Google fixes severe Golang Windows RCE vulnerability

This month Google engineers have fixed two vulnerabilities in the Go language (Golang), including a severe RCE flaw, and a cryptographic weakness.
The RCE vulnerability tracked as CVE-2021-3115 mainly impacts Windows users of Go running the 'go get' command, due to the default behavior of Windows PATH lookups. [...]

https://www.bleepingcomputer.com/news/security/google-fixes-severe-golang-windows-rce-vulnerability/

Mimecast links security breach to SolarWinds hackers

Email security company Mimecast has confirmed today that the threat actor behind the SolarWinds supply-chain attack is behind the security breach it disclosed earlier this month. [...]

https://www.bleepingcomputer.com/news/security/mimecast-links-security-breach-to-solarwinds-hackers/

Firefox 85 adds supercookie protection, removes Flash support

Mozilla Firefox 85 was released today with supercookie protection to block hidden trackers from tracking Firefox users' activity while browsing the Internet. [...]

https://www.bleepingcomputer.com/news/software/firefox-85-adds-supercookie-protection-removes-flash-support/

Verizon Fios Internet outage affecting Northeastern US

Verizon Fios is experiencing an outage making it impossible to access many websites or causing them too operate to slowly to use properly use. [...]

https://www.bleepingcomputer.com/news/technology/verizon-fios-internet-outage-affecting-northeastern-us/

Pan-Asian retail giant Dairy Farm suffers REvil ransomware attack

Massive pan-Asian retail chain operator Dairy Farm Group was attacked this month by the REvil ransomware operation, demanding a $30 million ransom. [...]

https://www.bleepingcomputer.com/news/security/pan-asian-retail-giant-dairy-farm-suffers-revil-ransomware-attack/

New Linux SUDO flaw lets local users gain root privileges

A now-fixed Sudo vulnerability allowed any local user to gain root privileges on Unix-like operating systems without requiring authentication. [...]

https://www.bleepingcomputer.com/news/security/new-linux-sudo-flaw-lets-local-users-gain-root-privileges/

Microsoft releases new Windows 10 Intel CPU microcode updates

Microsoft has released a new set of Intel microcode updates for Windows 10 20H2, 2004, 1909, and older versions to fix bugs impacting multiple Intel CPU families. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-new-windows-10-intel-cpu-microcode-updates/

Here's how a researcher broke into Microsoft VS Code's GitHub

This month a researcher was awarded a bug bounty award of an undisclosed amount after he broke into the official GitHub repository of Microsoft Visual Studio Code.
A vulnerability in VS Code's issue management function and a lack of authentication checks enabled the researcher to obtain push access, and write to the repository. [...]

https://www.bleepingcomputer.com/news/security/heres-how-a-researcher-broke-into-microsoft-vs-codes-github/

Emotet botnet disrupted after global takedown operation

The infrastructure of today's most dangerous botnet built by cybercriminals using the Emotet malware was taken down following an international coordinated action coordinated by Europol and Eurojust. [...]

https://www.bleepingcomputer.com/news/security/emotet-botnet-disrupted-after-global-takedown-operation/

Linux malware uses open-source tool to evade detection

AT&T Alien Labs security researchers have discovered that the TeamTNT cybercrime group upgraded their Linux crypto-mining with open-source detection evasion capabilities. [...]

https://www.bleepingcomputer.com/news/security/linux-malware-uses-open-source-tool-to-evade-detection/

Netwalker ransomware dark web sites seized by law enforcement

The dark web websites associated with the Netwalker ransomware operation have been seized by law enforcement from the USA and Bulgaria. [...]

https://www.bleepingcomputer.com/news/security/netwalker-ransomware-dark-web-sites-seized-by-law-enforcement/

Europol: Emotet malware will uninstall itself on March 25th

Law enforcement has started to distribute an Emotet module to infected devices that will uninstall the malware on March 25th, 2021. [...]

https://www.bleepingcomputer.com/news/security/europol-emotet-malware-will-uninstall-itself-on-march-25th/

US charges NetWalker ransomware affiliate, seizes ransom payments

The U.S. Justice Department announced today the disruption of the Netwalker ransomware operation and the indictment of a Canadian national for alleged involvement in the file-encrypting extortion attacks. [...]

https://www.bleepingcomputer.com/news/security/us-charges-netwalker-ransomware-affiliate-seizes-ransom-payments/

Microsoft rolls out Application Guard for Office to all customers

Microsoft has announced that Application Guard for Office is now generally available for all Microsoft 365 users with supported licenses. [...]

https://www.bleepingcomputer.com/news/security/microsoft-rolls-out-application-guard-for-office-to-all-customers/

Google Chrome blocks 7 more ports to stop NAT Slipstreaming attacks

Google Chrome now blocks access to websites on an additional seven TCP ports to protect against the NAT Slipstreaming 2.0 vulnerability. [...]

https://www.bleepingcomputer.com/news/security/google-chrome-blocks-7-more-ports-to-stop-nat-slipstreaming-attacks/

Hezbollah hackers attack unpatched Atlassian servers at telcos, ISPs

Volatile Cedar, an advanced hacker group believed to be connected to the Lebanese Hezbollah Cyber Unit, has been silently attacking companies around the world in espionage operations. [...]

https://www.bleepingcomputer.com/news/security/hezbollah-hackers-attack-unpatched-atlassian-servers-at-telcos-isps/

Microsoft: DPRK hackers 'likely' hit researchers with Chrome exploit

Today, Microsoft disclosed that they have also been monitoring the targeted attacks against vulnerability researchers for months and have attributed the attacks to a DPRK group named 'Zinc.' [...]

https://www.bleepingcomputer.com/news/security/microsoft-dprk-hackers-likely-hit-researchers-with-chrome-exploit/

Microsoft: 8 trillion daily signals power our cybersecurity services

Microsoft's security services grew by $10 billion in 2020, as more companies began utilizing their cloud-based security services. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-8-trillion-daily-signals-power-our-cybersecurity-services/

USCellular hit by a data breach after hackers access CRM software

​Mobile network operator USCellular suffered a data breach after hackers gained access to its CRM and viewed customers' accounts. [...]

https://www.bleepingcomputer.com/news/security/uscellular-hit-by-a-data-breach-after-hackers-access-crm-software/

Windows Installer zero-day vulnerability gets free micropatch

A vulnerability in the Windows Installer component, which Microsoft attempted to fix several times to no avail, today received a micropatch to deny hackers the option of gaining the highest privileges on a compromised system. [...]

https://www.bleepingcomputer.com/news/security/windows-installer-zero-day-vulnerability-gets-free-micropatch/

Perl.com domain stolen, now using IP address tied to malware

The domain name perl.com was stolen this week and is now points to an IP address associated with malware campaigns. [...]

https://www.bleepingcomputer.com/news/security/perlcom-domain-stolen-now-using-ip-address-tied-to-malware/