GitHub bug caused users to login to other user accounts

Last night, GitHub automatically logged out many users and invalidated their sessions to protect user accounts against a potentially serious security vulnerability. Earlier this month GitHub had received a report of anomalous behavior from an external party. [...]

https://www.bleepingcomputer.com/news/security/github-bug-caused-users-to-login-to-other-user-accounts/

Microsoft releases ProxyLogon updates for unsupported Exchange Servers

Microsoft has released security updates for Microsoft Exchange servers running unsupported Cumulative Update versions vulnerable to ProxyLogon attacks. [...]

https://www.bleepingcomputer.com/news/security/microsoft-releases-proxylogon-updates-for-unsupported-exchange-servers/

Security bug hunters focus on misconfigured services, earn big rewards

An overview of the hacking activity on the HackerOne vulnerability coordination and bug bounty platform shows that misconfiguration of cloud resources is quickly becoming a hot target for ethical hackers. [...]

https://www.bleepingcomputer.com/news/security/security-bug-hunters-focus-on-misconfigured-services-earn-big-rewards/

GandCrab ransomware affiliate arrested for phishing attacks

A suspected GandCrab Ransomware member was arrested in South Korea for using phishing emails to infect victims. [...]

https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-affiliate-arrested-for-phishing-attacks/

z0Miner botnet hunts for unpatched ElasticSearch, Jenkins servers

A cryptomining botnet spotted last year is now targeting and attempting to take control of Jenkins and ElasticSearch servers to mine for Monero (XMR) cryptocurrency. [...]

https://www.bleepingcomputer.com/news/security/z0miner-botnet-hunts-for-unpatched-elasticsearch-jenkins-servers/

Adobe fixes critical Creative Cloud, Adobe Connect vulnerabilities

Adobe has released security updates that fix vulnerabilities in Adobe Creative Cloud Desktop, Framemaker, and Connect.  [...]

https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-creative-cloud-adobe-connect-vulnerabilities/

Wordpress plans to drop support for Internet Explorer 11

The most well-known and popular blogging platform, WordPress, is considering dropping support for Internet Explorer 11 as the browser's usage dips below 1%. [...]

https://www.bleepingcomputer.com/news/software/wordpress-plans-to-drop-support-for-internet-explorer-11/

Microsoft shares detection, mitigation advice for Azure LoLBins

Azure LoLBins can be used by attackers to bypass network defenses, deploy cryptominers, elevate privileges, and disable real-time protection on a targeted device. [...]

https://www.bleepingcomputer.com/news/security/microsoft-shares-detection-mitigation-advice-for-azure-lolbins/

Windows 10 Cumulative Updates KB5000808 & KB5000802 released

As part of the March Patch cycle, Microsoft is rolling out a new cumulative update for all supported version of Windows. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-updates-kb5000808-and-kb5000802-released/

Microsoft March 2021 Patch Tuesday fixes 82 flaws, 2 zero-days

Today is Microsoft's March 2021 Patch Tuesday, and with admins already struggling with Microsoft Exchange updates and hacked servers, please be nice to your IT staff today. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2021-patch-tuesday-fixes-82-flaws-2-zero-days/

US seizes more domains used in COVID-19 vaccine phishing attacks

The US Department of Justice has seized a fifth domain name used to impersonate the official site of a biotechnology company involved in COVID-19 vaccine development. [...]

https://www.bleepingcomputer.com/news/security/us-seizes-more-domains-used-in-covid-19-vaccine-phishing-attacks/

Hackers access surveillance cameras at Tesla, Cloudflare, banks, more

Hackers gained access to live surveillance cameras installed at Tesla, Equinox, healthcare clinics, jails, and banks, including the Bank of Utah. [...]

https://www.bleepingcomputer.com/news/security/hackers-access-surveillance-cameras-at-tesla-cloudflare-banks-more/

iPhone Call Recorder bug gave acess to other people's conversations

An iOS call recording app patched a security vulnerability that gave anyone access to the conversations of thousands of users by simply providing the correct phone numbers. [...]

https://www.bleepingcomputer.com/news/security/iphone-call-recorder-bug-gave-acess-to-other-peoples-conversations/

Microsoft Edge Legacy will now prompt you to install Chromium Edge

Microsoft Edge Legacy has officially reached the end of life today, and starting tomorrow, the web browser will begin displaying notifications telling users to switch to the new Chromium-based Microsoft Edge. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-legacy-will-now-prompt-you-to-install-chromium-edge/

OVH data center burns down knocking major sites offline

In a major unprecedented incident, data centers for OVH located in Strasbourg, France have been destroyed by fire. Customers are being advised by the company to enact their disaster recovery plans after the fire has rendered multiple data centers unserviceable, impacting websites around the world.  [...]

https://www.bleepingcomputer.com/news/technology/ovh-data-center-burns-down-knocking-major-sites-offline/

Ryuk ransomware hits 700 Spanish government labor agency offices

The systems of SEPE, the Spanish government agency for labor, were taken down following a ransomware attack that hit more than 700 agency offices across Spain. [...]

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-hits-700-spanish-government-labor-agency-offices/

More hacking groups join Microsoft Exchange attack frenzy

More state-sponsored hacking groups have joined the ongoing attacks targeting tens of thousands of on-premises Exchange servers impacted by severe vulnerabilities tracked as ProxyLogon. [...]

https://www.bleepingcomputer.com/news/security/more-hacking-groups-join-microsoft-exchange-attack-frenzy/

Norway parliament data stolen in Microsoft Exchange attack

Norway's parliament, the Storting, has suffered another cyberattack after threat actors stole data using the recently disclosed Microsoft Exchange vulnerabilities. [...]

https://www.bleepingcomputer.com/news/security/norway-parliament-data-stolen-in-microsoft-exchange-attack/

F5 urges customers to patch 4 critical BIG-IP pre-auth RCE bugs

F5 Networks, a leading provider of enterprise networking gear, has announced four critical remote code execution (RCE) vulnerabilities affecting most versions of BIG-IP and BIG-IQ software. [...]

https://www.bleepingcomputer.com/news/security/f5-urges-customers-to-patch-4-critical-big-ip-pre-auth-rce-bugs/

Windows 10 crashes when printing due to Microsoft March updates

Microsoft has pulled the Windows 10 10 KB5000802 and KB5000808 cumulative updates afters users began reporting Blue Screen of Death crashes when printing to network printers. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-crashes-when-printing-due-to-microsoft-march-updates/

Europol 'unlocks' encrypted Sky ECC chat service to make arrests

European law enforcement authorities have made a large number of arrests after a joint operation involving the monitoring of organized crime communication channels over the Sky ECC encrypted chat. [...]

https://www.bleepingcomputer.com/news/security/europol-unlocks-encrypted-sky-ecc-chat-service-to-make-arrests/