Grindr fixed a bug allowing full takeover of any user account

Grindr has fixed a security flaw that could have allowed attackers to easily hijack any Grindr account if they knew the user's email address. [...]

https://www.bleepingcomputer.com/news/security/grindr-fixed-a-bug-allowing-full-takeover-of-any-user-account/

The Week in Ransomware - October 2nd 2020 - Healthcare under attack

This week started with a bang as a large hospital chain was hit by a ransomware attack that disrupted the healthcare industry. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-2nd-2020-healthcare-under-attack/

New Jersey hospital paid ransomware gang $670K to prevent data leak

University Hospital New Jersey in Newark, New Jersey, paid a $670,000 ransomware demand this month to prevent the publishing of 240 GB of stolen data, including patient info. [...]

https://www.bleepingcomputer.com/news/security/new-jersey-hospital-paid-ransomware-gang-670k-to-prevent-data-leak/

Online avatar service Gravatar allows mass collection of user info

A user enumeration method discovered by an Italian security researcher Carlo Di Dato demonstrates how can Gravatar data be easily scraped by web crawlers and bots. [...]

https://www.bleepingcomputer.com/news/security/online-avatar-service-gravatar-allows-mass-collection-of-user-info/

Microsoft fixes Windows 10 Internet connection issues in new update

Microsoft has released a new optional preview update that fixes two bugs that prevent Windows 10 2003 users from connecting to the Internet. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-internet-connection-issues-in-new-update/

Microsoft Weekly Roundup: Windows 10, Surface event and fixes

In our second Microsoft weekly news roundup, we bring you the latest news regarding Windows 10, Microsoft, and this week's Surface 2020 event. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-weekly-roundup-windows-10-surface-event-and-fixes/

New ransomware vaccine kills programs wiping Windows shadow volumes

A new ransomware vaccine program has been created that terminates processes that try to delete volume shadow copies using Microsoft's vssadmin.exe program, [...]

https://www.bleepingcomputer.com/news/security/new-ransomware-vaccine-kills-programs-wiping-windows-shadow-volumes/

Windows 10 ignores method to disable Bing in Start Menu, fix found

Microsoft quietly began ignoring a setting commonly used to disable Bing search results in the Windows 10 Start Menu and didn't tell anyone. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-ignores-method-to-disable-bing-in-start-menu-fix-found/

Crypto-mining worm adds Linux password stealing capability

The TeamTNT cybercrime group has recently updated its crypto-mining worm with password-stealing capabilities and with an additional network scanner to make it easier to spread to other vulnerable devices. [...]

https://www.bleepingcomputer.com/news/security/crypto-mining-worm-adds-linux-password-stealing-capability/

Slack worldwide outage causes lag, message errors, blank screens

Slack is experiencing a worldwide outage causing problems sending messages, editing messages, lag in chats, and channels displaying a blank screen. [...]

https://www.bleepingcomputer.com/news/technology/slack-worldwide-outage-causes-lag-message-errors-blank-screens/

MosaicRegressor: Second-ever UEFI rootkit found in the wild

The second-ever Unified Extensible Firmware Interface (UEFI) bootkit used in the wild was found by security researchers while analyzing malware samples in investigations surrounding attacks on two non-governmental organizations (NGOs) that took place in 2019. [...]

https://www.bleepingcomputer.com/news/security/mosaicregressor-second-ever-uefi-rootkit-found-in-the-wild/

Google releases fix for ChromeOS bug causing 100% CPU utilization

Google has released a temporary fix for a ChromeOS bug that causes 100% CPU utilization in Chromebooks. [...]

https://www.bleepingcomputer.com/news/google/google-releases-fix-for-chromeos-bug-causing-100-percent-cpu-utilization/

Windows 10: Bulk install essential apps with this free tool

Winget currently works from the command line only, but if you're not familiar with Command Prompt or PowerShell, third-party developers have released tools to help you find apps and install them. One of those apps is 'Winstall' and it's getting better in the latest update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-bulk-install-essential-apps-with-this-free-tool/

Hacker group compromises mobile provider to steal credit cards

Credit card skimming group Fullz House has compromised and injected the website of US mobile virtual network operator (MVNO) Boom! Mobile with a credit card stealer script. [...]

https://www.bleepingcomputer.com/news/security/hacker-group-compromises-mobile-provider-to-steal-credit-cards/

Microsoft: Iranian hackers actively exploiting Windows Zerologon flaw

Microsoft today warned that the Iranian-backed MuddyWater cyber-espionage group was observed using ZeroLogon exploits in multiple attacks during the last two weeks. [...]

https://www.bleepingcomputer.com/news/security/microsoft-iranian-hackers-actively-exploiting-windows-zerologon-flaw/

The anatomy of a $15 million cyber heist on a US company

Experienced fraudsters made off with $15 million from a U.S. company after carefully running an email compromise that took about two months to complete. [...]

https://www.bleepingcomputer.com/news/security/the-anatomy-of-a-15-million-cyber-heist-on-a-us-company/

Ransomware threat surge, Ryuk attacks about 20 orgs per week

Malware researchers monitoring ransomware threats noticed a sharp increase for these attacks over the past months compared to the first six months of 2020. [...]

https://www.bleepingcomputer.com/news/security/ransomware-threat-surge-ryuk-attacks-about-20-orgs-per-week/

Chowbus delivery service breached, hacker emails data to users

A threat actor has hacked into the Chowbus food delivery service and emailed links to the stolen data to all customers. [...]

https://www.bleepingcomputer.com/news/security/chowbus-delivery-service-breached-hacker-emails-data-to-users/

Hackers abuse Windows error service in fileless malware attack

An unknown hacking group injected malicious code within the legitimate Windows Error Reporting (WER) service to evade detection as part of a fileless malware attack as discovered by Malwarebytes researchers last month. [...]

https://www.bleepingcomputer.com/news/security/hackers-abuse-windows-error-service-in-fileless-malware-attack/

Malware campaigns deliver payloads via obscure paste service

Multiple malware campaigns have been spotted using Pastebin-style services to facilitate their nefarious activities. Instead of delivering payload from a dedicated Command-and-Control (C&C) server, paste sites enable attackers to hide their malicious code in plain sight. [...]

https://www.bleepingcomputer.com/news/security/malware-campaigns-deliver-payloads-via-obscure-paste-service/

Microsoft pays over $370,000 for Azure Sphere bug reports

Microsoft awarded over $370,000 in bounties to security researchers for 16 bounty eligible reports of vulnerabilities submitted through the Azure Sphere Security Research Challenge (ASSRC) IoT-focused research program. [...]

https://www.bleepingcomputer.com/news/security/microsoft-pays-over-370-000-for-azure-sphere-bug-reports/