Windows Finger command abused by phishing to download malware

Attackers are using the normally harmless Windows Finger command to download and install a malicious backdoor on victims' devices. [...]

https://www.bleepingcomputer.com/news/security/windows-finger-command-abused-by-phishing-to-download-malware/

Google to kill Chrome Sync feature in third-party browsers

Google says that it will block third-party Chromium web browsers from using private Google APIs after discovering that they were integrating them although they're intended to be used only in Chrome. [...]

https://www.bleepingcomputer.com/news/google/google-to-kill-chrome-sync-feature-in-third-party-browsers/

The Week in Ransomware - January 15th 2021 - Locking you up

It has been another quiet week for ransomware, though we did have some interesting stories come out this week. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-15th-2021-locking-you-up/

Massive stolen credit card shop Joker's Stash shuts down

The administrator of Joker's Stash, one of the longest-running marketplace for stolen credit cards, announced on Friday that they would permanently shut down the operation next month. [...]

https://www.bleepingcomputer.com/news/security/massive-stolen-credit-card-shop-jokers-stash-shuts-down/

Pro-Trump 'Enemies of the People' doxing site is still active

Enemies of the People, the website inciting violence against U.S. officials who refused to support the President's claims to voter fraud, is still active and continues to expose personal details from more individuals. [...]

https://www.bleepingcomputer.com/news/security/pro-trump-enemies-of-the-people-doxing-site-is-still-active/

Privacy-focused search engine DuckDuckGo grew by 62% in 2020

The privacy-focused search engine DuckDuckGo continues to grow rapidly as the company reached 102M daily search queries for the first time in January. [...]

https://www.bleepingcomputer.com/news/technology/privacy-focused-search-engine-duckduckgo-grew-by-62-percent-in-2020/

Windows 10 bug causes a BSOD crash when opening a certain path

A bug in Windows 10 causes the operating system to crash with a Blue Screen of Death simply by opening a certain path in a browser's address bar or using other Windows commands. [...]

https://www.bleepingcomputer.com/news/security/windows-10-bug-causes-a-bsod-crash-when-opening-a-certain-path/

Windows 10X: A closer look at Microsoft's new operating system

Windows 10X was originally designed for dual-screen devices, such as the Surface Neo, Lenovo ThinkPad X1 Fold, and Intel prototypes. In 2020, Microsoft said that the plans have changed and the operating system will first debut on single-screen devices in 2021. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10x-a-closer-look-at-microsofts-new-operating-system/

FBI warns of vishing attacks stealing corporate accounts

The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts and credentials for network access and privilege escalation from US and international-based employees. [...]

https://www.bleepingcomputer.com/news/security/fbi-warns-of-vishing-attacks-stealing-corporate-accounts/

OpenWRT Forum user data stolen in weekend data breach

The administrators of the OpenWRT forum, a large community of enthusiasts of alternative, open-source operating systems for routers, announced a data breach. [...]

https://www.bleepingcomputer.com/news/security/openwrt-forum-user-data-stolen-in-weekend-data-breach/

Microsoft Defender to enable full auto-remediation by default

Microsoft will enable fully automated threat remediation by default for Microsoft Defender for Endpoint customers who have opted into public previews starting next month, on February 16, 2021. [...]

https://www.bleepingcomputer.com/news/security/microsoft-defender-to-enable-full-auto-remediation-by-default/

IObit forums hacked in widespread DeroHE ransomware attack

Windows utility developer IObit was hacked over the weekend to perform a widespread attack to distribute the strange DeroHE ransomware to its forum members. [...]

https://www.bleepingcomputer.com/news/security/iobit-forums-hacked-in-widespread-derohe-ransomware-attack/

FreakOut malware exploits critical bugs to infect Linux hosts

An active malicious campaign is currently targeting Linux devices running software with critical vulnerabilities that is powering network-attached storage (NAS) devices or for developing web applications and portals. [...]

https://www.bleepingcomputer.com/news/security/freakout-malware-exploits-critical-bugs-to-infect-linux-hosts/

DNSpooq bugs let attackers hijack DNS on millions of devices

Israel-based security consultancy firm JSOF disclosed today seven Dnsmasq vulnerabilities, collectively known as DNSpooq, that can be exploited to launch DNS cache poisoning and remote code execution against millions of affected devices. [...]

https://www.bleepingcomputer.com/news/security/dnspooq-bugs-let-attackers-hijack-dns-on-millions-of-devices/

Interpol: Trading scammers lure love-struck victims via dating apps

The Interpol (International Criminal Police Organisation) warns of fraudsters targeting dating app users and attempting to trick them into investing through fake trading apps. [...]

https://www.bleepingcomputer.com/news/security/interpol-trading-scammers-lure-love-struck-victims-via-dating-apps/

Google Chrome 88 released: RIP Flash Player and FTP support

Google has released Chrome 88 today, January 19th, 2021, to the Stable desktop channel, and it includes security improvements and the long-awaited removal of Adobe Flash Player. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-88-released-rip-flash-player-and-ftp-support/

SolarWinds hackers used 7-Zip code to hide Raindrop Cobalt Strike loader

The ongoing analysis of the SolarWinds supply-chain attack uncovered a fourth malicious tool that researchers call Raindrop and was used for distribution across computers on the victim network. [...]

https://www.bleepingcomputer.com/news/security/solarwinds-hackers-used-7-zip-code-to-hide-raindrop-cobalt-strike-loader/

Malwarebytes says SolarWinds hackers accessed its internal emails

Cybersecurity firm Malwarebytes today confirmed that the threat actor behind the SolarWinds supply-chain attack were able to gain access to some company emails. [...]

https://www.bleepingcomputer.com/news/security/malwarebytes-says-solarwinds-hackers-accessed-its-internal-emails/

Google search bug freezes tabs when using a custom date range

​A bug in Google Search is causing a browser tab to freeze when searching between a specified range of dates. [...]

https://www.bleepingcomputer.com/news/google/google-search-bug-freezes-tabs-when-using-a-custom-date-range/

Bugs in Signal, Facebook, Google chat apps let attackers spy on users

Vulnerabilities found in multiple video conferencing mobile applications allowed attackers to listen to users' surroundings without permission before the person on the other end picked up the calls. [...]

https://www.bleepingcomputer.com/news/security/bugs-in-signal-facebook-google-chat-apps-let-attackers-spy-on-users/

List of DNSpooq vulnerability advisories, patches, and updates

Yesterday, seven Dnsmasq vulnerabilities were disclosed, collectively known as DNSPooq, that attackers can use to launch DNS Cache Poisoning, denial of service, and possibly remote code execution attacks, on affected devices. In this article we list all the available security advisories related to these vulnerabilities. [...]

https://www.bleepingcomputer.com/news/security/list-of-dnspooq-vulnerability-advisories-patches-and-updates/