Evil Corp switches to Hades ransomware to evade sanctions

Hades ransomware has been linked to the Evil Corp cybercrime gang who uses it to evade sanctions imposed by the Treasury Department's Office of Foreign Assets Control (OFAC). [...]

https://www.bleepingcomputer.com/news/security/evil-corp-switches-to-hades-ransomware-to-evade-sanctions/

Insurance giant CNA hit by new Phoenix CryptoLocker ransomware

Insurance giant CNA has suffered a ransomware attack using a new variant called Phoenix CryptoLocker that is possibly linked to the Evil Corp hacking group. [...]

https://www.bleepingcomputer.com/news/security/insurance-giant-cna-hit-by-new-phoenix-cryptolocker-ransomware/

Windows 10 ISO installs may fail to replace Microsoft Edge Legacy

Microsoft has addressed a known issue causing the new Microsoft Edge web browser not to install from custom Windows 10 installation media including updates released on Thursday, March 25. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-iso-installs-may-fail-to-replace-microsoft-edge-legacy/

Cloudflare Page Shield: Early warning system for malicious scripts

Cloudflare has released a new feature that aims to protect websites from Magecart and other malicious JavaScript-based attacks. [...]

https://www.bleepingcomputer.com/news/security/cloudflare-page-shield-early-warning-system-for-malicious-scripts/

FBI exposes weakness in Mamba ransomware, DiskCryptor

An alert from the U.S. Federal Bureau of Investigation about Mamba ransomware reveals a weak spot in the encryption process that could help targeted organizations recover from the attack without paying the ransom. [...]

https://www.bleepingcomputer.com/news/security/fbi-exposes-weakness-in-mamba-ransomware-diskcryptor/

SolarWinds patches critical code execution bug in Orion Platform

SolarWinds has released security updates to address four vulnerabilities impacting the company's Orion IT monitoring platform, two o them allowing remote attackers to execute arbitrary code following exploitation. [...]

https://www.bleepingcomputer.com/news/security/solarwinds-patches-critical-code-execution-bug-in-orion-platform/

Microsoft releases Windows 10 SSU to fix security update issue

Microsoft has released the Windows 10 1909 KB5000850 cumulative update preview and a new KB5001205 Servicing Stack Update that resolves a Secure Boot vulnerability. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-ssu-to-fix-security-update-issue/

Microsoft: Black Kingdom ransomware hacked 1.5K Exchange servers

Microsoft has discovered web shells deployed by Black Kingdom operators on approximately 1,500 Exchange servers vulnerable to ProxyLogon attacks. [...]

https://www.bleepingcomputer.com/news/security/microsoft-black-kingdom-ransomware-hacked-15k-exchange-servers/

Apple fixes iOS zero-day vulnerability exploited in the wild

Apple has released security updates today to address an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices. [...]

https://www.bleepingcomputer.com/news/security/apple-fixes-ios-zero-day-vulnerability-exploited-in-the-wild/

German Parliament targeted again by Russian state hackers

Email accounts of multiple German Parliament members were targeted in a spearphishing attack. It is not yet known if any data was stolen during the incident. [...]

https://www.bleepingcomputer.com/news/security/german-parliament-targeted-again-by-russian-state-hackers/

Ransomware gang urges victims’ customers to fight for their privacy

A ransomware operation known as 'Clop' is applying maximum pressure on victims by emailing their customers and asking them to demand a ransom payment to protect their privacy. [...]

https://www.bleepingcomputer.com/news/security/ransomware-gang-urges-victims-customers-to-fight-for-their-privacy/

The Week in Ransomware - March 26th 2021 - Attacks increase

Ransomware attacks against the enterprise continue in the form of Accellion data leaks, full-fledged ransomware attacks, and more ransomware gangs targeting Microsoft Exchange. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-26th-2021-attacks-increase/

New Android malware spies on you while posing as a Google System Update

New malware with extensive spyware capabilities steals data from infected Android devices and is designed to automatically trigger whenever new info is read to be exfiltrated. [...]

https://www.bleepingcomputer.com/news/security/new-android-malware-spies-on-you-while-posing-as-a-google-system-update/

FatFace sends controversial data breach email after ransomware attack

British clothing brand FatFace has sent a controversial 'confidential' data breach notification to customers after suffering a ransomware attack earlier this year. [...]

https://www.bleepingcomputer.com/news/security/fatface-sends-controversial-data-breach-email-after-ransomware-attack/

Windows 95 Easter egg discovered after being hidden for 25 years

A Windows hacker has found a never-before-seen Easter egg in the Windows 95 Internet Mail application, twnty-five years after the software was released. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-95-easter-egg-discovered-after-being-hidden-for-25-years/

What's next from Microsoft, Windows 10, and Surface in 2021

In 2021, Microsoft is planning to release exciting new Surface products and software updates for Windows 10. This includes Windows 10X, Windows 10 Sun Valley Update, Windows Cloud PC, Surface Laptop 4, Surface Duo 2, and more. [...]

https://www.bleepingcomputer.com/news/microsoft/whats-next-from-microsoft-windows-10-and-surface-in-2021/

New Windows 10 File Explore icons favor design over function

Microsoft has updated the icons used in File Explorer to be the new Fluent icons, and while they look great, there is a tradeoff between design and functionality. [...]

https://www.bleepingcomputer.com/news/microsoft/new-windows-10-file-explore-icons-favor-design-over-function/

CompuCom MSP expects over $20M in losses after ransomware attack

American managed service provider CompuCom is expecting losses of over $20 million following this month's DarkSide ransomware attack that took down most of its systems. [...]

https://www.bleepingcomputer.com/news/security/compucom-msp-expects-over-20m-in-losses-after-ransomware-attack/

Take control of Windows 10 feature updates using these settings

In this article, we're highlighting two group policies that you can try to take control over Windows 10 feature updates. [...]

https://www.bleepingcomputer.com/news/microsoft/take-control-of-windows-10-feature-updates-using-these-settings/

Critical netmask networking bug impacts thousands of applications

Popular npm component netmask has a critical networking vulnerability, CVE-2021-28918. netmask is frequently used by hundreds of thousands of applications to parse IPv4 addresses and CIDR blocks or compare them. The component gets over 3 million weekly downloads, and as of today, has scored over 238 million total downloads. [...]

https://www.bleepingcomputer.com/news/security/critical-netmask-networking-bug-impacts-thousands-of-applications/

Ransomware admin is refunding victims their ransom payments

After recently announcing the end of the operation, the administrator of Ziggy ransomware is now stating that they will also give the money back. [...]

https://www.bleepingcomputer.com/news/security/ransomware-admin-is-refunding-victims-their-ransom-payments/