Crypto-mining worm adds Linux password stealing capability

The TeamTNT cybercrime group has recently updated its crypto-mining worm with password-stealing capabilities and with an additional network scanner to make it easier to spread to other vulnerable devices. [...]

https://www.bleepingcomputer.com/news/security/crypto-mining-worm-adds-linux-password-stealing-capability/

Slack worldwide outage causes lag, message errors, blank screens

Slack is experiencing a worldwide outage causing problems sending messages, editing messages, lag in chats, and channels displaying a blank screen. [...]

https://www.bleepingcomputer.com/news/technology/slack-worldwide-outage-causes-lag-message-errors-blank-screens/

MosaicRegressor: Second-ever UEFI rootkit found in the wild

The second-ever Unified Extensible Firmware Interface (UEFI) bootkit used in the wild was found by security researchers while analyzing malware samples in investigations surrounding attacks on two non-governmental organizations (NGOs) that took place in 2019. [...]

https://www.bleepingcomputer.com/news/security/mosaicregressor-second-ever-uefi-rootkit-found-in-the-wild/

Google releases fix for ChromeOS bug causing 100% CPU utilization

Google has released a temporary fix for a ChromeOS bug that causes 100% CPU utilization in Chromebooks. [...]

https://www.bleepingcomputer.com/news/google/google-releases-fix-for-chromeos-bug-causing-100-percent-cpu-utilization/

Windows 10: Bulk install essential apps with this free tool

Winget currently works from the command line only, but if you're not familiar with Command Prompt or PowerShell, third-party developers have released tools to help you find apps and install them. One of those apps is 'Winstall' and it's getting better in the latest update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-bulk-install-essential-apps-with-this-free-tool/

Hacker group compromises mobile provider to steal credit cards

Credit card skimming group Fullz House has compromised and injected the website of US mobile virtual network operator (MVNO) Boom! Mobile with a credit card stealer script. [...]

https://www.bleepingcomputer.com/news/security/hacker-group-compromises-mobile-provider-to-steal-credit-cards/

Microsoft: Iranian hackers actively exploiting Windows Zerologon flaw

Microsoft today warned that the Iranian-backed MuddyWater cyber-espionage group was observed using ZeroLogon exploits in multiple attacks during the last two weeks. [...]

https://www.bleepingcomputer.com/news/security/microsoft-iranian-hackers-actively-exploiting-windows-zerologon-flaw/

The anatomy of a $15 million cyber heist on a US company

Experienced fraudsters made off with $15 million from a U.S. company after carefully running an email compromise that took about two months to complete. [...]

https://www.bleepingcomputer.com/news/security/the-anatomy-of-a-15-million-cyber-heist-on-a-us-company/

Ransomware threat surge, Ryuk attacks about 20 orgs per week

Malware researchers monitoring ransomware threats noticed a sharp increase for these attacks over the past months compared to the first six months of 2020. [...]

https://www.bleepingcomputer.com/news/security/ransomware-threat-surge-ryuk-attacks-about-20-orgs-per-week/

Chowbus delivery service breached, hacker emails data to users

A threat actor has hacked into the Chowbus food delivery service and emailed links to the stolen data to all customers. [...]

https://www.bleepingcomputer.com/news/security/chowbus-delivery-service-breached-hacker-emails-data-to-users/

Hackers abuse Windows error service in fileless malware attack

An unknown hacking group injected malicious code within the legitimate Windows Error Reporting (WER) service to evade detection as part of a fileless malware attack as discovered by Malwarebytes researchers last month. [...]

https://www.bleepingcomputer.com/news/security/hackers-abuse-windows-error-service-in-fileless-malware-attack/

Malware campaigns deliver payloads via obscure paste service

Multiple malware campaigns have been spotted using Pastebin-style services to facilitate their nefarious activities. Instead of delivering payload from a dedicated Command-and-Control (C&C) server, paste sites enable attackers to hide their malicious code in plain sight. [...]

https://www.bleepingcomputer.com/news/security/malware-campaigns-deliver-payloads-via-obscure-paste-service/

Microsoft pays over $370,000 for Azure Sphere bug reports

Microsoft awarded over $370,000 in bounties to security researchers for 16 bounty eligible reports of vulnerabilities submitted through the Azure Sphere Security Research Challenge (ASSRC) IoT-focused research program. [...]

https://www.bleepingcomputer.com/news/security/microsoft-pays-over-370-000-for-azure-sphere-bug-reports/

Chrome 86 rolls out with massive user security enhancements

Google has released Chrome 86 today, October 6th, 2020, to the Stable desktop channel, and it includes numerous security enhancements, features, and APIs for developers. [...]

https://www.bleepingcomputer.com/news/google/chrome-86-rolls-out-with-massive-user-security-enhancements/

CISA: Emotet increasing attacks on US state, local governments

Emotet attacks have targeted multiple state and local governments in the U.S. as part of potentially targeted campaigns that have been ramping up since August, the Cybersecurity and Infrastructure Security Agency (CISA) said in an alert published today. [...]

https://www.bleepingcomputer.com/news/security/cisa-emotet-increasing-attacks-on-us-state-local-governments/

Mozilla shares fix for Twitter not working on Firefox

Mozilla published a support document with a quick fix for a widely reported known issue causing Twitter not to load on the Firefox web browser. [...]

https://www.bleepingcomputer.com/news/technology/mozilla-shares-fix-for-twitter-not-working-on-firefox/

Cloudflare can now send DDoS alerts for sites are under attack

Cloudflare now allows paid customers to create notifications that warn them when their sites are under a DDoS attack. [...]

https://www.bleepingcomputer.com/news/technology/cloudflare-can-now-send-ddos-alerts-for-sites-are-under-attack/

Microsoft Edge is getting a new 'Web Capture' annotation feature

In Microsoft Edge preview builds, Microsoft has introduced a new tool called "Web Capture" that will allow you to capture screenshots of the webpages and create web notes. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-is-getting-a-new-web-capture-annotation-feature/

Comcast cable remotes hacked to snoop on conversations

Security researchers analyzing Comcast's XR11 Xfinity Voice Remote found a way to turn it into a listening device without needing physical access or user interaction. [...]

https://www.bleepingcomputer.com/news/security/comcast-cable-remotes-hacked-to-snoop-on-conversations/

US brokerage firms warned of widespread survey phishing attacks

The U.S. Financial Industry Regulatory Authority (FINRA) has issued a notice warning member brokerage firms of widespread phishing attacks using surveys to harvest information. [...]

https://www.bleepingcomputer.com/news/security/us-brokerage-firms-warned-of-widespread-survey-phishing-attacks/

QNAP fixes critical flaws that could lead to device takeover

QNAP has addressed two critical security vulnerabilities in the Helpdesk app that could enable potential attackers to take over unpatched QNAP network-attached storage (NAS) devices. [...]

https://www.bleepingcomputer.com/news/security/qnap-fixes-critical-flaws-that-could-lead-to-device-takeover/