Google fixes second actively exploited Chrome zero-day bug this year

Google has fixed an actively exploited zero-day vulnerability in the Chrome 89.0.4389.72 version released today, March 2nd, 2021, to the Stable desktop channel for Windows, Mac, and Linux users. [...]

https://www.bleepingcomputer.com/news/security/google-fixes-second-actively-exploited-chrome-zero-day-bug-this-year/

Microsoft fixes actively exploited Exchange zero-day bugs, patch now

Microsoft has released emergency out-of-band security updates for Microsoft Exchange that fix four zero-day vulnerabilities actively exploited in targeted attacks. [...]

https://www.bleepingcomputer.com/news/security/microsoft-fixes-actively-exploited-exchange-zero-day-bugs-patch-now/

Cash App phishing kit deployed in the wild, courtesy of 16Shop

The developer of the 16Shop phishing kit has added a new component that targets users of the popular Cash App mobile payment service. [...]

https://www.bleepingcomputer.com/news/security/cash-app-phishing-kit-deployed-in-the-wild-courtesy-of-16shop/

Microsoft starts force installing Windows 10 20H2 on more devices

Microsoft is ramping up the forced rollout of Windows 10, version 2004 to more devices approaching end of service (EOS), as part of a new rollout phase. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-starts-force-installing-windows-10-20h2-on-more-devices/

State hackers rush to exploit unpatched Microsoft Exchange servers

Multiple state-sponsored hacking groups are actively exploiting critical Exchange bugs Microsoft patched Tuesday via emergency out-of-band security updates. [...]

https://www.bleepingcomputer.com/news/security/state-hackers-rush-to-exploit-unpatched-microsoft-exchange-servers/

Cybersecurity firm Qualys likely latest victim of Accellion hacks

Cybersecurity firm Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files. [...]

https://www.bleepingcomputer.com/news/security/cybersecurity-firm-qualys-likely-latest-victim-of-accellion-hacks/

US government warns of Social Security scams using fake federal IDs

Government imposter scams now come with a new twist that has the potential to make them even more effective, as the Inspector General for the Social Security Administration (SSA) warns. [...]

https://www.bleepingcomputer.com/news/security/us-government-warns-of-social-security-scams-using-fake-federal-ids/

GRUB2 boot loader reveals multiple high severity vulnerabilities

GRUB, a popular Linux boot loader project has fixed multiple high severity vulnerabilities. [...]

https://www.bleepingcomputer.com/news/security/grub2-boot-loader-reveals-multiple-high-severity-vulnerabilities/

BEC scammers are targeting investors for massive payouts

Business email compromise (BEC) scammers are utilizing a new type of attack targeting investors that could leverage payouts seven times greater than average. [...]

https://www.bleepingcomputer.com/news/security/bec-scammers-are-targeting-investors-for-massive-payouts/

Hackers share methods to bypass 3D Secure for payment cards

Cybercriminals are constantly exploring and documenting new ways to go around the 3D Secure (3DS) protocol used for authorizing online card transactions. [...]

https://www.bleepingcomputer.com/news/security/hackers-share-methods-to-bypass-3d-secure-for-payment-cards/

Microsoft: Windows 10 'Known Issue Rollback' auto-fixes update bugs

Microsoft has shared details on Known Issue Rollback (KIR), a Windows 10 capability used to revert buggy non-security fixes delivered through Windows Update. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-known-issue-rollback-auto-fixes-update-bugs/

CompuCom MSP confirms ongoing outage following malware incident

The US managed service provider CompuCom has suffered a cyberattack leading to service outages and customers disconnecting from the MSP's network to prevent the spread of malware, BleepingComputer has learned. [...]

https://www.bleepingcomputer.com/news/security/compucom-msp-confirms-ongoing-outage-following-malware-incident/

Ransomware is a multi-billion industry and it keeps growing

An analysis from global cybersecurity company Group-IB reveals that ransomware attacks more than doubled last year and increased in both scale and sophistication. [...]

https://www.bleepingcomputer.com/news/security/ransomware-is-a-multi-billion-industry-and-it-keeps-growing/

DHS orders agencies to urgently patch or disconnect Exchange servers

The Department of Homeland Security's cybersecurity unit has ordered federal agencies to urgently update or disconnect Microsoft Exchange on-premises products on their networks. [...]

https://www.bleepingcomputer.com/news/security/dhs-orders-agencies-to-urgently-patch-or-disconnect-exchange-servers/

Windows DNS SIGRed bug gets first public RCE PoC exploit

A working proof-of-concept (PoC) exploit is now publicly available for the critical SIGRed Windows DNS Server remote code execution (RCE) vulnerability. [...]

https://www.bleepingcomputer.com/news/security/windows-dns-sigred-bug-gets-first-public-rce-poc-exploit/

Hacked SendGrid accounts used in phishing attacks to steal logins

A phishing campaign targeting users of Outlook Web Access and Office 365 services collected thousands of credentials relying on trusted domains such as SendGrid. [...]

https://www.bleepingcomputer.com/news/security/hacked-sendgrid-accounts-used-in-phishing-attacks-to-steal-logins/

Researcher bitsquats Microsoft's windows.com to steal traffic

A researcher was able to bitsquat Microsoft's windows.com domain by cybersquatting variations of windows.com. Adversaries can abuse this tactic to conduct automated attacks or collect data due to the nature of bit flipping. [...]

https://www.bleepingcomputer.com/news/security/researcher-bitsquats-microsofts-windowscom-to-steal-traffic/

VMware releases fix for severe View Planner RCE vulnerability

VMware has addressed a high severity unauth RCE vulnerability in VMware View Planner, allowing attackers to abuse servers running unpatched software for remote code execution. [...]

https://www.bleepingcomputer.com/news/security/vmware-releases-fix-for-severe-view-planner-rce-vulnerability/

FireEye finds new malware likely linked to SolarWinds hackers

FireEye discovered a new "sophisticated second-stage backdoor" on the servers of an organization compromised by the threat actors behind the SolarWinds supply-chain attack. [...]

https://www.bleepingcomputer.com/news/security/fireeye-finds-new-malware-likely-linked-to-solarwinds-hackers/

Microsoft Edge gets tab enhancements and improved performance

Microsoft Edge was redesigned with Chromium in January 2020 and it's getting better every month with new updates. Earlier this year, Microsoft announced that it's enabling support for sleeping tabs and now Microsoft is rolling out two new features - vertical tabs and startup boost. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-gets-tab-enhancements-and-improved-performance/

Maza forum hacked in recent attacks targeting cybercrime forums

The Maza cybercrime forum was hacked and member data leaked in the latest of a series of attacks targeting mostly Russian-speaking hacker forums. [...]

https://www.bleepingcomputer.com/news/security/maza-forum-hacked-in-recent-attacks-targeting-cybercrime-forums/