BEC scammers are targeting investors for massive payouts

Business email compromise (BEC) scammers are utilizing a new type of attack targeting investors that could leverage payouts seven times greater than average. [...]

https://www.bleepingcomputer.com/news/security/bec-scammers-are-targeting-investors-for-massive-payouts/

Hackers share methods to bypass 3D Secure for payment cards

Cybercriminals are constantly exploring and documenting new ways to go around the 3D Secure (3DS) protocol used for authorizing online card transactions. [...]

https://www.bleepingcomputer.com/news/security/hackers-share-methods-to-bypass-3d-secure-for-payment-cards/

Microsoft: Windows 10 'Known Issue Rollback' auto-fixes update bugs

Microsoft has shared details on Known Issue Rollback (KIR), a Windows 10 capability used to revert buggy non-security fixes delivered through Windows Update. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-known-issue-rollback-auto-fixes-update-bugs/

CompuCom MSP confirms ongoing outage following malware incident

The US managed service provider CompuCom has suffered a cyberattack leading to service outages and customers disconnecting from the MSP's network to prevent the spread of malware, BleepingComputer has learned. [...]

https://www.bleepingcomputer.com/news/security/compucom-msp-confirms-ongoing-outage-following-malware-incident/

Ransomware is a multi-billion industry and it keeps growing

An analysis from global cybersecurity company Group-IB reveals that ransomware attacks more than doubled last year and increased in both scale and sophistication. [...]

https://www.bleepingcomputer.com/news/security/ransomware-is-a-multi-billion-industry-and-it-keeps-growing/

DHS orders agencies to urgently patch or disconnect Exchange servers

The Department of Homeland Security's cybersecurity unit has ordered federal agencies to urgently update or disconnect Microsoft Exchange on-premises products on their networks. [...]

https://www.bleepingcomputer.com/news/security/dhs-orders-agencies-to-urgently-patch-or-disconnect-exchange-servers/

Windows DNS SIGRed bug gets first public RCE PoC exploit

A working proof-of-concept (PoC) exploit is now publicly available for the critical SIGRed Windows DNS Server remote code execution (RCE) vulnerability. [...]

https://www.bleepingcomputer.com/news/security/windows-dns-sigred-bug-gets-first-public-rce-poc-exploit/

Hacked SendGrid accounts used in phishing attacks to steal logins

A phishing campaign targeting users of Outlook Web Access and Office 365 services collected thousands of credentials relying on trusted domains such as SendGrid. [...]

https://www.bleepingcomputer.com/news/security/hacked-sendgrid-accounts-used-in-phishing-attacks-to-steal-logins/

Researcher bitsquats Microsoft's windows.com to steal traffic

A researcher was able to bitsquat Microsoft's windows.com domain by cybersquatting variations of windows.com. Adversaries can abuse this tactic to conduct automated attacks or collect data due to the nature of bit flipping. [...]

https://www.bleepingcomputer.com/news/security/researcher-bitsquats-microsofts-windowscom-to-steal-traffic/

VMware releases fix for severe View Planner RCE vulnerability

VMware has addressed a high severity unauth RCE vulnerability in VMware View Planner, allowing attackers to abuse servers running unpatched software for remote code execution. [...]

https://www.bleepingcomputer.com/news/security/vmware-releases-fix-for-severe-view-planner-rce-vulnerability/

FireEye finds new malware likely linked to SolarWinds hackers

FireEye discovered a new "sophisticated second-stage backdoor" on the servers of an organization compromised by the threat actors behind the SolarWinds supply-chain attack. [...]

https://www.bleepingcomputer.com/news/security/fireeye-finds-new-malware-likely-linked-to-solarwinds-hackers/

Microsoft Edge gets tab enhancements and improved performance

Microsoft Edge was redesigned with Chromium in January 2020 and it's getting better every month with new updates. Earlier this year, Microsoft announced that it's enabling support for sleeping tabs and now Microsoft is rolling out two new features - vertical tabs and startup boost. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-gets-tab-enhancements-and-improved-performance/

Maza forum hacked in recent attacks targeting cybercrime forums

The Maza cybercrime forum was hacked and member data leaked in the latest of a series of attacks targeting mostly Russian-speaking hacker forums. [...]

https://www.bleepingcomputer.com/news/security/maza-forum-hacked-in-recent-attacks-targeting-cybercrime-forums/

Microsoft reveals new malware used by the SolarWinds hackers

Microsoft has revealed information on newly found malware the SolarWinds hackers deployed on victims' networks as second-stage payloads. [...]

https://www.bleepingcomputer.com/news/security/microsoft-reveals-new-malware-used-by-the-solarwinds-hackers/

CompuCom MSP hit by DarkSide ransomware cyberattack

US managed service provider CompuCom has suffered a DarkSide ransomware attack leading to service outages and customers disconnecting from the MSP's network to prevent the spread of malware. [...]

https://www.bleepingcomputer.com/news/security/compucom-msp-hit-by-darkside-ransomware-cyberattack/

Supermicro, Pulse Secure release fixes for 'TrickBoot' attacks

Supermicro and Pulse Secure have released advisories warning that some of their motherboards are vulnerable to the TrickBot malware's UEFI firmware-infecting module, known as TrickBoot. [...]

https://www.bleepingcomputer.com/news/security/supermicro-pulse-secure-release-fixes-for-trickboot-attacks/

Ongoing phishing attacks target US brokers with fake FINRA audits

The US Financial Industry Regulatory Authority (FINRA) has issued a regulatory notice warning US brokerage firms and brokers of an ongoing phishing campaign using fake compliance audit alerts to harvest information. [...]

https://www.bleepingcomputer.com/news/security/ongoing-phishing-attacks-target-us-brokers-with-fake-finra-audits/

Microsoft: Exchange updates can install without fixing vulnerabilities

Due to the critical nature of recently issued Microsoft Exchange security updates, admins need to know that the updates may have installation issues on servers where User Account Control (UAC) is enabled. [...]

https://www.bleepingcomputer.com/news/security/microsoft-exchange-updates-can-install-without-fixing-vulnerabilities/

Chrome extension turns on YouTube captions when eating noisy chips

​A new AI-powered Google Chrome extension will automatically turn on YouTube extensions if it detects you are eating noisy chips. [...]

https://www.bleepingcomputer.com/news/technology/chrome-extension-turns-on-youtube-captions-when-eating-noisy-chips/

SITA data breach affects millions of travelers from major airlines

Passenger data from multiple airlines around the world has been compromised after hackers breached servers belonging to SITA, a global information technology company. [...]

https://www.bleepingcomputer.com/news/security/sita-data-breach-affects-millions-of-travelers-from-major-airlines/

New ransomware only decrypts victims who join their Discord server

A new ransomware called 'Hog' encrypts users' devices and only decrypts them if they join the developer's Discord server. [...]

https://www.bleepingcomputer.com/news/security/new-ransomware-only-decrypts-victims-who-join-their-discord-server/