How Ryuk Ransomware operators made $34 million from one victim

One hacker group that is targeting high-revenue companies with Ryuk ransomware received $34 million from one victim in exchange for the decryption key that unlocked their computers. [...]

https://www.bleepingcomputer.com/news/security/how-ryuk-ransomware-operators-made-34-million-from-one-victim/

Luxottica data breach exposes LensCrafters, EyeMed patient info

A Luxottica data breach has exposed the personal and protected health information for patients of LensCrafters, Target Optical, EyeMed, and other eye care practices. [...]

https://www.bleepingcomputer.com/news/security/luxottica-data-breach-exposes-lenscrafters-eyemed-patient-info/

Managing Windows 10 apps with the Chocolatey package manager

Chocolatey is designed for both consumers (general users) and businesses, thanks to the easy to understand user interface and a suite of powerful features for existing programs deployment infrastructure. [...]

https://www.bleepingcomputer.com/news/microsoft/managing-windows-10-apps-with-the-chocolatey-package-manager/

Office 365 will let admins review Microsoft Forms phishing attempts

Microsoft is working on adding a new Microsoft Forms phishing attempt review feature that will allow Office 365 admins to confirm and block forms that try to maliciously harvest sensitive data. [...]

https://www.bleepingcomputer.com/news/security/office-365-will-let-admins-review-microsoft-forms-phishing-attempts/

This script lets you download ISOs for any Windows 10 version

A new script makes it easy to create an ISO for any version of Windows 10, including Windows 10 version 1507 through 20H2. [...]

https://www.bleepingcomputer.com/news/microsoft/this-script-lets-you-download-isos-for-any-windows-10-version/

Trump lawsuit site to report rejected votes leaked voter data

The DontTouchTheGreenButton website just launched by the Trump campaign in relation to the lawsuit filed on rejected votes in Arizona is leaking voter data. [...]

https://www.bleepingcomputer.com/news/security/trump-lawsuit-site-to-report-rejected-votes-leaked-voter-data/

HMRC smishing tax scam targets UK banking customers

An advanced HMRC tax rebate scam has been targeting UK residents this week via text messages (SMS). The smishing campaign is concerning as it employs multiple HMRC phishing domains and tactics, with new domains being added every day as older ones get flagged by spam filters. [...]

https://www.bleepingcomputer.com/news/security/hmrc-smishing-tax-scam-targets-uk-banking-customers/

How to beautify the Windows 10 Search feature

Since Windows Search interface is based on Microsoft's web technologies, it can be easily tweaked by injecting a custom JavaScript file. If you don't want to do this manually, you can use an open-source free tool called "BeautySearch". [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-beautify-the-windows-10-search-feature/

Microsoft: Windows 10 1903 reaches end of service next month

Microsoft reminds customers that some editions of Windows 10, version 1903 (also known as the May 2019 Update) will reach its end of service next month. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-1903-reaches-end-of-service-next-month/

Microsoft working on fix for Windows apps forgetting passwords

Microsoft says that multiple Windows 10 apps including Outlook are affected by an issue causing them to forget users' passwords after the device is upgraded to certain Windows 10, version 2004 builds. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-working-on-fix-for-windows-apps-forgetting-passwords/

Laptop maker Compal hit by ransomware, $17 million demanded

Taiwanese laptop maker Compal Electronics suffered a DoppelPaymer ransomware attack over the weekend, with the attackers demanding an almost $17 million ransom. [...]

https://www.bleepingcomputer.com/news/security/laptop-maker-compal-hit-by-ransomware-17-million-demanded/

Fake Microsoft Teams updates lead to Cobalt Strike deployment

Ransomware operators are using malicious fake ads for Microsoft Teams updates to infect systems with backdoors that deployed Cobalt Strike to compromise the rest of the network. [...]

https://www.bleepingcomputer.com/news/security/fake-microsoft-teams-updates-lead-to-cobalt-strike-deployment/

Google Chrome to block JavaScript redirects on web page URL clicks

Google Chrome is getting a new feature that increases security when clicking on web page links that open URLs in a new window or tab. [...]

https://www.bleepingcomputer.com/news/security/google-chrome-to-block-javascript-redirects-on-web-page-url-clicks/

New Slipstream NAT bypass attacks to be blocked by browsers

Web browser vendors are planning to block a new attack technique that would allow attackers to bypass a victim's NAT/firewall to gain access to any TCP/UDP service hosted on their devices. [...]

https://www.bleepingcomputer.com/news/security/new-slipstream-nat-bypass-attacks-to-be-blocked-by-browsers/

Malicious NPM project steals Discord accounts, browser info

A heavily obfuscated and malicious NPM project is used to steal Discord user tokens and browser information from unsuspecting users. [...]

https://www.bleepingcomputer.com/news/security/malicious-npm-project-steals-discord-accounts-browser-info/

WordPress plugin bugs can let attackers hijack up to 100K sites

Admins of WordPress sites who use the Ultimate Member plugin are urged to update it to the latest version to block attacks attempting to exploit multiple critical and easy to exploit vulnerabilities that could lead to site takeovers. [...]

https://www.bleepingcomputer.com/news/security/wordpress-plugin-bugs-can-let-attackers-hijack-up-to-100k-sites/

5.8 million RedDoorz user records for sale on hacking forum

After suffering a data breach in September, a threat actor is selling a RedDoorz database containing 5.8 million user records on a hacker forum. [...]

https://www.bleepingcomputer.com/news/security/58-million-reddoorz-user-records-for-sale-on-hacking-forum/

Scammers impersonating the IRS threaten victims with legal action

Aggressive scammers are impersonating the U.S. Internal Revenue Service (IRS) in spoofed e-mails designed to trick potential victims into paying fabricated outstanding amounts related to missed or late payments. [...]

https://www.bleepingcomputer.com/news/security/scammers-impersonating-the-irs-threaten-victims-with-legal-action/

Ubuntu's Gnome desktop could be tricked into giving root access

A vulnerability in GNOME Display Manager (gdm) could allow a standard user to create accounts with increased privileges, giving a local attacker a path to run code with administrator permissions (root). [...]

https://www.bleepingcomputer.com/news/security/ubuntus-gnome-desktop-could-be-tricked-into-giving-root-access/

Adobe releases security update for Adobe Reader for Android

Adobe has released security updates to address vulnerabilities classified as 'Important' in Adobe Reader for Android and Adobe Connect. [...]

https://www.bleepingcomputer.com/news/security/adobe-releases-security-update-for-adobe-reader-for-android/

Microsoft engineer stole $10M, used colleagues as scapegoats

Volodymyr Kvashuk, a Ukrainian citizen and former Microsoft software engineer, was sentenced to nine years in prison for stealing over $10 million worth of currency stored value (CSV) including gift cards over a span of two years. [...]

https://www.bleepingcomputer.com/news/security/microsoft-engineer-stole-10m-used-colleagues-as-scapegoats/