keep track of exploit developers' activity. [...]

https://www.bleepingcomputer.com/news/security/researchers-use-fingerprints-to-track-windows-exploit-developers/

Emotet malware takes part in the 2020 U.S. elections

Emotet is now taking part in the United States 2020 Presidential election with a new spam campaign pretending to be from the Democratic National Convention's Team Blue initiative. [...]

https://www.bleepingcomputer.com/news/security/emotet-malware-takes-part-in-the-2020-us-elections/

Microsoft fixes WSL 2 breaking bug in new Windows 10 update

Microsoft has released a new Windows 10 2004 preview cumulative update that fixes a bug that breaks the Windows Subsystem for Linux 2 (WSL 2). [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-wsl-2-breaking-bug-in-new-windows-10-update/

Top sites infiltrated with credit card skimmers and crypto miners

An investigation conducted into the top 10,000 Alexa sites by Palo Alto Networks reveals many of these popular websites are infected with cryptocurrency miners and credit card skimming scripts. 9d677006e13fc8d17c1f59b05bbb9047 [...]

https://www.bleepingcomputer.com/news/security/top-sites-infiltrated-with-credit-card-skimmers-and-crypto-miners/

Microsoft now provides Defender updates for Windows install images

Microsoft released a new tool designed to patch Windows 10 and Windows Server installation images with the latest Microsoft Defender updates to minimize the protection gap systems face until anti-malware definitions are updated. 9d677006e13fc8d17c1f59b05bbb9047 [...]

https://www.bleepingcomputer.com/news/security/microsoft-now-provides-defender-updates-for-windows-install-images/

HP Device Manager backdoor lets attackers take over Windows systems

HP released a security advisory detailing three critical and high severity vulnerabilities in the HP Device Manager that could lead to system takeover. [...]

https://www.bleepingcomputer.com/news/security/hp-device-manager-backdoor-lets-attackers-take-over-windows-systems/

Google now discloses Android vulnerabilities for 3rd-party devices

Google today announced the launch of a new program specifically designed to deal with security vulnerabilities the company finds in devices and software serviced by Android OEMs. [...]

https://www.bleepingcomputer.com/news/security/google-now-discloses-android-vulnerabilities-for-3rd-party-devices/

Grindr fixed a bug allowing full takeover of any user account

Grindr has fixed a security flaw that could have allowed attackers to easily hijack any Grindr account if they knew the user's email address. [...]

https://www.bleepingcomputer.com/news/security/grindr-fixed-a-bug-allowing-full-takeover-of-any-user-account/

The Week in Ransomware - October 2nd 2020 - Healthcare under attack

This week started with a bang as a large hospital chain was hit by a ransomware attack that disrupted the healthcare industry. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-2nd-2020-healthcare-under-attack/

New Jersey hospital paid ransomware gang $670K to prevent data leak

University Hospital New Jersey in Newark, New Jersey, paid a $670,000 ransomware demand this month to prevent the publishing of 240 GB of stolen data, including patient info. [...]

https://www.bleepingcomputer.com/news/security/new-jersey-hospital-paid-ransomware-gang-670k-to-prevent-data-leak/

Online avatar service Gravatar allows mass collection of user info

A user enumeration method discovered by an Italian security researcher Carlo Di Dato demonstrates how can Gravatar data be easily scraped by web crawlers and bots. [...]

https://www.bleepingcomputer.com/news/security/online-avatar-service-gravatar-allows-mass-collection-of-user-info/

Microsoft fixes Windows 10 Internet connection issues in new update

Microsoft has released a new optional preview update that fixes two bugs that prevent Windows 10 2003 users from connecting to the Internet. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-internet-connection-issues-in-new-update/

Microsoft Weekly Roundup: Windows 10, Surface event and fixes

In our second Microsoft weekly news roundup, we bring you the latest news regarding Windows 10, Microsoft, and this week's Surface 2020 event. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-weekly-roundup-windows-10-surface-event-and-fixes/

New ransomware vaccine kills programs wiping Windows shadow volumes

A new ransomware vaccine program has been created that terminates processes that try to delete volume shadow copies using Microsoft's vssadmin.exe program, [...]

https://www.bleepingcomputer.com/news/security/new-ransomware-vaccine-kills-programs-wiping-windows-shadow-volumes/