Microsoft releases new Windows 10 Intel CPU microcode updates

Microsoft has released a new set of Intel microcode updates for Windows 10 20H2, 2004, 1909, and older versions to fix bugs impacting multiple Intel CPU families. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-new-windows-10-intel-cpu-microcode-updates/

Here's how a researcher broke into Microsoft VS Code's GitHub

This month a researcher was awarded a bug bounty award of an undisclosed amount after he broke into the official GitHub repository of Microsoft Visual Studio Code.
A vulnerability in VS Code's issue management function and a lack of authentication checks enabled the researcher to obtain push access, and write to the repository. [...]

https://www.bleepingcomputer.com/news/security/heres-how-a-researcher-broke-into-microsoft-vs-codes-github/

Emotet botnet disrupted after global takedown operation

The infrastructure of today's most dangerous botnet built by cybercriminals using the Emotet malware was taken down following an international coordinated action coordinated by Europol and Eurojust. [...]

https://www.bleepingcomputer.com/news/security/emotet-botnet-disrupted-after-global-takedown-operation/

Linux malware uses open-source tool to evade detection

AT&T Alien Labs security researchers have discovered that the TeamTNT cybercrime group upgraded their Linux crypto-mining with open-source detection evasion capabilities. [...]

https://www.bleepingcomputer.com/news/security/linux-malware-uses-open-source-tool-to-evade-detection/

Netwalker ransomware dark web sites seized by law enforcement

The dark web websites associated with the Netwalker ransomware operation have been seized by law enforcement from the USA and Bulgaria. [...]

https://www.bleepingcomputer.com/news/security/netwalker-ransomware-dark-web-sites-seized-by-law-enforcement/

Europol: Emotet malware will uninstall itself on March 25th

Law enforcement has started to distribute an Emotet module to infected devices that will uninstall the malware on March 25th, 2021. [...]

https://www.bleepingcomputer.com/news/security/europol-emotet-malware-will-uninstall-itself-on-march-25th/

US charges NetWalker ransomware affiliate, seizes ransom payments

The U.S. Justice Department announced today the disruption of the Netwalker ransomware operation and the indictment of a Canadian national for alleged involvement in the file-encrypting extortion attacks. [...]

https://www.bleepingcomputer.com/news/security/us-charges-netwalker-ransomware-affiliate-seizes-ransom-payments/

Microsoft rolls out Application Guard for Office to all customers

Microsoft has announced that Application Guard for Office is now generally available for all Microsoft 365 users with supported licenses. [...]

https://www.bleepingcomputer.com/news/security/microsoft-rolls-out-application-guard-for-office-to-all-customers/

Google Chrome blocks 7 more ports to stop NAT Slipstreaming attacks

Google Chrome now blocks access to websites on an additional seven TCP ports to protect against the NAT Slipstreaming 2.0 vulnerability. [...]

https://www.bleepingcomputer.com/news/security/google-chrome-blocks-7-more-ports-to-stop-nat-slipstreaming-attacks/

Hezbollah hackers attack unpatched Atlassian servers at telcos, ISPs

Volatile Cedar, an advanced hacker group believed to be connected to the Lebanese Hezbollah Cyber Unit, has been silently attacking companies around the world in espionage operations. [...]

https://www.bleepingcomputer.com/news/security/hezbollah-hackers-attack-unpatched-atlassian-servers-at-telcos-isps/

Microsoft: DPRK hackers 'likely' hit researchers with Chrome exploit

Today, Microsoft disclosed that they have also been monitoring the targeted attacks against vulnerability researchers for months and have attributed the attacks to a DPRK group named 'Zinc.' [...]

https://www.bleepingcomputer.com/news/security/microsoft-dprk-hackers-likely-hit-researchers-with-chrome-exploit/

Microsoft: 8 trillion daily signals power our cybersecurity services

Microsoft's security services grew by $10 billion in 2020, as more companies began utilizing their cloud-based security services. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-8-trillion-daily-signals-power-our-cybersecurity-services/

USCellular hit by a data breach after hackers access CRM software

​Mobile network operator USCellular suffered a data breach after hackers gained access to its CRM and viewed customers' accounts. [...]

https://www.bleepingcomputer.com/news/security/uscellular-hit-by-a-data-breach-after-hackers-access-crm-software/

Windows Installer zero-day vulnerability gets free micropatch

A vulnerability in the Windows Installer component, which Microsoft attempted to fix several times to no avail, today received a micropatch to deny hackers the option of gaining the highest privileges on a compromised system. [...]

https://www.bleepingcomputer.com/news/security/windows-installer-zero-day-vulnerability-gets-free-micropatch/

Perl.com domain stolen, now using IP address tied to malware

The domain name perl.com was stolen this week and is now points to an IP address associated with malware campaigns. [...]

https://www.bleepingcomputer.com/news/security/perlcom-domain-stolen-now-using-ip-address-tied-to-malware/

New Pro-Ocean malware worms through Apache, Oracle, Redis servers

The financially-motivated Rocke hackers are using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable instances of Apache ActiveMQ, Oracle WebLogic, and Redis. [...]

https://www.bleepingcomputer.com/news/security/new-pro-ocean-malware-worms-through-apache-oracle-redis-servers/

Vovalex is likely the first ransomware written in D

A new ransomware called Vovalex is being distributed through fake pirated software that impersonates popular Windows utilities, such as CCleaner. [...]

https://www.bleepingcomputer.com/news/security/vovalex-is-likely-the-first-ransomware-written-in-d/

Here'e how law enforcement's Emotet malware module works

New research released today provides greater insight into the Emotet module created by law enforcement that will uninstall the malware from infected devices in April. [...]

https://www.bleepingcomputer.com/news/security/heree-how-law-enforcements-emotet-malware-module-works/

The Week in Ransomware - January 29th 2021 - Striking back

It has been a hectic week, with law enforcement conducting two successful law enforcement operations that will significantly impact ransomware. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-29th-2021-striking-back/

Fonix ransomware shuts down and releases master decryption key

The Fonix Ransomware operators have shut down their operation and released the master decryption allowing victims to recover their files for free. [...]

https://www.bleepingcomputer.com/news/security/fonix-ransomware-shuts-down-and-releases-master-decryption-key/

UK Research and Innovation (UKRI) suffers ransomware attack

The UK Research and Innovation (UKRI) is dealing with a ransomware incident that encrypted data and impacted two of its services that offer information to subscribers and the platform for peer review of various parts of the agency. [...]

https://www.bleepingcomputer.com/news/security/uk-research-and-innovation-ukri-suffers-ransomware-attack/