NAME:WRECK DNS vulnerabilities affect over 100 million devices

Security researchers today disclosed nine vulnerabilities affecting implementations of the Domain Name System protocol in popular TCP/IP network communication stacks running on at least 100 million devices. [...]

https://www.bleepingcomputer.com/news/security/name-wreck-dns-vulnerabilities-affect-over-100-million-devices/

Watch out for this W-2 phishing scam targeting the 2021 tax season

With the United State tax season in high gear, threat actors have sprung into action with a recent tax document phishing scam that abuses TypeForm forms to steal your login credentials. [...]

https://www.bleepingcomputer.com/news/security/watch-out-for-this-w-2-phishing-scam-targeting-the-2021-tax-season/

Adobe fixes critical vulnerabilities in Photoshop and Digital Editions

Adobe has released security updates that address security vulnerabilities in Adobe Photoshop, Adobe Digital Editions, Adobe Bridge, and RoboHelp. [...]

https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-vulnerabilities-in-photoshop-and-digital-editions/

QBot malware is back replacing IcedID in malspam campaigns

Malware distributors are rotating payloads once again, switching between trojans that are many times an intermediary stage in a longer infection chain. [...]

https://www.bleepingcomputer.com/news/security/qbot-malware-is-back-replacing-icedid-in-malspam-campaigns/

RIP: Microsoft Edge Legacy nuked by April Windows Updates

Microsoft has confirmed that today's release of mandatory Patch Tuesday updates will automatically remove Edge Legacy and replace it with the new Chromium-based Edge. [...]

https://www.bleepingcomputer.com/news/microsoft/rip-microsoft-edge-legacy-nuked-by-april-windows-updates/

Microsoft April 2021 Patch Tuesday fixes 108 flaws, 5 zero-days

Today is Microsoft's April 2021 Patch Tuesday, and with it comes five zero-day vulnerabilities and more Critical Microsoft Exchange vulnerabilities. It has been a tough couple of months for Windows and Microsoft Exchange admins, and it looks like April won't be any easier, so please be nice to your IT staff today. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2021-patch-tuesday-fixes-108-flaws-5-zero-days/

New Linux, macOS malware hidden in fake Browserify NPM package

A new malicious package been spotted this week on the npm registry, which targets NodeJS developers using Linux and Apple macOS operating systems for its recon activities. The malicious package is called "web-browserify." It imitates the popular Browserify npm component, downloaded over 160 million times over its lifetime. [...]

https://www.bleepingcomputer.com/news/security/new-linux-macos-malware-hidden-in-fake-browserify-npm-package/

Windows 10 Cumulative Updates KB5001330 & KB5001337 released

s part of the April Patch cycle, Microsoft is rolling out a new cumulative update for all supported version of Windows, including KB5001330 for Windows 10 20H2/2004 and KB5001337 for Windows 10 1909. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-updates-kb5001330-and-kb5001337-released/

NSA discovers critical Exchange Server vulnerabilities, patch now

Microsoft today has released security updates for Exchange Server that address a set of four vulnerabilities with severity scores ranging from high to critical. [...]

https://www.bleepingcomputer.com/news/security/nsa-discovers-critical-exchange-server-vulnerabilities-patch-now/

CISA gives federal agencies until Friday to patch Exchange servers

The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to install newly released Microsoft Exchange security updates by Friday. [...]

https://www.bleepingcomputer.com/news/security/cisa-gives-federal-agencies-until-friday-to-patch-exchange-servers/

Capcom: Ransomware gang used old VPN device to breach the network

Capcom has released a new update about the ransomware attack it suffered last year, detailing how the hackers gained access to the network, compromised devices, and stole personal information belonging to thousands of individuals. [...]

https://www.bleepingcomputer.com/news/security/capcom-ransomware-gang-used-old-vpn-device-to-breach-the-network/

FBI nuked web shells from hacked Exchange Servers without telling owners

A court-approved FBI operation was conducted to remove web shells from compromised US-based Microsoft Exchange servers without first notifying the servers' owners. [...]

https://www.bleepingcomputer.com/news/security/fbi-nuked-web-shells-from-hacked-exchange-servers-without-telling-owners/

Vivaldi, Brave, DuckDuckGo reject Google's FLoC ad tracking tech

Makers of Vivaldi and Brave web browsers have rejected Google's new privacy-preserving proposal called FLoC, which is meant to replace third-party tracking cookies across websites on browsers, including Chrome. [...]

https://www.bleepingcomputer.com/news/security/vivaldi-brave-duckduckgo-reject-googles-floc-ad-tracking-tech/

Second Google Chrome zero-day exploit dropped on twitter this week

A second Chromium zero-day remote code execution exploit has been released on Twitter this week that affects current versions of Google Chrome, Microsoft Edge, and likely other Chromium-based browsers. [...]

https://www.bleepingcomputer.com/news/security/second-google-chrome-zero-day-exploit-dropped-on-twitter-this-week/

SAP fixes critical bugs in Business Client, Commerce, and NetWeaver

SAP's security updates for this month address multiple critical vulnerabilities. The most serious of them, rated with the highest severity score, affects the company's Business Client product. [...]

https://www.bleepingcomputer.com/news/security/sap-fixes-critical-bugs-in-business-client-commerce-and-netweaver/

Microsoft moves Windows 10 21H1 to the Release preview channel

Microsoft is now installing the Windows 10 21H1 build in the Release preview channel, indicating that it will likely be released later this month or in May. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-moves-windows-10-21h1-to-the-release-preview-channel/

Google Chrome 90 released with HTTPS as the default protocol

Google has released Chrome 90 today, April 14th, 2021, to the Stable desktop channel, and it includes security improvements, a new AV1 encoder, and the default protocol changed to HTTPS. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-90-released-with-https-as-the-default-protocol/

NSA: Top 5 vulnerabilities actively abused by Russian govt hackers

A joint advisory from the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) warn that the Russian Foreign Intelligence Service (SVR) is exploiting five vulnerabilities in attacks against U.S. organizations and interests. [...]

https://www.bleepingcomputer.com/news/security/nsa-top-5-vulnerabilities-actively-abused-by-russian-govt-hackers/

US government confirms Russian SVR behind the SolarWinds hack

The United States government is formally accusing the Russian government of the SolarWinds supply-chain attack that gave hackers access to the network of multiple U.S. agencies and private tech sector companies. [...]

https://www.bleepingcomputer.com/news/security/us-government-confirms-russian-svr-behind-the-solarwinds-hack/

Microsoft Edge's new Kids Mode is now rolling out to everyone

Microsoft Edge's new child-friendly 'Kids Mode' is now generally available and has begun rolling out to users in the USA. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edges-new-kids-mode-is-now-rolling-out-to-everyone/

Popular NFT marketplace Rarible targeted by scammers and malware

​Nothing attracts a scammer more than money, and with the NFT craze generating a ton of sales, threat actors are trying to capitalize on it. [...]

https://www.bleepingcomputer.com/news/microsoft/popular-nft-marketplace-rarible-targeted-by-scammers-and-malware/