Cisco fixes maximum severity MSO auth bypass vulnerability

Cisco has addressed a maximum severity authentication bypass vulnerability found in the API endpoint of the Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine. [...]

https://www.bleepingcomputer.com/news/security/cisco-fixes-maximum-severity-mso-auth-bypass-vulnerability/

Windows 10 gets first combined LCU/SSU update in public release

For the first time in a public release, Microsoft has released a Windows 10 cumulative update that is combined with a servicing stack update for ease of installation. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-gets-first-combined-lcu-ssu-update-in-public-release/

Over 8 million COVID-19 test results leaked online

Millions of COVID-19 test reports were found to be publicly accessible due to flawed online system implementation. [...]

https://www.bleepingcomputer.com/news/security/over-8-million-covid-19-test-results-leaked-online/

Attackers scan for vulnerable VMware servers after PoC exploit release

After security researchers have developed and published proof-of-concept (PoC) exploit code targeting a critical vCenter remote code execution (RCE) vulnerability, attackers are now actively scanning for vulnerable Internet-exposed VMware servers. [...]

https://www.bleepingcomputer.com/news/security/attackers-scan-for-vulnerable-vmware-servers-after-poc-exploit-release/

VC giant Sequoia discloses data breach after failed BEC attack

American venture capital firm Sequoia has disclosed a data breach following what looks like a failed business email compromise (BEC) attack from January. [...]

https://www.bleepingcomputer.com/news/security/vc-giant-sequoia-discloses-data-breach-after-failed-bec-attack/

TD Bank suffers systemwide outage, services still recovering

TD Bank is recovering from a major IT systems outage today that prevented account holders from accessing their online bank accounts, use ATM, or check balances over the phone.  [...]

https://www.bleepingcomputer.com/news/technology/td-bank-suffers-systemwide-outage-services-still-recovering/

North Korean hackers target defense industry with custom malware

A North Korean-backed hacking group has targeted the defense industry with custom backdoor malware dubbed ThreatNeedle since early 2020 with the end goal of collecting highly sensitive information. [...]

https://www.bleepingcomputer.com/news/security/north-korean-hackers-target-defense-industry-with-custom-malware/

Microsoft shares CodeQL queries to scan code for SolarWinds-like implants

Microsoft has open-sourced CodeQL queries that developers can use to scan source code for malicious implants matching the SolarWinds supply-chain attack. [...]

https://www.bleepingcomputer.com/news/security/microsoft-shares-codeql-queries-to-scan-code-for-solarwinds-like-implants/

Dutch Research Council (NWO) confirms ransomware attack, data leak

The recent cyberattack that forced the Dutch Research Council (NWO) to take its servers offline and suspend grant allocation processes was caused by the DoppelPaymer ransomware gang. [...]

https://www.bleepingcomputer.com/news/security/dutch-research-council-nwo-confirms-ransomware-attack-data-leak/

Microsoft removes 3D Objects, Windows 10's most useless folder, from File Explorer

Microsoft is no longer treating possibly the most unused folder, 3D Objects, as a special folder in File Explorer. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-3d-objects-windows-10s-most-useless-folder-from-file-explorer/

XBOX Live outage prevents players from logging in

Xbox Live outage is suffering a worldwide outage that prevents users from logging into the service and accessing games. [...]

https://www.bleepingcomputer.com/news/microsoft/xbox-live-outage-prevents-players-from-logging-in/

Intel wireless driver updates fix Windows 10 blue screen issues

Intel has addressed Wi-Fi and Wireless Bluetooth drivers issues causing Windows 10 blue screen of death (BSOD) errors and Bluetooth devices to lose connection or stop working. [...]

https://www.bleepingcomputer.com/news/software/intel-wireless-driver-updates-fix-windows-10-blue-screen-issues/

Malicious Firefox extension allowed hackers to hijack Gmail accounts

Several Tibetan organizations were targeted in a cyber-espionage campaign by a state-backed hacking group using a malicious Firefox extension designed to hijack Gmail accounts and infect victims with malware. [...]

https://www.bleepingcomputer.com/news/security/malicious-firefox-extension-allowed-hackers-to-hijack-gmail-accounts/

Ryuk ransomware now self-spreads to other Windows LAN devices

A new Ryuk ransomware variant with worm-like capabilities that allow it to spread to other devices on victims' local networks has been discovered by the French national cyber-security agency while investigating an attack in early 2021. [...]

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-now-self-spreads-to-other-windows-lan-devices/

Ransomware gang hacks Ecuador's largest private bank, Ministry of Finance

​A hacking group called 'Hotarus Corp' has hacked Ecuador's Ministry of Finance and the country's largest bank, Banco Pichincha, where they claim to have stolen internal data. [...]

https://www.bleepingcomputer.com/news/security/ransomware-gang-hacks-ecuadors-largest-private-bank-ministry-of-finance/

T-Mobile discloses data breach after SIM swapping attacks

American telecommunications provider T-Mobile has disclosed a data breach after an unknown number of customers were apparently affected by SIM swap attacks. [...]

https://www.bleepingcomputer.com/news/security/t-mobile-discloses-data-breach-after-sim-swapping-attacks/

Twitter scammers earned over $145k this week in Bitcoin, Ethereum, Doge

Cryptocurrency scammers have made at least $145,000 this week by promoting fake giveaways through hacked verified Twitter accounts. [...]

https://www.bleepingcomputer.com/news/security/twitter-scammers-earned-over-145k-this-week-in-bitcoin-ethereum-doge/

The Week in Ransomware - February 26th 2021 - Back from the Holidays

The number of attacks had slowed down after the winter holidays, but after the past two weeks, it's evident that the ransomware attacks are back at full speed. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-26th-2021-back-from-the-holidays/

Google shares PoC exploit for critical Windows 10 Graphics RCE bug

Project Zero, Google's 0day bug-hunting team, shared technical details and proof-of-concept (PoC) exploit code for a critical remote code execution (RCE) bug affecting a Windows graphics component. [...]

https://www.bleepingcomputer.com/news/security/google-shares-poc-exploit-for-critical-windows-10-graphics-rce-bug/

Microsoft fixes Windows 10 drive corruption bug — what you need to know

Microsoft has fixed a Windows 10 bug that could cause NTFS volumes to become corrupted by merely accessing a particular path or viewing a specially crafted file. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-drive-corruption-bug-what-you-need-to-know/

NSA, Microsoft promote a Zero Trust approach to cybersecurity

The National Security Agency (NSA) and Microsoft are advocating for the Zero Trust security model as a more efficient way for enterprises to defend against today's increasingly sophisticated threats. [...]

https://www.bleepingcomputer.com/news/security/nsa-microsoft-promote-a-zero-trust-approach-to-cybersecurity/