QBot partners with Egregor ransomware in bot-fueled attacks

The Qbot banking trojan has dropped the ProLock ransomware in favor of the Egregor ransomware who burst into activity in September. [...]

https://www.bleepingcomputer.com/news/security/qbot-partners-with-egregor-ransomware-in-bot-fueled-attacks/

Windows 10 KB4586819 update fixes gaming and USB 3.0 issues

​Microsoft has released the Windows 10 1909 KB4586819 non-security preview cumulative update with fixes for game crash issues and for USB 3.0 hubs causing connected devices to stop working. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4586819-update-fixes-gaming-and-usb-30-issues/

Microsoft releases patching guidance for Kerberos security bug

Microsoft has released additional details on how to fully mitigate a security feature bypass vulnerability in Kerberos KDC (Key Distribution Center) patched during this month's Patch Tuesday. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-patching-guidance-for-kerberos-security-bug/

VMWare releases fix for critical ESXi, Workstation vulnerability

VMware has released security updates to fix critical and high severity vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation, allowing for code execution and privilege escalation. [...]

https://www.bleepingcomputer.com/news/security/vmware-releases-fix-for-critical-esxi-workstation-vulnerability/

LightBot: TrickBot’s new reconnaissance tool for high-value targets

The notorious TrickBot has gang has released a new lightweight reconnaissance tool used to scope out an infected victim's network for high-value targets. [...]

https://www.bleepingcomputer.com/news/security/lightbot-trickbot-s-new-reconnaissance-tool-for-high-value-targets/

FBI warns of increasing Ragnar Locker ransomware activity

The U.S. Federal Bureau of Investigation (FBI) Cyber Division has warned private industry partners of increased Ragnar Locker ransomware activity following a confirmed attack from April 2020. [...]

https://www.bleepingcomputer.com/news/security/fbi-warns-of-increasing-ragnar-locker-ransomware-activity/

The Week in Ransomware - November 20th 2020 - Don't mess with the turkey

This week we saw two massive attacks that had a signifcant impact on the food supply industry, as well as a demonstration of Egregor's annoying ransom note print bombs. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-20th-2020-dont-mess-with-the-turkey/

Joe Biden's 'Vote Joe' website defaced by Turkish Hackers

The Vote Joe site set up by Biden Presidential campaign was hacked this week and defaced by a Turkish group called RootAyyıldız. The defacement appears to have lasted for over 24 hours. [...]

https://www.bleepingcomputer.com/news/security/joe-bidens-vote-joe-website-defaced-by-turkish-hackers/

TrickBot turns 100: Latest malware released with new features

The TrickBot cybercrime gang has released the hundredth version of the TrickBot malware with additional features to evade detection. [...]

https://www.bleepingcomputer.com/news/security/trickbot-turns-100-latest-malware-released-with-new-features/

Windows 10 Defrag TRIM bug still not fixed after six months

After the release of two Windows 10 feature updates and numerous cumulative updates, Microsoft has still not fixed a bug causing Windows Defrag to TRIM non-SSD drives. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-defrag-trim-bug-still-not-fixed-after-six-months/

Best Microsoft tools created for Windows 10 power users

Over the past year, Microsoft has quietly released new built-in Windows 10 command-line applications and free Microsoft Store apps that enhance the functionality of the operating system. [...]

https://www.bleepingcomputer.com/news/microsoft/best-microsoft-tools-created-for-windows-10-power-users/

Hacker posts exploits for over 49,000 vulnerable Fortinet VPNs

Thousands of domains, including those belonging to high street banks and government organizations are vulnerable to a critical Path Traversal flaw in FortiNet SSL VPN. [...]

https://www.bleepingcomputer.com/news/security/hacker-posts-exploits-for-over-49-000-vulnerable-fortinet-vpns/

Hands on with Windows Terminal 1.5's upcoming features

Microsoft released Windows Terminal Preview v1.5 this week, and it comes with some useful improvements, including full support for clickable hyperlinks, command palette improvements, emoji icon support, and more. [...]

https://www.bleepingcomputer.com/news/microsoft/hands-on-with-windows-terminal-15s-upcoming-features/

How to boost your Windows 10 experience with PowerToys

Windows 10 PowerToys currently comes with utilities for optimizing app windows for big monitors, previewing new image types in File Explorer, resizing images, and more. In this article, we're highlighting the new key features of PowerToys that you should try to supercharge your Windows 10 experience. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-boost-your-windows-10-experience-with-powertoys/

FBI warns of recently registered domains spoofing its sites

The U.S. Federal Bureau of Investigation (FBI) is warning the general public of the risks behind recently registered FBI-related domains that spoof some of the federal law enforcement agency's official websites. [...]

https://www.bleepingcomputer.com/news/security/fbi-warns-of-recently-registered-domains-spoofing-its-sites/

Here's how to enable Google Chrome's new modern PDF reader

The PDF reader or viewer within Google Chrome has always been relatively simple, especially when compared to Microsoft Edge. With Chrome 87, Google has introduced a new UI for the PDF reader and here's how you can enable it if you don't have it already. [...]

https://www.bleepingcomputer.com/news/google/heres-how-to-enable-google-chromes-new-modern-pdf-reader/

Fake Minecraft mods swamp over 1M Android devices with ads

Fraudsters bypassed Google's protections for the official Play Android store and published more than 20 fake modpacks for the popular game Minecraft. [...]

https://www.bleepingcomputer.com/news/security/fake-minecraft-mods-swamp-over-1m-android-devices-with-ads/

Ransomware forces E-Land South Korean retail giant to close stores

South Korean conglomerate and retail giant E-Land has suffered a ransomware attack causing 23 of its retail stores to suspend operations while they deal with the attack. [...]

https://www.bleepingcomputer.com/news/security/ransomware-forces-e-land-south-korean-retail-giant-to-close-stores/

Tesla Model X key fobs could be hacked to steal cars, fix released

Researchers at the University of Leuven in Belgium found vulnerabilities in the keyless entry system of the Tesla Model X that would have allowed attackers to steal the $100,000 car within just a few minutes. [...]

https://www.bleepingcomputer.com/news/security/tesla-model-x-key-fobs-could-be-hacked-to-steal-cars-fix-released/

VMware discloses critical zero-day vulnerability in Workspace One

VMware has released a workaround to address a critical zero-day in multiple VMware Workspace One components that allows attackers to execute commands on the host Linux and Windows operating systems using escalated privileges. [...]

https://www.bleepingcomputer.com/news/security/vmware-discloses-critical-zero-day-vulnerability-in-workspace-one/

Over 300K Spotify accounts hacked in credential stuffing attack

Hackers have been attempting to gain access to Spotify accounts using a database of 380 million records with login credentials and personal information collected from various sources. [...]

https://www.bleepingcomputer.com/news/security/over-300k-spotify-accounts-hacked-in-credential-stuffing-attack/