Windows 10 feature update: Here's what to expect in the next release

With Windows 10 Sun Valley update, we're expecting new features for Start Menu, Taskbar, Action Center (notification center), File Explorer, and more. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-feature-update-heres-what-to-expect-in-the-next-release/

Rogers is down: Canadian users report voice and data outages

​​Rogers is currently affected by a nationwide outage in Canada that prevents customers from accessing wireless voice and data services. [...]

https://www.bleepingcomputer.com/news/mobile/rogers-is-down-canadian-users-report-voice-and-data-outages/

Microsoft disables Google's FLoC tracking in Microsoft Edge, for now

Microsoft has disabled Google's controversial FLoC browser-based tracking feature in their Chromium-based Microsoft Edge browser. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-googles-floc-tracking-in-microsoft-edge-for-now/

Windows 10's multitasking feature is getting downgraded

In 2018, Microsoft introduced a multitasking feature called "Windows Timeline" that lets you see a timeline of activities that you performed in Windows 10 including the webpages you visited, documents you created/opened, photos you added, and more. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10s-multitasking-feature-is-getting-downgraded/

Google Alerts continues to be a hotbed of scams and malware

Google Alerts continues to be a hotbed of scams and malware that threat actors are increasingly abusing to promote malicious websites. [...]

https://www.bleepingcomputer.com/news/security/google-alerts-continues-to-be-a-hotbed-of-scams-and-malware/

Geico data breach exposed customers' driver's license numbers

Car insurance provider Geico has suffered a data breach where threat actors stole the driver's licenses for policyholders for over a month. [...]

https://www.bleepingcomputer.com/news/security/geico-data-breach-exposed-customers-drivers-license-numbers/

Microsoft's Windows 10 taskbar news feed ported to older versions

Microsoft is backporting their upcoming Windows 10 News and Interests taskbar feature to Windows 10 20H2 and Windows 10 21H1, allowing far more people to access the new feature. [...]

https://www.bleepingcomputer.com/news/microsoft/microsofts-windows-10-taskbar-news-feed-ported-to-older-versions/

North Korean hackers adapt web skimming for stealing Bitcoin

Hackers linked with the North Korean government applied the web skimming technique to steal cryptocurrency in a previously undocumented campaign that started early last year, researchers say. [...]

https://www.bleepingcomputer.com/news/security/north-korean-hackers-adapt-web-skimming-for-stealing-bitcoin/

Hundreds of customer networks hacked in Codecov supply-chain attack

More details have emerged on the recent Codecov system breach which is being likened to the SolarWinds hack. Sources state hundreds of customer networks have been breached in the incident, expanding the scope of this system breach to beyond just Codecov's systems. [...]

https://www.bleepingcomputer.com/news/security/hundreds-of-customer-networks-hacked-in-codecov-supply-chain-attack/

Fake Microsoft Store, Spotify sites spread info-stealing malware

Attackers are promoting sites impersonating the Microsoft Store, Spotify, and an online document converter that distribute malware to steal credit cards and passwords saved in web browsers. [...]

https://www.bleepingcomputer.com/news/security/fake-microsoft-store-spotify-sites-spread-info-stealing-malware/

Pulse Secure VPN zero-day used to hack defense firms, govt orgs

Pulse Secure has shared mitigation measures for a zero-day authentication bypass vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance actively exploited against US Defense Industrial base (DIB) networks and worldwide organizations. [...]

https://www.bleepingcomputer.com/news/security/pulse-secure-vpn-zero-day-used-to-hack-defense-firms-govt-orgs/

Microsoft partially fixes Windows 7, Server 2008 vulnerability

Microsoft has silently issued a partial fix for a local privilege escalation (LPE) vulnerability impacting all Windows 7 and Server 2008 R2 devices. [...]

https://www.bleepingcomputer.com/news/security/microsoft-partially-fixes-windows-7-server-2008-vulnerability/

Eversource Energy data breach caused by unsecured cloud storage

Eversource, the largest power supplier in New England, has suffered a data breach after customers' personal information was exposed on an unsecured cloud server. [...]

https://www.bleepingcomputer.com/news/security/eversource-energy-data-breach-caused-by-unsecured-cloud-storage/

SonicWall warns customers to patch 3 zero-days exploited in the wild

Security hardware manufacturer SonicWall is urging customers to patch a set of three zero-day vulnerabilities affecting both its on-premises and hosted Email Security products. [...]

https://www.bleepingcomputer.com/news/security/sonicwall-warns-customers-to-patch-3-zero-days-exploited-in-the-wild/

REvil gang tries to extort Apple, threatens to sell stolen blueprints

The REvil ransomware gang asked Apple to "buy back" stolen product blueprints to avoid having them leaked on REvil's leak site before today's Apple Spring Loaded event where the new iMac was introduced.  [...]

https://www.bleepingcomputer.com/news/security/revil-gang-tries-to-extort-apple-threatens-to-sell-stolen-blueprints/

Facebook leaks strategy to numb reaction to data scraping incidents

Facebook's long-term strategy is to desensitize users about leaked data dumps that were collected through scraping the public portion of the social network. [...]

https://www.bleepingcomputer.com/news/security/facebook-leaks-strategy-to-numb-reaction-to-data-scraping-incidents/

WhatsApp Pink malware can now auto-reply to your Signal, Telegram texts

WhatsApp malware dubbed WhatsApp Pink has now been updated with advanced capabilities that let this counterfeit Android app automatically respond to your Signal, Telegram, Viber, and Skype messages. WhatsApp Pink refers to a counterfeit app that appeared this week, primarily targeting WhatsApp users in the Indian subcontinent.  [...]

https://www.bleepingcomputer.com/news/security/whatsapp-pink-malware-can-now-auto-reply-to-your-signal-telegram-texts/

Logins for 1.3 million Windows RDP servers collected from hacker market

​The login names and passwords for 1.3 million current and historically compromised Windows Remote Desktop servers have been leaked by UAS, the largest hacker marketplace for stolen RDP credentials. [...]

https://www.bleepingcomputer.com/news/security/logins-for-13-million-windows-rdp-servers-collected-from-hacker-market/

CISA orders federal orgs to mitigate Pulse Secure VPN bug by Friday

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a new emergency directive ordering federal agencies to mitigate an actively exploited vulnerability in Pulse Connect Secure (PCS) VPN appliances on their networks by Friday. [...]

https://www.bleepingcomputer.com/news/security/cisa-orders-federal-orgs-to-mitigate-pulse-secure-vpn-bug-by-friday/

Google fixes exploited Chrome zero-day dropped on Twitter last week

Google has released Chrome 90.0.4430.85 to address an actively exploited zero-day and four other high severity security vulnerabilities impacting today's most popular web browser. [...]

https://www.bleepingcomputer.com/news/security/google-fixes-exploited-chrome-zero-day-dropped-on-twitter-last-week/

Linux bans University of Minnesota for committing malicious code

Linux kernel project maintainers have imposed a ban on the University of Minnesota (UMN) from contributing to the open-source Linux project after a group of UMN researchers were caught submitting a series of malicious code commits, or patches that deliberately introduced security vulnerabilities in the official Linux project. [...]

https://www.bleepingcomputer.com/news/security/linux-bans-university-of-minnesota-for-committing-malicious-code/