DDoS booters now abuse DTLS servers to amplify attacks

DDoS-for-hire services are now actively abusing misconfigured or out-of-date Datagram Transport Layer Security (D/TLS) servers to amplify Distributed Denial of Service (DDoS) attacks. [...]

https://www.bleepingcomputer.com/news/security/ddos-booters-now-abuse-dtls-servers-to-amplify-attacks/

A look at upcoming Windows 10 features you will love, or maybe hate

With the release of the latest Windows 10 preview 'Dev' build, Microsoft is offering a glimpse at some of the new features and changes they are developing. Some of these features we love, while others not so much. Below we have outlined the new changes so that you can decide on your own. [...]

https://www.bleepingcomputer.com/news/microsoft/a-look-at-upcoming-windows-10-features-you-will-love-or-maybe-hate/

Windows 10 KB5001649 update is rolling out again to fix printing

The printer fixing roller coaster continues as Microsoft is once again rolling out the KB5001649 out-of-band update to users via Windows Update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5001649-update-is-rolling-out-again-to-fix-printing/

Microsoft Exchange servers now targeted by BlackKingdom ransomware

Another ransomware operation known as 'BlackKingdom' is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers. [...]

https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-now-targeted-by-blackkingdom-ransomware/

Energy giant Shell discloses data breach after Accellion hack

Energy giant Shell has disclosed a data breach after attackers compromised the company's secure file-sharing system powered by Accellion's File Transfer Appliance (FTA). [...]

https://www.bleepingcomputer.com/news/security/energy-giant-shell-discloses-data-breach-after-accellion-hack/

Critical code execution vulnerability fixed in Adobe ColdFusion

Adobe has released out-of-band security updates to address a critical vulnerability impacting ColdFusion versions 2021, 2016, and 2018. [...]

https://www.bleepingcomputer.com/news/security/critical-code-execution-vulnerability-fixed-in-adobe-coldfusion/

Mozilla Firefox adopts new privacy-enhancing Referrer Policy

Mozilla has announced that it will introduce a more privacy-focused Referrer Policy to protect the privacy of Firefox users starting with the web browser's next version. [...]

https://www.bleepingcomputer.com/news/software/mozilla-firefox-adopts-new-privacy-enhancing-referrer-policy/

Microsoft shares workaround for 0xc004c003 Windows 10 activation errors

Microsoft has shared a workaround for customers experiencing 0xc004c003 activation failures on Windows 10, version 2004 and 20H2 devices after installing the January 2021 monthly "C" release KB4598291 preview update. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-workaround-for-0xc004c003-windows-10-activation-errors/

MangaDex manga site temporarily shut down after cyberattack

Manga scanlation giant MangaDex has been temporarily shut down after suffering a cyberattack and having its source code stolen. [...]

https://www.bleepingcomputer.com/news/security/mangadex-manga-site-temporarily-shut-down-after-cyberattack/

Microsoft releases printer fix for older Windows Versions

Microsoft has released out-of-band emergency updates for Windows 7, 8.1, Windows Server 2008, and Windows Server 2012 to fix printer issues arising from the March 2021 Patch Tuesday updates. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-printer-fix-for-older-windows-versions/

Microsoft: 92% of Exchange servers safe from ProxyLogon attacks

Roughly 92% of all Internet-connected on-premises Microsoft Exchange servers affected by the ProxyLogon vulnerabilities are now patched and safe from attacks, Microsoft said on Monday. [...]

https://www.bleepingcomputer.com/news/security/microsoft-92-percent-of-exchange-servers-safe-from-proxylogon-attacks/

Ransomware attack shuts down Sierra Wireless IoT maker

Sierra Wireless, a world-leading IoT solutions provider, today disclosed a ransomware attack that forced it to halt production at all manufacturing sites. [...]

https://www.bleepingcomputer.com/news/security/ransomware-attack-shuts-down-sierra-wireless-iot-maker/

High-availability server maker Stratus hit by ransomware

Stratus Technologies has suffered a ransomware attack that required systems to be taken offline to prevent the attack's spread. [...]

https://www.bleepingcomputer.com/news/security/high-availability-server-maker-stratus-hit-by-ransomware/

Microsoft warns of phishing attacks bypassing email gateways

An ongoing phishing operation that stole an estimated 400,000 OWA and Office 365 credentials since December has now expanded to abuse new legitimate services to bypass secure email gateways (SEGs). [...]

https://www.bleepingcomputer.com/news/security/microsoft-warns-of-phishing-attacks-bypassing-email-gateways/

Ransomware gang leaks data stolen from Colorado, Miami universities

Grades and social security numbers for students at the University of Colorado and University of Miami patient data have been posted online by the Clop ransomware group. [...]

https://www.bleepingcomputer.com/news/security/ransomware-gang-leaks-data-stolen-from-colorado-miami-universities/

Purple Fox malware worms its way into exposed Windows systems

Purple Fox, a malware previously distributed via exploit kits and phishing emails, has now added a worm module that allows it to scan for and infect Windows systems reachable over the Internet in ongoing attacks. [...]

https://www.bleepingcomputer.com/news/security/purple-fox-malware-worms-its-way-into-exposed-windows-systems/

CNA insurance firm hit by a cyberattack, operations impacted

CNA Financial, a leading US-based insurance company, has suffered a cyberattack impacting its business operations and shutting down its website. [...]

https://www.bleepingcomputer.com/news/security/cna-insurance-firm-hit-by-a-cyberattack-operations-impacted/

Resentful employee deletes 1,200 Microsoft Office 365 accounts, gets prison

A former IT consultant hacked a company in Carlsbad, California, and deleted almost all its Microsoft Office 365 accounts in an act of revenge that has brought him two years of prison time. [...]

https://www.bleepingcomputer.com/news/security/resentful-employee-deletes-1-200-microsoft-office-365-accounts-gets-prison/

Google removes privacy-focused ClearURLs Chrome extension

Google has mysteriously removed the popular browser extension ClearURLs from the Chrome Web Store.
ClearURLs is a privacy-preserving browser add-on which automatically removes tracking elements from URLs. This, according to its developer, can help protect your privacy when browsing the Internet. [...]

https://www.bleepingcomputer.com/news/security/google-removes-privacy-focused-clearurls-chrome-extension/

Slack now lets you DM people outside your company

​Slack has enabled a new 'Slack Connect' feature that allows users to send messages or create shared channels with people outside of their organization. [...]

https://www.bleepingcomputer.com/news/software/slack-now-lets-you-dm-people-outside-your-company/

Cisco addresses critical bug in Windows, macOS Jabber clients

Cisco has addressed a critical arbitrary program execution vulnerability impacting several Cisco Jabber client software for Windows, macOS, Android, and iOS. [...]

https://www.bleepingcomputer.com/news/security/cisco-addresses-critical-bug-in-windows-macos-jabber-clients/