CNA insurance firm hit by a cyberattack, operations impacted

CNA Financial, a leading US-based insurance company, has suffered a cyberattack impacting its business operations and shutting down its website. [...]

https://www.bleepingcomputer.com/news/security/cna-insurance-firm-hit-by-a-cyberattack-operations-impacted/

Resentful employee deletes 1,200 Microsoft Office 365 accounts, gets prison

A former IT consultant hacked a company in Carlsbad, California, and deleted almost all its Microsoft Office 365 accounts in an act of revenge that has brought him two years of prison time. [...]

https://www.bleepingcomputer.com/news/security/resentful-employee-deletes-1-200-microsoft-office-365-accounts-gets-prison/

Google removes privacy-focused ClearURLs Chrome extension

Google has mysteriously removed the popular browser extension ClearURLs from the Chrome Web Store.
ClearURLs is a privacy-preserving browser add-on which automatically removes tracking elements from URLs. This, according to its developer, can help protect your privacy when browsing the Internet. [...]

https://www.bleepingcomputer.com/news/security/google-removes-privacy-focused-clearurls-chrome-extension/

Slack now lets you DM people outside your company

​Slack has enabled a new 'Slack Connect' feature that allows users to send messages or create shared channels with people outside of their organization. [...]

https://www.bleepingcomputer.com/news/software/slack-now-lets-you-dm-people-outside-your-company/

Cisco addresses critical bug in Windows, macOS Jabber clients

Cisco has addressed a critical arbitrary program execution vulnerability impacting several Cisco Jabber client software for Windows, macOS, Android, and iOS. [...]

https://www.bleepingcomputer.com/news/security/cisco-addresses-critical-bug-in-windows-macos-jabber-clients/

Google Chrome will use HTTPS as default navigation protocol

Google Chrome will switch to choosing HTTPS as the default protocol for all URLs typed in the address bar, starting with the web browser's next stable version. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-will-use-https-as-default-navigation-protocol/

Microsoft fixes Windows PSExec privilege elevation vulnerability

Microsoft has fixed a vulnerability in the PsExec utility that allows local users to gain elevated privileges on Windows devices. [...]

https://www.bleepingcomputer.com/news/security/microsoft-fixes-windows-psexec-privilege-elevation-vulnerability/

Facebook blocks Chinese state hackers targeting Uyghur activists

Facebook took down accounts used by a Chinese-sponsored hacking group to deploy surveillance malware on devices used by Uyghurs activists, journalists, and dissidents living outside China. [...]

https://www.bleepingcomputer.com/news/security/facebook-blocks-chinese-state-hackers-targeting-uyghur-activists/

Microsoft improves Windows Sandbox in latest Windows 10 build

The Windows Sandbox and the Microsoft Defender Application Guard (WDAG) now launch faster in Windows 10 after installing the Insider Preview Build 21343 for Windows Insiders in the Dev Channel. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-improves-windows-sandbox-in-latest-windows-10-build/

Engineer reports data leak to Apperta, hears from the police

A security engineer and ex-contributor to the open systems non-profit organization, Apperta Foundation, recently reported a data leak to them. In return, he gets contacted by their lawyers and eventually the police. [...]

https://www.bleepingcomputer.com/news/security/engineer-reports-data-leak-to-apperta-hears-from-the-police/

BackBlaze mistakenly shared backup metadata with Facebook

Backblaze has removed Facebook tracking code (also known as an advertising pixel) accidentally added to web UI pages only accessible to logged-in customers. [...]

https://www.bleepingcomputer.com/news/security/backblaze-mistakenly-shared-backup-metadata-with-facebook/

QNAP warns of ongoing brute-force attacks against NAS devices

QNAP warns customers of ongoing attacks targeting QNAP NAS (network-attached storage) devices and urges them to immediately take action to mitigate them. [...]

https://www.bleepingcomputer.com/news/security/qnap-warns-of-ongoing-brute-force-attacks-against-nas-devices/

OpenSSL fixes severe DoS, certificate validation vulnerabilities

OpenSSL has patched two high severity vulnerabilities. These include a Denial of Service (DoS) vulnerability (CVE-2021-3449) and an improper CA certificate validation issue (CVE-2021-3450). [...]

https://www.bleepingcomputer.com/news/security/openssl-fixes-severe-dos-certificate-validation-vulnerabilities/

Evil Corp switches to Hades ransomware to evade sanctions

Hades ransomware has been linked to the Evil Corp cybercrime gang who uses it to evade sanctions imposed by the Treasury Department's Office of Foreign Assets Control (OFAC). [...]

https://www.bleepingcomputer.com/news/security/evil-corp-switches-to-hades-ransomware-to-evade-sanctions/

Insurance giant CNA hit by new Phoenix CryptoLocker ransomware

Insurance giant CNA has suffered a ransomware attack using a new variant called Phoenix CryptoLocker that is possibly linked to the Evil Corp hacking group. [...]

https://www.bleepingcomputer.com/news/security/insurance-giant-cna-hit-by-new-phoenix-cryptolocker-ransomware/

Windows 10 ISO installs may fail to replace Microsoft Edge Legacy

Microsoft has addressed a known issue causing the new Microsoft Edge web browser not to install from custom Windows 10 installation media including updates released on Thursday, March 25. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-iso-installs-may-fail-to-replace-microsoft-edge-legacy/

Cloudflare Page Shield: Early warning system for malicious scripts

Cloudflare has released a new feature that aims to protect websites from Magecart and other malicious JavaScript-based attacks. [...]

https://www.bleepingcomputer.com/news/security/cloudflare-page-shield-early-warning-system-for-malicious-scripts/

FBI exposes weakness in Mamba ransomware, DiskCryptor

An alert from the U.S. Federal Bureau of Investigation about Mamba ransomware reveals a weak spot in the encryption process that could help targeted organizations recover from the attack without paying the ransom. [...]

https://www.bleepingcomputer.com/news/security/fbi-exposes-weakness-in-mamba-ransomware-diskcryptor/

SolarWinds patches critical code execution bug in Orion Platform

SolarWinds has released security updates to address four vulnerabilities impacting the company's Orion IT monitoring platform, two o them allowing remote attackers to execute arbitrary code following exploitation. [...]

https://www.bleepingcomputer.com/news/security/solarwinds-patches-critical-code-execution-bug-in-orion-platform/

Microsoft releases Windows 10 SSU to fix security update issue

Microsoft has released the Windows 10 1909 KB5000850 cumulative update preview and a new KB5001205 Servicing Stack Update that resolves a Secure Boot vulnerability. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-ssu-to-fix-security-update-issue/

Microsoft: Black Kingdom ransomware hacked 1.5K Exchange servers

Microsoft has discovered web shells deployed by Black Kingdom operators on approximately 1,500 Exchange servers vulnerable to ProxyLogon attacks. [...]

https://www.bleepingcomputer.com/news/security/microsoft-black-kingdom-ransomware-hacked-15k-exchange-servers/