Hacker group compromises mobile provider to steal credit cards

Credit card skimming group Fullz House has compromised and injected the website of US mobile virtual network operator (MVNO) Boom! Mobile with a credit card stealer script. [...]

https://www.bleepingcomputer.com/news/security/hacker-group-compromises-mobile-provider-to-steal-credit-cards/

Microsoft: Iranian hackers actively exploiting Windows Zerologon flaw

Microsoft today warned that the Iranian-backed MuddyWater cyber-espionage group was observed using ZeroLogon exploits in multiple attacks during the last two weeks. [...]

https://www.bleepingcomputer.com/news/security/microsoft-iranian-hackers-actively-exploiting-windows-zerologon-flaw/

The anatomy of a $15 million cyber heist on a US company

Experienced fraudsters made off with $15 million from a U.S. company after carefully running an email compromise that took about two months to complete. [...]

https://www.bleepingcomputer.com/news/security/the-anatomy-of-a-15-million-cyber-heist-on-a-us-company/

Ransomware threat surge, Ryuk attacks about 20 orgs per week

Malware researchers monitoring ransomware threats noticed a sharp increase for these attacks over the past months compared to the first six months of 2020. [...]

https://www.bleepingcomputer.com/news/security/ransomware-threat-surge-ryuk-attacks-about-20-orgs-per-week/

Chowbus delivery service breached, hacker emails data to users

A threat actor has hacked into the Chowbus food delivery service and emailed links to the stolen data to all customers. [...]

https://www.bleepingcomputer.com/news/security/chowbus-delivery-service-breached-hacker-emails-data-to-users/

Hackers abuse Windows error service in fileless malware attack

An unknown hacking group injected malicious code within the legitimate Windows Error Reporting (WER) service to evade detection as part of a fileless malware attack as discovered by Malwarebytes researchers last month. [...]

https://www.bleepingcomputer.com/news/security/hackers-abuse-windows-error-service-in-fileless-malware-attack/

Malware campaigns deliver payloads via obscure paste service

Multiple malware campaigns have been spotted using Pastebin-style services to facilitate their nefarious activities. Instead of delivering payload from a dedicated Command-and-Control (C&C) server, paste sites enable attackers to hide their malicious code in plain sight. [...]

https://www.bleepingcomputer.com/news/security/malware-campaigns-deliver-payloads-via-obscure-paste-service/

Microsoft pays over $370,000 for Azure Sphere bug reports

Microsoft awarded over $370,000 in bounties to security researchers for 16 bounty eligible reports of vulnerabilities submitted through the Azure Sphere Security Research Challenge (ASSRC) IoT-focused research program. [...]

https://www.bleepingcomputer.com/news/security/microsoft-pays-over-370-000-for-azure-sphere-bug-reports/

Chrome 86 rolls out with massive user security enhancements

Google has released Chrome 86 today, October 6th, 2020, to the Stable desktop channel, and it includes numerous security enhancements, features, and APIs for developers. [...]

https://www.bleepingcomputer.com/news/google/chrome-86-rolls-out-with-massive-user-security-enhancements/

CISA: Emotet increasing attacks on US state, local governments

Emotet attacks have targeted multiple state and local governments in the U.S. as part of potentially targeted campaigns that have been ramping up since August, the Cybersecurity and Infrastructure Security Agency (CISA) said in an alert published today. [...]

https://www.bleepingcomputer.com/news/security/cisa-emotet-increasing-attacks-on-us-state-local-governments/

Mozilla shares fix for Twitter not working on Firefox

Mozilla published a support document with a quick fix for a widely reported known issue causing Twitter not to load on the Firefox web browser. [...]

https://www.bleepingcomputer.com/news/technology/mozilla-shares-fix-for-twitter-not-working-on-firefox/

Cloudflare can now send DDoS alerts for sites are under attack

Cloudflare now allows paid customers to create notifications that warn them when their sites are under a DDoS attack. [...]

https://www.bleepingcomputer.com/news/technology/cloudflare-can-now-send-ddos-alerts-for-sites-are-under-attack/

Microsoft Edge is getting a new 'Web Capture' annotation feature

In Microsoft Edge preview builds, Microsoft has introduced a new tool called "Web Capture" that will allow you to capture screenshots of the webpages and create web notes. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-is-getting-a-new-web-capture-annotation-feature/

Comcast cable remotes hacked to snoop on conversations

Security researchers analyzing Comcast's XR11 Xfinity Voice Remote found a way to turn it into a listening device without needing physical access or user interaction. [...]

https://www.bleepingcomputer.com/news/security/comcast-cable-remotes-hacked-to-snoop-on-conversations/

US brokerage firms warned of widespread survey phishing attacks

The U.S. Financial Industry Regulatory Authority (FINRA) has issued a notice warning member brokerage firms of widespread phishing attacks using surveys to harvest information. [...]

https://www.bleepingcomputer.com/news/security/us-brokerage-firms-warned-of-widespread-survey-phishing-attacks/

QNAP fixes critical flaws that could lead to device takeover

QNAP has addressed two critical security vulnerabilities in the Helpdesk app that could enable potential attackers to take over unpatched QNAP network-attached storage (NAS) devices. [...]

https://www.bleepingcomputer.com/news/security/qnap-fixes-critical-flaws-that-could-lead-to-device-takeover/

Microsoft 365 outage takes down Outlook and Microsoft Teams again

Microsoft 365 is currently experiencing an outage affecting users on both coasts of the United States and preventing them from accessing multiple Office 365 services. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-takes-down-outlook-and-microsoft-teams-again/

Phishing emails lure victims with inside info on Trump's health

A phishing campaign pushing a network-compromising backdoor pretends to have the inside scoop on President Trump's health after being infected with COVID-19. [...]

https://www.bleepingcomputer.com/news/security/phishing-emails-lure-victims-with-inside-info-on-trumps-health/

Microsoft adds consent phishing protection to Office 365

Microsoft announced that consent phishing protections including OAuth app publisher verification and app consent policies are now generally available in Office 365. [...]

https://www.bleepingcomputer.com/news/security/microsoft-adds-consent-phishing-protection-to-office-365/

Microsoft to tailor Windows 10 setups based on how you use your PC

Microsoft will soon offer different installation experiences when setting up Windows 10 based on how you plan on using the computer. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-to-tailor-windows-10-setups-based-on-how-you-use-your-pc/

RainbowMix apps generate $150,000 in daily ad fraud profit

A massive fraudulent advertising business disrupted recently perpetrated through more than 240 apps in Google Play generated profits that could amount to more than $150,000 per day. [...]

https://www.bleepingcomputer.com/news/security/rainbowmix-apps-generate-150-000-in-daily-ad-fraud-profit/