How to customize your Windows 10 desktop with these free tools

With Windows, you've got an almost limitless number of free, open-source and paid apps to customize the appearance of desktop. In this article, we're going to share a list of open-source and free tools to change the desktop wallpaper animation when you move your cursor, add support for widgets, and more. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-customize-your-windows-10-desktop-with-these-free-tools/

Microsoft Office 365 gets protection against malicious XLM macros

Microsoft has added XLM macro protection for Microsoft 365 customers by expanding the runtime defense provided by Office 365's integration with Antimalware Scan Interface (AMSI) to include Excel 4.0 (XLM) macro scanning. [...]

https://www.bleepingcomputer.com/news/security/microsoft-office-365-gets-protection-against-malicious-xlm-macros/

Google's Chrome Labs makes it easier to test new browser features

Google has added a new feature to Google Chrome Canary that makes it easier for users to test new hidden features under development. [...]

https://www.bleepingcomputer.com/news/google/googles-chrome-labs-makes-it-easier-to-test-new-browser-features/

Microsoft's MSERT tool now finds web shells from Exchange Server attacks

Microsoft has pushed out a new update for their Microsoft Safety Scanner (MSERT) tool to detect web shells deployed in the recent Exchange Server attacks. [...]

https://www.bleepingcomputer.com/news/security/microsofts-msert-tool-now-finds-web-shells-from-exchange-server-attacks/

Unpatched QNAP devices are being hacked to mine cryptocurrency

Unpatched network-attached storage (NAS) devices are targeted in ongoing attacks where the attackers try to take them over and install cryptominer malware to mine for cryptocurrency. [...]

https://www.bleepingcomputer.com/news/security/unpatched-qnap-devices-are-being-hacked-to-mine-cryptocurrency/

CISA takes over .GOV top-level domain (TLD) administration

The US Cybersecurity and Infrastructure Security Agency (CISA) is taking over the administration of the.gov top-level domain (TLD) as its new policy and management authority. [...]

https://www.bleepingcomputer.com/news/security/cisa-takes-over-gov-top-level-domain-tld-administration/

Flagstar Bank hit by data breach exposing customer, employee data

US bank and mortgage lender Flagstar has disclosed a data breach after the Clop ransomware gang hacked their Accellion file transfer server in January. [...]

https://www.bleepingcomputer.com/news/security/flagstar-bank-hit-by-data-breach-exposing-customer-employee-data/

European Banking Authority discloses Exchange server hack

The European Banking Authority (EBA) took down all email systems after their Microsoft Exchange Servers were hacked as part of the ongoing attacks targeting organizations worldwide. [...]

https://www.bleepingcomputer.com/news/security/european-banking-authority-discloses-exchange-server-hack/

Google Chrome to block port 554 to stop NAT Slipstreaming attacks

Google Chrome will block the browser's access to TCP port 554 to protect against attacks using the NAT Slipstreaming 2.0 vulnerability. [...]

https://www.bleepingcomputer.com/news/security/google-chrome-to-block-port-554-to-stop-nat-slipstreaming-attacks/

Hackers hiding Supernova malware in SolarWinds Orion linked to China

Intrusion activity related to the Supernova malware planted on compromised SolarWinds Orion installations exposed on the public internet points to an espionage threat actor based in China. [...]

https://www.bleepingcomputer.com/news/security/hackers-hiding-supernova-malware-in-solarwinds-orion-linked-to-china/

Microsoft 365 adds 'External' email tags for increased security

Microsoft is working on boosting Exchange Online phishing protection capabilities by adding support for external email message tags to its cloud-based email service. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-365-adds-external-email-tags-for-increased-security/

New Sarbloh ransomware supports Indian farmers' protest

A new ransomware known as Sarbloh encrypts your files while at the same time delivering a message supporting the protests of Indian farmers. [...]

https://www.bleepingcomputer.com/news/security/new-sarbloh-ransomware-supports-indian-farmers-protest/

GitHub bug caused users to login to other user accounts

Last night, GitHub automatically logged out many users and invalidated their sessions to protect user accounts against a potentially serious security vulnerability. Earlier this month GitHub had received a report of anomalous behavior from an external party. [...]

https://www.bleepingcomputer.com/news/security/github-bug-caused-users-to-login-to-other-user-accounts/

Microsoft releases ProxyLogon updates for unsupported Exchange Servers

Microsoft has released security updates for Microsoft Exchange servers running unsupported Cumulative Update versions vulnerable to ProxyLogon attacks. [...]

https://www.bleepingcomputer.com/news/security/microsoft-releases-proxylogon-updates-for-unsupported-exchange-servers/

Security bug hunters focus on misconfigured services, earn big rewards

An overview of the hacking activity on the HackerOne vulnerability coordination and bug bounty platform shows that misconfiguration of cloud resources is quickly becoming a hot target for ethical hackers. [...]

https://www.bleepingcomputer.com/news/security/security-bug-hunters-focus-on-misconfigured-services-earn-big-rewards/

GandCrab ransomware affiliate arrested for phishing attacks

A suspected GandCrab Ransomware member was arrested in South Korea for using phishing emails to infect victims. [...]

https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-affiliate-arrested-for-phishing-attacks/

z0Miner botnet hunts for unpatched ElasticSearch, Jenkins servers

A cryptomining botnet spotted last year is now targeting and attempting to take control of Jenkins and ElasticSearch servers to mine for Monero (XMR) cryptocurrency. [...]

https://www.bleepingcomputer.com/news/security/z0miner-botnet-hunts-for-unpatched-elasticsearch-jenkins-servers/

Adobe fixes critical Creative Cloud, Adobe Connect vulnerabilities

Adobe has released security updates that fix vulnerabilities in Adobe Creative Cloud Desktop, Framemaker, and Connect.  [...]

https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-creative-cloud-adobe-connect-vulnerabilities/

Wordpress plans to drop support for Internet Explorer 11

The most well-known and popular blogging platform, WordPress, is considering dropping support for Internet Explorer 11 as the browser's usage dips below 1%. [...]

https://www.bleepingcomputer.com/news/software/wordpress-plans-to-drop-support-for-internet-explorer-11/

Microsoft shares detection, mitigation advice for Azure LoLBins

Azure LoLBins can be used by attackers to bypass network defenses, deploy cryptominers, elevate privileges, and disable real-time protection on a targeted device. [...]

https://www.bleepingcomputer.com/news/security/microsoft-shares-detection-mitigation-advice-for-azure-lolbins/

Windows 10 Cumulative Updates KB5000808 & KB5000802 released

As part of the March Patch cycle, Microsoft is rolling out a new cumulative update for all supported version of Windows. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-updates-kb5000808-and-kb5000802-released/