Take control of Windows 10 feature updates using these settings

In this article, we're highlighting two group policies that you can try to take control over Windows 10 feature updates. [...]

https://www.bleepingcomputer.com/news/microsoft/take-control-of-windows-10-feature-updates-using-these-settings/

Critical netmask networking bug impacts thousands of applications

Popular npm component netmask has a critical networking vulnerability, CVE-2021-28918. netmask is frequently used by hundreds of thousands of applications to parse IPv4 addresses and CIDR blocks or compare them. The component gets over 3 million weekly downloads, and as of today, has scored over 238 million total downloads. [...]

https://www.bleepingcomputer.com/news/security/critical-netmask-networking-bug-impacts-thousands-of-applications/

Ransomware admin is refunding victims their ransom payments

After recently announcing the end of the operation, the administrator of Ziggy ransomware is now stating that they will also give the money back. [...]

https://www.bleepingcomputer.com/news/security/ransomware-admin-is-refunding-victims-their-ransom-payments/

PHP's Git server hacked to add backdoors to PHP source code

In the latest software supply chain attack, the official PHP Git repository was hacked and tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository maintained by the PHP team on their git.php.net server. The threat actors had signed off on these commits as if they were made by known PHP developers. [...]

https://www.bleepingcomputer.com/news/security/phps-git-server-hacked-to-add-backdoors-to-php-source-code/

Harris Federation hit by ransomware attack affecting 50 schools

The IT systems and email servers of London-based nonprofit multi-academy trust Harris Federation were taken down by a ransomware attack on Saturday. [...]

https://www.bleepingcomputer.com/news/security/harris-federation-hit-by-ransomware-attack-affecting-50-schools/

Docker Hub images downloaded 20M times come with cryptominers

Researchers found that more than two-dozen containers on Docker Hub have been downloaded more than 20 million times for cryptojacking operations spanning at least two years. [...]

https://www.bleepingcomputer.com/news/security/docker-hub-images-downloaded-20m-times-come-with-cryptominers/

Windows 10 is getting OEMDRIVERS, a folder for third-party drivers

Microsoft is adding a dedicated OEMDRIVERS folder to Windows 10 that will be used to store third-party drivers. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-is-getting-oemdrivers-a-folder-for-third-party-drivers/

Microsoft working to fix Windows 10 21H1 update install issue

Microsoft is working to fix an issue causing a recently released Windows 10 21H1 build to fail to install for customers enrolled in the Windows Insider program. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-working-to-fix-windows-10-21h1-update-install-issue/

Windows 10 KB5000842 cumulative update fixes freezing issues

Microsoft has released the KB5000842 non-security preview update for all editions of Windows 10, version 20H2, and Windows 10, version 2004, with fixes for system freezing and activation issues. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5000842-cumulative-update-fixes-freezing-issues/

Microsoft Exchange attacks increase while WannaCry gets a restart

The recently patched vulnerabilities in Microsoft Exchange have sparked new interest among cybercriminals, who increased the volume of attacks focusing on this particular vector. [...]

https://www.bleepingcomputer.com/news/security/microsoft-exchange-attacks-increase-while-wannacry-gets-a-restart/

Leading Indian fintech platform MobiKwik denies data breach

Indian digital financial services platform Mobikwik denies claims that almost 8 TB of data put up for sale was allegedly stolen from its servers. [...]

https://www.bleepingcomputer.com/news/security/leading-indian-fintech-platform-mobikwik-denies-data-breach/

Scammers target universities in ongoing IRS phishing attacks

The Internal Revenue Service (IRS) is warning of ongoing phishing attacks impersonating the IRS and targeting educational institutions. [...]

https://www.bleepingcomputer.com/news/security/scammers-target-universities-in-ongoing-irs-phishing-attacks/

VMware fixes bug allowing attackers to steal admin credentials

VMware has published security updates to address a high severity vulnerability in vRealize Operations that could allow attackers to steal admin credentials after exploiting vulnerable servers. [...]

https://www.bleepingcomputer.com/news/security/vmware-fixes-bug-allowing-attackers-to-steal-admin-credentials/

US govt warns that buying fake COVID-19 vaccine cards is a crime

US federal agencies have warned today against making or selling fake COVID-19 vaccination record cards as this is breaking the law. [...]

https://www.bleepingcomputer.com/news/security/us-govt-warns-that-buying-fake-covid-19-vaccine-cards-is-a-crime/

Google Chrome for Linux is getting DNS-over-HTTPS, but there's a catch

Google Chrome developers have announced plans to roll out DNS-over-HTTPS (DoH) support to Chrome web browser for Linux. DoH has been supported on Google Chrome for other platforms, including Android, since at least 2020. But, there's a catch. [...]

https://www.bleepingcomputer.com/news/security/google-chrome-for-linux-is-getting-dns-over-https-but-theres-a-catch/

Fake jQuery files infect WordPress sites with malware

Researchers have spotted counterfeit versions of the jQuery Migrate plugin injected on dozens of websites which contains obfuscated code to load malware. These files are named jquery-migrate.js & jquery-migrate.min.js and present at the exact locations where JavaScript files are normally present on WordPress sites but are malicious. [...]

https://www.bleepingcomputer.com/news/security/fake-jquery-files-infect-wordpress-sites-with-malware/

Scammers steal New Yorkers' private info for benefits fraud

New York's Department of Financial Services (DFS) warns of an ongoing series of attacks resulting in the theft of personal information belonging to hundreds of thousands of New Yorkers. [...]

https://www.bleepingcomputer.com/news/security/scammers-steal-new-yorkers-private-info-for-benefits-fraud/

Malware hidden in game cheats and mods used to target gamers

Threat actors target gamers with backdoored game tweaks and cheats hiding malware capable of stealing information from their systems after infection. [...]

https://www.bleepingcomputer.com/news/security/malware-hidden-in-game-cheats-and-mods-used-to-target-gamers/

BazarCall malware uses malicious call centers to infect victims

For the past two months, security researchers have been waging an online battle against a new 'BazarCall' malware that uses call centers to distribute some of the most damaging Windows malware. [...]

https://www.bleepingcomputer.com/news/security/bazarcall-malware-uses-malicious-call-centers-to-infect-victims/

Google: North Korean hackers target security researchers again

Google's Threat Analysis Group (TAG) says that North Korean government-sponsored hackers are once again targeting security researchers using fake Twitter and LinkedIn social media accounts. [...]

https://www.bleepingcomputer.com/news/security/google-north-korean-hackers-target-security-researchers-again/

CISA gives federal agencies 5 days to find hacked Exchange servers

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to scan their networks again for any signs of compromised on-premises Microsoft Exchange servers and report their findings within five days. [...]

https://www.bleepingcomputer.com/news/security/cisa-gives-federal-agencies-5-days-to-find-hacked-exchange-servers/