QNAP removes backdoor account in NAS backup, disaster recovery app

QNAP has addressed a critical vulnerability allowing attackers to log into QNAP NAS (network-attached storage) devices using hardcoded credentials. [...]

https://www.bleepingcomputer.com/news/security/qnap-removes-backdoor-account-in-nas-backup-disaster-recovery-app/

Exchange Online down: Microsoft 365 outage affects email delivery

A Microsoft 365 outage is preventing Exchange Online users from sending and receiving emails, with messages being stuck in transit and not reaching the recipients' inboxes. [...]

https://www.bleepingcomputer.com/news/microsoft/exchange-online-down-microsoft-365-outage-affects-email-delivery/

Windows 10 News and Interests taskbar news feed rolling out worldwide

The new Windows 10 News and Interests taskbar news feed feature is now rolling out to Windows 10 devices worldwide. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-news-and-interests-taskbar-news-feed-rolling-out-worldwide/

Botnet backdoors Microsoft Exchange servers, mines cryptocurrency

Unpatched Microsoft Exchange servers are being targeted by the Prometei botnet and added to its operators' army of Monero (XMR) cryptocurrency mining bots. [...]

https://www.bleepingcomputer.com/news/security/botnet-backdoors-microsoft-exchange-servers-mines-cryptocurrency/

NVIDIA staff suggests rolling back Windows 10 update to fix game issues

An NVIDIA staff member has suggested users roll back to an earlier version of Windows 10 to resolve gameplay issues on devices using NVIDIA GPUs. [...]

https://www.bleepingcomputer.com/news/microsoft/nvidia-staff-suggests-rolling-back-windows-10-update-to-fix-game-issues/

Windows 10 1909 KB5001396 cumulative update preview released

Microsoft has released the optional KB5001396 preview cumulative update for Windows 10 1909 with numerous fixes that increase performance in the operating system. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-1909-kb5001396-cumulative-update-preview-released/

Microsoft releases first non-subscription Office 2021, LTSC previews

Microsoft has launched the first commercial preview releases for Microsoft Office Long Term Servicing Channel (LTSC) for Windows and Office 2021 for Mac. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-first-non-subscription-office-2021-ltsc-previews/

Twitter accidentally sends suspicious emails asking to confirm accounts

Twitter caused quite the panic Thursday night when they accidentally sent emails asking users to confirm their accounts, which looked suspiciously like a phishing attack. [...]

https://www.bleepingcomputer.com/news/technology/twitter-accidentally-sends-suspicious-emails-asking-to-confirm-accounts/

Phishing impersonates global recruitment firm to push malware

An ongoing phishing campaign is impersonating Michael Page consultants to push Ursnif data-stealing malware capable of harvesting credentials and sensitive data from infected computers. [...]

https://www.bleepingcomputer.com/news/security/phishing-impersonates-global-recruitment-firm-to-push-malware/

Passwordstate password manager hacked in supply chain attack

ClickStudios, the company behind the Passwordstate password manager, notified customers that attackers compromised the app's update mechanism to deliver malware in a supply-chain attack after breaching its networks. [...]

https://www.bleepingcomputer.com/news/security/passwordstate-password-manager-hacked-in-supply-chain-attack/

The Week in Ransomware - April 23rd 2021 - A brutal week

This week has been brutal, not because of many ransomware variants released but due to a single ransomware campaign that affected thousands of people. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-23rd-2021-a-brutal-week/

HashiCorp is the latest victim of Codecov supply-chain attack

Open-source software tools and Vault maker HashiCorp disclosed a security incident yesterday that occurred due to the recent Codecov attack. HashiCorp, a Codecov customer, has stated that the recent Codecov supply-chain attack aimed at collecting developer credentials led to the exposure of HashiCorp's GPG signing key. [...]

https://www.bleepingcomputer.com/news/security/hashicorp-is-the-latest-victim-of-codecov-supply-chain-attack/

Fake Microsoft DirectX 12 site pushes crypto-stealing malware

Cybercriminals have created a fake Microsoft DirectX 12 download page to distribute malware that steals your cryptocurrency wallets and passwords. [...]

https://www.bleepingcomputer.com/news/security/fake-microsoft-directx-12-site-pushes-crypto-stealing-malware/

New cryptomining malware builds an army of Windows, Linux bots

A recently discovered cryptomining botnet is actively scanning for vulnerable Windows and Linux enterprise servers and infecting them with Monero (XMRig) miner and self-spreader malware payloads. [...]

https://www.bleepingcomputer.com/news/security/new-cryptomining-malware-builds-an-army-of-windows-linux-bots/

A ransomware gang made $260,000 in 5 days using the 7zip utility

A ransomware gang has made $260,000 in just five days simply by remotely encrypting files on QNAP devices using the 7zip archive program. [...]

https://www.bleepingcomputer.com/news/security/a-ransomware-gang-made-260-000-in-5-days-using-the-7zip-utility/

Microsoft pushes emergency fix for Windows 10 KB5001330 gaming issues

Microsoft has released an emergency fix for gaming issues introduced by the Windows 10 2004 and Windows 10 20H2 KB5001330 update. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-pushes-emergency-fix-for-windows-10-kb5001330-gaming-issues/

Emotet malware forcibly removed today by German police update

Emotet, one of the most dangerous email spam botnets in recent history, is being uninstalled today from all infected devices with the help of a malware module delivered in January by law enforcement. [...]

https://www.bleepingcomputer.com/news/security/emotet-malware-forcibly-removed-today-by-german-police-update/

Windows 10 package manager can now remove any app from the command line

The Windows 10 package manager is getting some new and exciting features that allow you to manage any installed applications directly from the command line. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-package-manager-can-now-remove-any-app-from-the-command-line/

Hacker leaks 20 million alleged BigBasket user records for free

A threat actor has leaked approximately 20 million BigBasket user records containing personal information and hashed passwords on a popular hacking forum. [...]

https://www.bleepingcomputer.com/news/security/hacker-leaks-20-million-alleged-bigbasket-user-records-for-free/

US warns of Russian state hackers still targeting US, foreign orgs

The FBI, the US Department of Homeland Security (DHS), and the Cybersecurity and Infrastructure Security Agency (CISA) warned today of continued attacks coordinated by the Russian-backed APT 29 hacking group against US and foreign organizations. [...]

https://www.bleepingcomputer.com/news/security/us-warns-of-russian-state-hackers-still-targeting-us-foreign-orgs/

Apple iCloud Mail outage causing email sending, receiving issues

Apple's iCloud Mail service is suffering an outage since this morning, preventing some people from sending and receiving emails. [...]

https://www.bleepingcomputer.com/news/apple/apple-icloud-mail-outage-causing-email-sending-receiving-issues/