Rise in ransomware attacks mistakenly causing data destruction

More and more ransomware victims are resisting the extortionists and refuse to pay when they can recover from backups, despite hackers' threats to leak the data stolen before encryption. [...]

https://www.bleepingcomputer.com/news/security/rise-in-ransomware-attacks-mistakenly-causing-data-destruction/

Microsoft fixes PowerPoint crashes in Office February updates

Microsoft released the February 2021 non-security Microsoft Office updates with improvements and fixes for issues and crashes impacting Windows Installer (MSI) editions of Office 2016, Office 2013, and Office 2010 products. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-powerpoint-crashes-in-office-february-updates/

Plex Media servers actively abused to amplify DDoS attacks

Plex Media Server systems are actively being abused by DDoS-for-hire services as a UDP reflection/amplification vector in Distributed Denial of Service (DDoS) attacks. [...]

https://www.bleepingcomputer.com/news/security/plex-media-servers-actively-abused-to-amplify-ddos-attacks/

Hacking group also used an IE zero-day against security researchers

An Internet Explorer zero-day vulnerability has been discovered used in recent North Korean attacks against security and vulnerability researchers. [...]

https://www.bleepingcomputer.com/news/security/hacking-group-also-used-an-ie-zero-day-against-security-researchers/

Windows 10 2004 now in broad deployment, available to everyone

Microsoft has announced that Windows 10, version 2004 has now been added to the broad deployment channel and will be available to everyone via Windows Update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-2004-now-in-broad-deployment-available-to-everyone/

Hackers steal StormShield firewall source code in data breach

Leading French cybersecurity company StormShield disclosed that their systems were hacked, allowing a threat actor to access the companies' support ticket system and steal source code for Stormshield Network Security firewall software. [...]

https://www.bleepingcomputer.com/news/security/hackers-steal-stormshield-firewall-source-code-in-data-breach/

Google fixes Chrome zero-day actively exploited in the wild

Google has addressed an actively exploited zero-day security vulnerability in the Chrome 88.0.4324.150 version released today, February 4th, 2020, to the Stable desktop channel for Windows, Mac, and Linux users. [...]

https://www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-day-actively-exploited-in-the-wild/

Eletrobras, Copel energy companies hit by ransomware attacks

Centrais Eletricas Brasileiras (Eletrobras) and Companhia Paranaense de Energia (Copel), two major electric utilities companies in Brazil have announced that they suffered ransomware attacks over the past week. [...]

https://www.bleepingcomputer.com/news/security/eletrobras-copel-energy-companies-hit-by-ransomware-attacks/

Recent Windows 10 updates cause Visual Studio, WPF app crashes

Visual Studio is crashing when docking or dragging windows around after installing recently released .NET Framework cumulative update previews for Windows 10 and Windows Server. [...]

https://www.bleepingcomputer.com/news/microsoft/recent-windows-10-updates-cause-visual-studio-wpf-app-crashes/

Microsoft warns of increasing OAuth Office 365 phishing attacks

Microsoft has warned of an increasing number of consent phishing (aka OAuth phishing) attacks targeting remote workers during recent months, BleepingComputer has learned. [...]

https://www.bleepingcomputer.com/news/security/microsoft-warns-of-increasing-oauth-office-365-phishing-attacks/

SitePoint discloses data breach after stolen info used in attacks

The SitePoint web professional community has disclosed a data breach after their user database was sold and eventually leaked for free on a hacker forum. [...]

https://www.bleepingcomputer.com/news/security/sitepoint-discloses-data-breach-after-stolen-info-used-in-attacks/

Windows 10 April updates remove Microsoft Edge Legacy permanently

Microsoft has announced today that Microsoft Edge Legacy will be permanently removed and replaced with the new Microsoft Edge after installing April's Windows 10 Patch Tuesday security update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-april-updates-remove-microsoft-edge-legacy-permanently/

Malicious extension abuses Chrome sync to steal users’ data

The Google Chrome Sync feature can be abused by threat actors to harvest information from compromised computers using maliciously-crafted Chrome browser extensions. [...]

https://www.bleepingcomputer.com/news/security/malicious-extension-abuses-chrome-sync-to-steal-users-data/

The Week in Ransomware - February 5th 2021 - Data destruction

This week we saw a few large scale attacks and various ransomware reports indicating ransom payments are falling, while attacks are increasingly destroying data permanently. The good news is a new ransomware decryptor was released, allowing victims to recover files for free. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-5th-2021-data-destruction/

This Flash Player emulator lets you securely play your old games

A Flash Player emulator called 'Ruffle' allows you to play your archived Flash games without fear of being attacked as you browse the web. [...]

https://www.bleepingcomputer.com/news/software/this-flash-player-emulator-lets-you-securely-play-your-old-games/

The Great Suspender Chrome extension's fall from grace

Google has forcibly uninstalled the immensely popular 'The Great Suspender' extension from Google Chrome and classified it as malware. [...]

https://www.bleepingcomputer.com/news/software/the-great-suspender-chrome-extensions-fall-from-grace/

Mozilla fixes Windows 10 NTFS corruption bug in Firefox

Mozilla has released Firefox 85.0.1 and includes a fix that prevents a Windows 10 NTFS corruption bug from being triggered from the browser. [...]

https://www.bleepingcomputer.com/news/software/mozilla-fixes-windows-10-ntfs-corruption-bug-in-firefox/

Signal ignores proxy censorship vulnerability, bans researchers

Signal, an end-to-end encrypted messaging platform was blocked in Iran and suggested a TLS proxy workaround to help its users bypass censorship.
However, researchers have discovered vulnerabilities in the workaround that can render Signal's suggestions moot and pose risks for the users. [...]

https://www.bleepingcomputer.com/news/security/signal-ignores-proxy-censorship-vulnerability-bans-researchers/

Fortinet fixes critical vulnerabilities in SSL VPN and web firewall

Fortinet has fixed multiple severe vulnerabilities impacting its products.
The vulnerabilities range from Remote Code Execution to SQL Injection, to Denial of Service (DoS) and impact the FortiProxy SSL VPN and FortiWeb Web Application Firewall (WAF) products.  [...]

https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-vulnerabilities-in-ssl-vpn-and-web-firewall/

New phishing attack uses Morse code to hide malicious URLs

A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment. [...]

https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/

Ziggy ransomware shuts down and releases victims' decryption keys

The Ziggy ransomware operation has shut down and released the victims' decryption keys after concerns about recent law enforcement activity and guilt for encrypting victims. [...]

https://www.bleepingcomputer.com/news/security/ziggy-ransomware-shuts-down-and-releases-victims-decryption-keys/