French MNH health insurance company hit by RansomExx ransomware

French health insurance company Mutuelle Nationale des Hospitaliers (MNH) has suffered a ransomware attack that has severely disrupted the company's operations. BleepingComputer has learned. [...]

https://www.bleepingcomputer.com/news/security/french-mnh-health-insurance-company-hit-by-ransomexx-ransomware/

Network hackers asked for over $1 million in initial access offers

The number of offers for network access and their median prices on the public face of hacker forums dropped in the final quarter of last year but the statistics fail to reflect the real size of the initial access market. [...]

https://www.bleepingcomputer.com/news/security/network-hackers-asked-for-over-1-million-in-initial-access-offers/

TrickBot's BazarBackdoor malware is now coded in Nim to evade antivirus

TrickBot's stealthy BazarBackdoor malware has been rewritten in the Nim programming language, likely to evade detection by security software. [...]

https://www.bleepingcomputer.com/news/security/trickbots-bazarbackdoor-malware-is-now-coded-in-nim-to-evade-antivirus/

12-year-old Windows Defender bug gives hackers admin rights

Microsoft has fixed a privilege escalation vulnerability in Microsoft Defender Antivirus (formerly Windows Defender) that could allow attackers to gain admin rights on unpatched Windows systems. [...]

https://www.bleepingcomputer.com/news/security/12-year-old-windows-defender-bug-gives-hackers-admin-rights/

Intel fixes vulnerabilities in Windows, Linux graphics drivers

Intel addressed 57 vulnerabilities during this month's Patch Tuesday, including high severity ones impacting Intel Graphics Drivers. [...]

https://www.bleepingcomputer.com/news/security/intel-fixes-vulnerabilities-in-windows-linux-graphics-drivers/

Buggy WordPress plugin exposes 100K sites to takeover attacks

Critical and high severity vulnerabilities in the Responsive Menu WordPress plugin exposed over 100,000 sites to takeover attacks as discovered by Wordfence. [...]

https://www.bleepingcomputer.com/news/security/buggy-wordpress-plugin-exposes-100k-sites-to-takeover-attacks/

Singtel, QIMR Berghofer report Accellion-related data breaches

Singtel and the QIMR Berghofer Medical Research Institute are the latest companies to disclose data breaches caused by a vulnerability in the Accellion FTA secure file transfer software. [...]

https://www.bleepingcomputer.com/news/security/singtel-qimr-berghofer-report-accellion-related-data-breaches/

Microsoft warns of an increasing number of web shell attacks

Microsoft says that the number of monthly web shell attacks has almost doubled since last year, with an average of 140,000 such malicious tools being found on compromised servers every month. [...]

https://www.bleepingcomputer.com/news/security/microsoft-warns-of-an-increasing-number-of-web-shell-attacks/

Windows 10 emergency update fixes WPA3 Wi-Fi blue screen crashes

Microsoft has released an emergency KB5001028 out-of-band update to fix a bug causing Windows 10 to crash when connecting to WPA3 Wi-Fi networks. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-emergency-update-fixes-wpa3-wi-fi-blue-screen-crashes/

Internet Explorer 11 zero-day vulnerability gets a free micropatch

An Internet Explorer 11 zero-day vulnerability used against security researchers, not yet fixed by Microsoft, today received a micropatch that prevents exploitation. [...]

https://www.bleepingcomputer.com/news/security/internet-explorer-11-zero-day-vulnerability-gets-a-free-micropatch/

Avaddon ransomware fixes flaw allowing free decryption

The Avaddon ransomware gang has fixed a bug that let victims recover their files without paying the ransom. The flaw came to light after a security researcher exploited it to create a decryptor. [...]

https://www.bleepingcomputer.com/news/security/avaddon-ransomware-fixes-flaw-allowing-free-decryption/

Microsoft: Windows 10 1909 reaches end of service in May

Microsoft has reminded customers that some editions of Windows 10, version 1909 (also known as the November 2019 Update) will reach end of service in May 2021. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-1909-reaches-end-of-service-in-may/

Russian Yandex informs of sysadmin giving access to user mailboxes

Russian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes. [...]

https://www.bleepingcomputer.com/news/security/russian-yandex-informs-of-sysadmin-giving-access-to-user-mailboxes/

Copycat researchers imitate supply chain attack that hit tech giants

This week, hundreds of new packages have been published to the npm open-source repository named after private components being internally used by major companies. These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who had recently managed to infiltrate over major 35 tech firms. [...]

https://www.bleepingcomputer.com/news/security/copycat-researchers-imitate-supply-chain-attack-that-hit-tech-giants/

Google: Gmail users from US most targeted by phishing attacks

Google has revealed earlier this week that Gmail users from the United States are the most popular target for email-based phishing and malware attacks. [...]

https://www.bleepingcomputer.com/news/security/google-gmail-users-from-us-most-targeted-by-phishing-attacks/

Telegram 'Secret Chat' didn't delete self-destructing media files

Telegram has fixed a security issue where self-destructing audio and video recording were not being deleted from user's macOS devices as expected. [...]

https://www.bleepingcomputer.com/news/security/telegram-secret-chat-didnt-delete-self-destructing-media-files/

Scammers target US tax pros in ongoing IRS phishing attacks

The Internal Revenue Service (IRS) has warned US tax professionals of identity thieves actively targeting them in a series of phishing attacks attempting to steal Electronic Filing Identification Numbers (EFINs). [...]

https://www.bleepingcomputer.com/news/security/scammers-target-us-tax-pros-in-ongoing-irs-phishing-attacks/

Microsoft replaces Edge Legacy in latest Windows 10 Dev build

Microsoft has started replacing the legacy version of the Edge browser with the new Chromium-based Edge in Windows 10 Dev builds. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-replaces-edge-legacy-in-latest-windows-10-dev-build/

The Week in Ransomware - February 12th 2021 - More keys released

This week we saw another ransomware shut down its operation and a significant attack against Cyberpunk 2077 game developer CD Projekt Red. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-12th-2021-more-keys-released/

Windows 10 is getting revamped battery settings and usage stats

Windows 10 is getting a redesigned 'Battery' settings page that provides detailed graphs showing how your mobile device uses the battery. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-is-getting-revamped-battery-settings-and-usage-stats/

CD Projekt's stolen source code allegedly sold by ransomware gang

A ransomware gang who says they stole unencrypted source code for the company's most popular games and then encrypted CD Projekt's servers claims to have sold the data. [...]

https://www.bleepingcomputer.com/news/security/cd-projekts-stolen-source-code-allegedly-sold-by-ransomware-gang/