New Linux, macOS malware hidden in fake Browserify NPM package

A new malicious package been spotted this week on the npm registry, which targets NodeJS developers using Linux and Apple macOS operating systems for its recon activities. The malicious package is called "web-browserify." It imitates the popular Browserify npm component, downloaded over 160 million times over its lifetime. [...]

https://www.bleepingcomputer.com/news/security/new-linux-macos-malware-hidden-in-fake-browserify-npm-package/

Windows 10 Cumulative Updates KB5001330 & KB5001337 released

s part of the April Patch cycle, Microsoft is rolling out a new cumulative update for all supported version of Windows, including KB5001330 for Windows 10 20H2/2004 and KB5001337 for Windows 10 1909. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-updates-kb5001330-and-kb5001337-released/

NSA discovers critical Exchange Server vulnerabilities, patch now

Microsoft today has released security updates for Exchange Server that address a set of four vulnerabilities with severity scores ranging from high to critical. [...]

https://www.bleepingcomputer.com/news/security/nsa-discovers-critical-exchange-server-vulnerabilities-patch-now/

CISA gives federal agencies until Friday to patch Exchange servers

The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to install newly released Microsoft Exchange security updates by Friday. [...]

https://www.bleepingcomputer.com/news/security/cisa-gives-federal-agencies-until-friday-to-patch-exchange-servers/

Capcom: Ransomware gang used old VPN device to breach the network

Capcom has released a new update about the ransomware attack it suffered last year, detailing how the hackers gained access to the network, compromised devices, and stole personal information belonging to thousands of individuals. [...]

https://www.bleepingcomputer.com/news/security/capcom-ransomware-gang-used-old-vpn-device-to-breach-the-network/

FBI nuked web shells from hacked Exchange Servers without telling owners

A court-approved FBI operation was conducted to remove web shells from compromised US-based Microsoft Exchange servers without first notifying the servers' owners. [...]

https://www.bleepingcomputer.com/news/security/fbi-nuked-web-shells-from-hacked-exchange-servers-without-telling-owners/

Vivaldi, Brave, DuckDuckGo reject Google's FLoC ad tracking tech

Makers of Vivaldi and Brave web browsers have rejected Google's new privacy-preserving proposal called FLoC, which is meant to replace third-party tracking cookies across websites on browsers, including Chrome. [...]

https://www.bleepingcomputer.com/news/security/vivaldi-brave-duckduckgo-reject-googles-floc-ad-tracking-tech/

Second Google Chrome zero-day exploit dropped on twitter this week

A second Chromium zero-day remote code execution exploit has been released on Twitter this week that affects current versions of Google Chrome, Microsoft Edge, and likely other Chromium-based browsers. [...]

https://www.bleepingcomputer.com/news/security/second-google-chrome-zero-day-exploit-dropped-on-twitter-this-week/

SAP fixes critical bugs in Business Client, Commerce, and NetWeaver

SAP's security updates for this month address multiple critical vulnerabilities. The most serious of them, rated with the highest severity score, affects the company's Business Client product. [...]

https://www.bleepingcomputer.com/news/security/sap-fixes-critical-bugs-in-business-client-commerce-and-netweaver/

Microsoft moves Windows 10 21H1 to the Release preview channel

Microsoft is now installing the Windows 10 21H1 build in the Release preview channel, indicating that it will likely be released later this month or in May. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-moves-windows-10-21h1-to-the-release-preview-channel/

Google Chrome 90 released with HTTPS as the default protocol

Google has released Chrome 90 today, April 14th, 2021, to the Stable desktop channel, and it includes security improvements, a new AV1 encoder, and the default protocol changed to HTTPS. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-90-released-with-https-as-the-default-protocol/

NSA: Top 5 vulnerabilities actively abused by Russian govt hackers

A joint advisory from the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) warn that the Russian Foreign Intelligence Service (SVR) is exploiting five vulnerabilities in attacks against U.S. organizations and interests. [...]

https://www.bleepingcomputer.com/news/security/nsa-top-5-vulnerabilities-actively-abused-by-russian-govt-hackers/

US government confirms Russian SVR behind the SolarWinds hack

The United States government is formally accusing the Russian government of the SolarWinds supply-chain attack that gave hackers access to the network of multiple U.S. agencies and private tech sector companies. [...]

https://www.bleepingcomputer.com/news/security/us-government-confirms-russian-svr-behind-the-solarwinds-hack/

Microsoft Edge's new Kids Mode is now rolling out to everyone

Microsoft Edge's new child-friendly 'Kids Mode' is now generally available and has begun rolling out to users in the USA. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edges-new-kids-mode-is-now-rolling-out-to-everyone/

Popular NFT marketplace Rarible targeted by scammers and malware

​Nothing attracts a scammer more than money, and with the NFT craze generating a ton of sales, threat actors are trying to capitalize on it. [...]

https://www.bleepingcomputer.com/news/microsoft/popular-nft-marketplace-rarible-targeted-by-scammers-and-malware/

Amazon drops Firefox support on Fire TV in favor of Silk browser

This month, Amazon has announced plans to phase out support for the Mozilla Firefox web browser app on its Fire TV product line. The company has decided to no longer support the Mozilla Firefox browser in a bid to promote its Amazon Silk web browser app to customers, effective at the end of this month. [...]

https://www.bleepingcomputer.com/news/security/amazon-drops-firefox-support-on-fire-tv-in-favor-of-silk-browser/

Celsius email system breach leads to phishing attack on customers

Cryptocurrency rewards platform Celsius Network has disclosed a security breach exposing customer information that led to a phishing attack. [...]

https://www.bleepingcomputer.com/news/security/celsius-email-system-breach-leads-to-phishing-attack-on-customers/

Windows Terminal released with new settings UI and more

Microsoft has released Windows Terminal 1.7 and Windows Terminal Preview 1.8 with some long-awaited features and improvements. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-terminal-released-with-new-settings-ui-and-more/

HackBoss malware poses as hacker tools on Telegram to steal digital coins

The authors of a cryptocurrency-stealing malware are distributing it over Telegram to aspiring cybercriminals under the guise of free malicious applications. [...]

https://www.bleepingcomputer.com/news/security/hackboss-malware-poses-as-hacker-tools-on-telegram-to-steal-digital-coins/

Amex cards removed from Google Pay due to expired certificate

An expired certificate has led to the repeated removal of linked American Express credit cards from user's Google Pay accounts. [...]

https://www.bleepingcomputer.com/news/google/amex-cards-removed-from-google-pay-due-to-expired-certificate/

Popular Codecov code coverage tool hacked to steal dev credentials

Codecov online platform for hosted code testing reports and statistics announced on Thursday that a threat actor had modified its Bash Uploader script, exposing sensitive information in customers' continuous integration (CI) environment. [...]

https://www.bleepingcomputer.com/news/security/popular-codecov-code-coverage-tool-hacked-to-steal-dev-credentials/