z0Miner botnet hunts for unpatched ElasticSearch, Jenkins servers

A cryptomining botnet spotted last year is now targeting and attempting to take control of Jenkins and ElasticSearch servers to mine for Monero (XMR) cryptocurrency. [...]

https://www.bleepingcomputer.com/news/security/z0miner-botnet-hunts-for-unpatched-elasticsearch-jenkins-servers/

Adobe fixes critical Creative Cloud, Adobe Connect vulnerabilities

Adobe has released security updates that fix vulnerabilities in Adobe Creative Cloud Desktop, Framemaker, and Connect.  [...]

https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-creative-cloud-adobe-connect-vulnerabilities/

Wordpress plans to drop support for Internet Explorer 11

The most well-known and popular blogging platform, WordPress, is considering dropping support for Internet Explorer 11 as the browser's usage dips below 1%. [...]

https://www.bleepingcomputer.com/news/software/wordpress-plans-to-drop-support-for-internet-explorer-11/

Microsoft shares detection, mitigation advice for Azure LoLBins

Azure LoLBins can be used by attackers to bypass network defenses, deploy cryptominers, elevate privileges, and disable real-time protection on a targeted device. [...]

https://www.bleepingcomputer.com/news/security/microsoft-shares-detection-mitigation-advice-for-azure-lolbins/

Windows 10 Cumulative Updates KB5000808 & KB5000802 released

As part of the March Patch cycle, Microsoft is rolling out a new cumulative update for all supported version of Windows. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-updates-kb5000808-and-kb5000802-released/

Microsoft March 2021 Patch Tuesday fixes 82 flaws, 2 zero-days

Today is Microsoft's March 2021 Patch Tuesday, and with admins already struggling with Microsoft Exchange updates and hacked servers, please be nice to your IT staff today. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2021-patch-tuesday-fixes-82-flaws-2-zero-days/

US seizes more domains used in COVID-19 vaccine phishing attacks

The US Department of Justice has seized a fifth domain name used to impersonate the official site of a biotechnology company involved in COVID-19 vaccine development. [...]

https://www.bleepingcomputer.com/news/security/us-seizes-more-domains-used-in-covid-19-vaccine-phishing-attacks/

Hackers access surveillance cameras at Tesla, Cloudflare, banks, more

Hackers gained access to live surveillance cameras installed at Tesla, Equinox, healthcare clinics, jails, and banks, including the Bank of Utah. [...]

https://www.bleepingcomputer.com/news/security/hackers-access-surveillance-cameras-at-tesla-cloudflare-banks-more/

iPhone Call Recorder bug gave acess to other people's conversations

An iOS call recording app patched a security vulnerability that gave anyone access to the conversations of thousands of users by simply providing the correct phone numbers. [...]

https://www.bleepingcomputer.com/news/security/iphone-call-recorder-bug-gave-acess-to-other-peoples-conversations/

Microsoft Edge Legacy will now prompt you to install Chromium Edge

Microsoft Edge Legacy has officially reached the end of life today, and starting tomorrow, the web browser will begin displaying notifications telling users to switch to the new Chromium-based Microsoft Edge. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-legacy-will-now-prompt-you-to-install-chromium-edge/

OVH data center burns down knocking major sites offline

In a major unprecedented incident, data centers for OVH located in Strasbourg, France have been destroyed by fire. Customers are being advised by the company to enact their disaster recovery plans after the fire has rendered multiple data centers unserviceable, impacting websites around the world.  [...]

https://www.bleepingcomputer.com/news/technology/ovh-data-center-burns-down-knocking-major-sites-offline/

Ryuk ransomware hits 700 Spanish government labor agency offices

The systems of SEPE, the Spanish government agency for labor, were taken down following a ransomware attack that hit more than 700 agency offices across Spain. [...]

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-hits-700-spanish-government-labor-agency-offices/

More hacking groups join Microsoft Exchange attack frenzy

More state-sponsored hacking groups have joined the ongoing attacks targeting tens of thousands of on-premises Exchange servers impacted by severe vulnerabilities tracked as ProxyLogon. [...]

https://www.bleepingcomputer.com/news/security/more-hacking-groups-join-microsoft-exchange-attack-frenzy/

Norway parliament data stolen in Microsoft Exchange attack

Norway's parliament, the Storting, has suffered another cyberattack after threat actors stole data using the recently disclosed Microsoft Exchange vulnerabilities. [...]

https://www.bleepingcomputer.com/news/security/norway-parliament-data-stolen-in-microsoft-exchange-attack/

F5 urges customers to patch 4 critical BIG-IP pre-auth RCE bugs

F5 Networks, a leading provider of enterprise networking gear, has announced four critical remote code execution (RCE) vulnerabilities affecting most versions of BIG-IP and BIG-IQ software. [...]

https://www.bleepingcomputer.com/news/security/f5-urges-customers-to-patch-4-critical-big-ip-pre-auth-rce-bugs/

Windows 10 crashes when printing due to Microsoft March updates

Microsoft has pulled the Windows 10 10 KB5000802 and KB5000808 cumulative updates afters users began reporting Blue Screen of Death crashes when printing to network printers. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-crashes-when-printing-due-to-microsoft-march-updates/

Europol 'unlocks' encrypted Sky ECC chat service to make arrests

European law enforcement authorities have made a large number of arrests after a joint operation involving the monitoring of organized crime communication channels over the Sky ECC encrypted chat. [...]

https://www.bleepingcomputer.com/news/security/europol-unlocks-encrypted-sky-ecc-chat-service-to-make-arrests/

Linux Foundation unveils Sigstore — a Let's Encrypt for code signing

The Linux Foundation, Red Hat, Google, and Purdue have unveiled the free 'sigstore' service that lets developers code-sign and verify open source software to prevent supply-chain attacks. [...]

https://www.bleepingcomputer.com/news/software/linux-foundation-unveils-sigstore-a-lets-encrypt-for-code-signing/

Microsoft confirms Windows 10 crash issue due to March updates

Microsoft has confirmed that Windows 10 devices might crash with a Blue Screen of Death (BSOD) when printing under certain conditions after applying the March KB5000802 cumulative update. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-windows-10-crash-issue-due-to-march-updates/

Chinese state hackers target Linux systems with new malware

Security researchers at Intezer have discovered a previously undocumented backdoor dubbed RedXOR, with links to a Chinese-sponsored hacking group and used in ongoing attacks targeting Linux systems. [...]

https://www.bleepingcomputer.com/news/security/chinese-state-hackers-target-linux-systems-with-new-malware/

CISA: No federal civilian agency hacked in Exchange attacks, so far

CISA officials said that, so far, there is no evidence of US federal civilian agencies compromised during ongoing attacks targeting Microsoft Exchange servers. [...]

https://www.bleepingcomputer.com/news/security/cisa-no-federal-civilian-agency-hacked-in-exchange-attacks-so-far/