XDSpy cyber-espionage group operated discretely for nine years

Researchers at ESET today published details about a threat actor that has been operating for at least nine years, yet their activity attracted almost no public attention. [...]

https://www.bleepingcomputer.com/news/security/xdspy-cyber-espionage-group-operated-discretely-for-nine-years/

Researchers use ‘fingerprints’ to track Windows exploit developers

Researchers can now find the developer of a specific Windows exploit using a new "fingerprinting" technique specifically devised to keep track of exploit developers' activity. [...]

https://www.bleepingcomputer.com/news/security/researchers-use-fingerprints-to-track-windows-exploit-developers/

Emotet malware takes part in the 2020 U.S. elections

Emotet is now taking part in the United States 2020 Presidential election with a new spam campaign pretending to be from the Democratic National Convention's Team Blue initiative. [...]

https://www.bleepingcomputer.com/news/security/emotet-malware-takes-part-in-the-2020-us-elections/

Microsoft fixes WSL 2 breaking bug in new Windows 10 update

Microsoft has released a new Windows 10 2004 preview cumulative update that fixes a bug that breaks the Windows Subsystem for Linux 2 (WSL 2). [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-wsl-2-breaking-bug-in-new-windows-10-update/

Top sites infiltrated with credit card skimmers and crypto miners

An investigation conducted into the top 10,000 Alexa sites by Palo Alto Networks reveals many of these popular websites are infected with cryptocurrency miners and credit card skimming scripts. 9d677006e13fc8d17c1f59b05bbb9047 [...]

https://www.bleepingcomputer.com/news/security/top-sites-infiltrated-with-credit-card-skimmers-and-crypto-miners/

Microsoft now provides Defender updates for Windows install images

Microsoft released a new tool designed to patch Windows 10 and Windows Server installation images with the latest Microsoft Defender updates to minimize the protection gap systems face until anti-malware definitions are updated. 9d677006e13fc8d17c1f59b05bbb9047 [...]

https://www.bleepingcomputer.com/news/security/microsoft-now-provides-defender-updates-for-windows-install-images/

HP Device Manager backdoor lets attackers take over Windows systems

HP released a security advisory detailing three critical and high severity vulnerabilities in the HP Device Manager that could lead to system takeover. [...]

https://www.bleepingcomputer.com/news/security/hp-device-manager-backdoor-lets-attackers-take-over-windows-systems/

Google now discloses Android vulnerabilities for 3rd-party devices

Google today announced the launch of a new program specifically designed to deal with security vulnerabilities the company finds in devices and software serviced by Android OEMs. [...]

https://www.bleepingcomputer.com/news/security/google-now-discloses-android-vulnerabilities-for-3rd-party-devices/

Grindr fixed a bug allowing full takeover of any user account

Grindr has fixed a security flaw that could have allowed attackers to easily hijack any Grindr account if they knew the user's email address. [...]

https://www.bleepingcomputer.com/news/security/grindr-fixed-a-bug-allowing-full-takeover-of-any-user-account/

The Week in Ransomware - October 2nd 2020 - Healthcare under attack

This week started with a bang as a large hospital chain was hit by a ransomware attack that disrupted the healthcare industry. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-2nd-2020-healthcare-under-attack/

New Jersey hospital paid ransomware gang $670K to prevent data leak

University Hospital New Jersey in Newark, New Jersey, paid a $670,000 ransomware demand this month to prevent the publishing of 240 GB of stolen data, including patient info. [...]

https://www.bleepingcomputer.com/news/security/new-jersey-hospital-paid-ransomware-gang-670k-to-prevent-data-leak/

Online avatar service Gravatar allows mass collection of user info

A user enumeration method discovered by an Italian security researcher Carlo Di Dato demonstrates how can Gravatar data be easily scraped by web crawlers and bots. [...]

https://www.bleepingcomputer.com/news/security/online-avatar-service-gravatar-allows-mass-collection-of-user-info/

Microsoft fixes Windows 10 Internet connection issues in new update

Microsoft has released a new optional preview update that fixes two bugs that prevent Windows 10 2003 users from connecting to the Internet. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-internet-connection-issues-in-new-update/

Microsoft Weekly Roundup: Windows 10, Surface event and fixes

In our second Microsoft weekly news roundup, we bring you the latest news regarding Windows 10, Microsoft, and this week's Surface 2020 event. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-weekly-roundup-windows-10-surface-event-and-fixes/

New ransomware vaccine kills programs wiping Windows shadow volumes

A new ransomware vaccine program has been created that terminates processes that try to delete volume shadow copies using Microsoft's vssadmin.exe program, [...]

https://www.bleepingcomputer.com/news/security/new-ransomware-vaccine-kills-programs-wiping-windows-shadow-volumes/

Windows 10 ignores method to disable Bing in Start Menu, fix found

Microsoft quietly began ignoring a setting commonly used to disable Bing search results in the Windows 10 Start Menu and didn't tell anyone. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-ignores-method-to-disable-bing-in-start-menu-fix-found/

Crypto-mining worm adds Linux password stealing capability

The TeamTNT cybercrime group has recently updated its crypto-mining worm with password-stealing capabilities and with an additional network scanner to make it easier to spread to other vulnerable devices. [...]

https://www.bleepingcomputer.com/news/security/crypto-mining-worm-adds-linux-password-stealing-capability/

Slack worldwide outage causes lag, message errors, blank screens

Slack is experiencing a worldwide outage causing problems sending messages, editing messages, lag in chats, and channels displaying a blank screen. [...]

https://www.bleepingcomputer.com/news/technology/slack-worldwide-outage-causes-lag-message-errors-blank-screens/

MosaicRegressor: Second-ever UEFI rootkit found in the wild

The second-ever Unified Extensible Firmware Interface (UEFI) bootkit used in the wild was found by security researchers while analyzing malware samples in investigations surrounding attacks on two non-governmental organizations (NGOs) that took place in 2019. [...]

https://www.bleepingcomputer.com/news/security/mosaicregressor-second-ever-uefi-rootkit-found-in-the-wild/

Google releases fix for ChromeOS bug causing 100% CPU utilization

Google has released a temporary fix for a ChromeOS bug that causes 100% CPU utilization in Chromebooks. [...]

https://www.bleepingcomputer.com/news/google/google-releases-fix-for-chromeos-bug-causing-100-percent-cpu-utilization/

Windows 10: Bulk install essential apps with this free tool

Winget currently works from the command line only, but if you're not familiar with Command Prompt or PowerShell, third-party developers have released tools to help you find apps and install them. One of those apps is 'Winstall' and it's getting better in the latest update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-bulk-install-essential-apps-with-this-free-tool/