Eletrobras, Copel energy companies hit by ransomware attacks

Centrais Eletricas Brasileiras (Eletrobras) and Companhia Paranaense de Energia (Copel), two major electric utilities companies in Brazil have announced that they suffered ransomware attacks over the past week. [...]

https://www.bleepingcomputer.com/news/security/eletrobras-copel-energy-companies-hit-by-ransomware-attacks/

Recent Windows 10 updates cause Visual Studio, WPF app crashes

Visual Studio is crashing when docking or dragging windows around after installing recently released .NET Framework cumulative update previews for Windows 10 and Windows Server. [...]

https://www.bleepingcomputer.com/news/microsoft/recent-windows-10-updates-cause-visual-studio-wpf-app-crashes/

Microsoft warns of increasing OAuth Office 365 phishing attacks

Microsoft has warned of an increasing number of consent phishing (aka OAuth phishing) attacks targeting remote workers during recent months, BleepingComputer has learned. [...]

https://www.bleepingcomputer.com/news/security/microsoft-warns-of-increasing-oauth-office-365-phishing-attacks/

SitePoint discloses data breach after stolen info used in attacks

The SitePoint web professional community has disclosed a data breach after their user database was sold and eventually leaked for free on a hacker forum. [...]

https://www.bleepingcomputer.com/news/security/sitepoint-discloses-data-breach-after-stolen-info-used-in-attacks/

Windows 10 April updates remove Microsoft Edge Legacy permanently

Microsoft has announced today that Microsoft Edge Legacy will be permanently removed and replaced with the new Microsoft Edge after installing April's Windows 10 Patch Tuesday security update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-april-updates-remove-microsoft-edge-legacy-permanently/

Malicious extension abuses Chrome sync to steal users’ data

The Google Chrome Sync feature can be abused by threat actors to harvest information from compromised computers using maliciously-crafted Chrome browser extensions. [...]

https://www.bleepingcomputer.com/news/security/malicious-extension-abuses-chrome-sync-to-steal-users-data/

The Week in Ransomware - February 5th 2021 - Data destruction

This week we saw a few large scale attacks and various ransomware reports indicating ransom payments are falling, while attacks are increasingly destroying data permanently. The good news is a new ransomware decryptor was released, allowing victims to recover files for free. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-5th-2021-data-destruction/

This Flash Player emulator lets you securely play your old games

A Flash Player emulator called 'Ruffle' allows you to play your archived Flash games without fear of being attacked as you browse the web. [...]

https://www.bleepingcomputer.com/news/software/this-flash-player-emulator-lets-you-securely-play-your-old-games/

The Great Suspender Chrome extension's fall from grace

Google has forcibly uninstalled the immensely popular 'The Great Suspender' extension from Google Chrome and classified it as malware. [...]

https://www.bleepingcomputer.com/news/software/the-great-suspender-chrome-extensions-fall-from-grace/

Mozilla fixes Windows 10 NTFS corruption bug in Firefox

Mozilla has released Firefox 85.0.1 and includes a fix that prevents a Windows 10 NTFS corruption bug from being triggered from the browser. [...]

https://www.bleepingcomputer.com/news/software/mozilla-fixes-windows-10-ntfs-corruption-bug-in-firefox/

Signal ignores proxy censorship vulnerability, bans researchers

Signal, an end-to-end encrypted messaging platform was blocked in Iran and suggested a TLS proxy workaround to help its users bypass censorship.
However, researchers have discovered vulnerabilities in the workaround that can render Signal's suggestions moot and pose risks for the users. [...]

https://www.bleepingcomputer.com/news/security/signal-ignores-proxy-censorship-vulnerability-bans-researchers/

Fortinet fixes critical vulnerabilities in SSL VPN and web firewall

Fortinet has fixed multiple severe vulnerabilities impacting its products.
The vulnerabilities range from Remote Code Execution to SQL Injection, to Denial of Service (DoS) and impact the FortiProxy SSL VPN and FortiWeb Web Application Firewall (WAF) products.  [...]

https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-vulnerabilities-in-ssl-vpn-and-web-firewall/

New phishing attack uses Morse code to hide malicious URLs

A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment. [...]

https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/

Ziggy ransomware shuts down and releases victims' decryption keys

The Ziggy ransomware operation has shut down and released the victims' decryption keys after concerns about recent law enforcement activity and guilt for encrypting victims. [...]

https://www.bleepingcomputer.com/news/security/ziggy-ransomware-shuts-down-and-releases-victims-decryption-keys/

Microsoft to alert Office 365 users of nation-state hacking activity

Microsoft will soon notify Office 365 of suspected nation-state hacking activity detected within their tenants according to a new listing on the company's Microsoft 365 roadmap. [...]

https://www.bleepingcomputer.com/news/security/microsoft-to-alert-office-365-users-of-nation-state-hacking-activity/

Android app joins the dark side, sends malware update to millions

Google has removed a popular Android barcode scanner app with over 10 million installs from the Play Store after researchers found that it turned malicious following a December 2020 update. [...]

https://www.bleepingcomputer.com/news/security/android-app-joins-the-dark-side-sends-malware-update-to-millions/

Microsoft: Keep your guard up even after Emotet’s disruption

Microsoft warns customers not to let their guard down even after hundreds of Emotet botnet servers were taken down in late January 2021. [...]

https://www.bleepingcomputer.com/news/security/microsoft-keep-your-guard-up-even-after-emotet-s-disruption/

Cyberpunk 2077 fixes bug that let malicious mods take over PCs

CD Projekt Red has released a hotfix for Cyberpunk 2077 to fix a remote code execution vulnerability that could be exploited by third-party data file modifications and save games files. [...]

https://www.bleepingcomputer.com/news/security/cyberpunk-2077-fixes-bug-that-let-malicious-mods-take-over-pcs/

Critical vulnerability fixed in WordPress plugin with 800K installs

The NextGen Gallery development team has addressed two severe CSRF vulnerabilities to protect sites from potential takeover attacks. [...]

https://www.bleepingcomputer.com/news/security/critical-vulnerability-fixed-in-wordpress-plugin-with-800k-installs/

Hackers tried poisoning town after breaching its water facility

A hacker gained access to the water treatment system for the city of Oldsmar, Florida, and attempted to increase the concentration of sodium hydroxide (NaOH), also known as lye and caustic soda, to extremely dangerous levels. [...]

https://www.bleepingcomputer.com/news/security/hackers-tried-poisoning-town-after-breaching-its-water-facility/

CD PROJEKT RED gaming studio hit by ransomware attack

CD PROJEKT RED, the video game development studio behind Cyberpunk 2077 and The Witcher trilogy, has disclosed a ransomware attack that impacted its network. [...]

https://www.bleepingcomputer.com/news/security/cd-projekt-red-gaming-studio-hit-by-ransomware-attack/