The Week in Ransomware - April 23rd 2021 - A brutal week

This week has been brutal, not because of many ransomware variants released but due to a single ransomware campaign that affected thousands of people. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-23rd-2021-a-brutal-week/

HashiCorp is the latest victim of Codecov supply-chain attack

Open-source software tools and Vault maker HashiCorp disclosed a security incident yesterday that occurred due to the recent Codecov attack. HashiCorp, a Codecov customer, has stated that the recent Codecov supply-chain attack aimed at collecting developer credentials led to the exposure of HashiCorp's GPG signing key. [...]

https://www.bleepingcomputer.com/news/security/hashicorp-is-the-latest-victim-of-codecov-supply-chain-attack/

Fake Microsoft DirectX 12 site pushes crypto-stealing malware

Cybercriminals have created a fake Microsoft DirectX 12 download page to distribute malware that steals your cryptocurrency wallets and passwords. [...]

https://www.bleepingcomputer.com/news/security/fake-microsoft-directx-12-site-pushes-crypto-stealing-malware/

New cryptomining malware builds an army of Windows, Linux bots

A recently discovered cryptomining botnet is actively scanning for vulnerable Windows and Linux enterprise servers and infecting them with Monero (XMRig) miner and self-spreader malware payloads. [...]

https://www.bleepingcomputer.com/news/security/new-cryptomining-malware-builds-an-army-of-windows-linux-bots/

A ransomware gang made $260,000 in 5 days using the 7zip utility

A ransomware gang has made $260,000 in just five days simply by remotely encrypting files on QNAP devices using the 7zip archive program. [...]

https://www.bleepingcomputer.com/news/security/a-ransomware-gang-made-260-000-in-5-days-using-the-7zip-utility/

Microsoft pushes emergency fix for Windows 10 KB5001330 gaming issues

Microsoft has released an emergency fix for gaming issues introduced by the Windows 10 2004 and Windows 10 20H2 KB5001330 update. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-pushes-emergency-fix-for-windows-10-kb5001330-gaming-issues/

Emotet malware forcibly removed today by German police update

Emotet, one of the most dangerous email spam botnets in recent history, is being uninstalled today from all infected devices with the help of a malware module delivered in January by law enforcement. [...]

https://www.bleepingcomputer.com/news/security/emotet-malware-forcibly-removed-today-by-german-police-update/

Windows 10 package manager can now remove any app from the command line

The Windows 10 package manager is getting some new and exciting features that allow you to manage any installed applications directly from the command line. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-package-manager-can-now-remove-any-app-from-the-command-line/

Hacker leaks 20 million alleged BigBasket user records for free

A threat actor has leaked approximately 20 million BigBasket user records containing personal information and hashed passwords on a popular hacking forum. [...]

https://www.bleepingcomputer.com/news/security/hacker-leaks-20-million-alleged-bigbasket-user-records-for-free/

US warns of Russian state hackers still targeting US, foreign orgs

The FBI, the US Department of Homeland Security (DHS), and the Cybersecurity and Infrastructure Security Agency (CISA) warned today of continued attacks coordinated by the Russian-backed APT 29 hacking group against US and foreign organizations. [...]

https://www.bleepingcomputer.com/news/security/us-warns-of-russian-state-hackers-still-targeting-us-foreign-orgs/

Apple iCloud Mail outage causing email sending, receiving issues

Apple's iCloud Mail service is suffering an outage since this morning, preventing some people from sending and receiving emails. [...]

https://www.bleepingcomputer.com/news/apple/apple-icloud-mail-outage-causing-email-sending-receiving-issues/

Microsoft Defender now blocks cryptojacking malware using Intel TDT

Microsoft today announced that Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus, now comes with support for blocking cryptojacking malware using Intel's silicon-based Threat Detection Technology (TDT). [...]

https://www.bleepingcomputer.com/news/security/microsoft-defender-now-blocks-cryptojacking-malware-using-intel-tdt/

Apple fixes macOS zero-day bug exploited by Shlayer malware

Apple has fixed a zero-day vulnerability in macOS exploited in the wild by Shlayer malware to bypass Apple's File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads. [...]

https://www.bleepingcomputer.com/news/security/apple-fixes-macos-zero-day-bug-exploited-by-shlayer-malware/

Accellion data breaches drive up average ransom price

The data breaches caused by the Clop ransomware gang exploiting a zero-day vulnerability have led to a sharp increase in the average ransom payment calculated for the first three months of the year. [...]

https://www.bleepingcomputer.com/news/security/accellion-data-breaches-drive-up-average-ransom-price/

Ransomware gang now warns they will leak new Apple logos, iPad plans

The REvil ransomware gang has mysteriously removed Apple's schematics from their data leak site after privately warning Quanta that they would leak drawings for the new iPad and new Apple logos. [...]

https://www.bleepingcomputer.com/news/security/ransomware-gang-now-warns-they-will-leak-new-apple-logos-ipad-plans/

Reverb discloses data breach exposing musicians' personal info

Popular musical instrument marketplace Reverb has suffered a data breach after an unsecured database containing customer information was exposed online. [...]

https://www.bleepingcomputer.com/news/security/reverb-discloses-data-breach-exposing-musicians-personal-info/

Microsoft announces end of life for multiple .NET Framework versions

Microsoft today announced that multiple .NET Framework versions signed using the legacy and insecure Secure Hash Algorithm 1 (SHA-1) will reach end of support next year. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-end-of-life-for-multiple-net-framework-versions/

DC Police confirms cyberattack after ransomware gang leaks data

The Metropolitan Police Department has confirmed that they suffered a cyberattack after the Babuk ransomware gang leaked screenshots of stolen data. [...]

https://www.bleepingcomputer.com/news/security/dc-police-confirms-cyberattack-after-ransomware-gang-leaks-data/

DC Police confirms cyberattack after ransomware gang leaks data

The Metropolitan Police Department has confirmed that they suffered a cyberattack after the Babuk ransomware gang leaked screenshots of stolen data. [...]

https://www.bleepingcomputer.com/news/security/dc-police-confirms-cyberattack-after-ransomware-gang-leaks-data/

Microsoft Teams worldwide outage impacts user logins, chats

A worldwide Microsoft Teams outage is blocking users from logging into their accounts, and preventing those already logged in from sending and receiving messages. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-teams-worldwide-outage-impacts-user-logins-chats/

MangaDex discloses data breach after stolen database shared online

Manga scanlation site MangaDex disclosed a data breach last week after learning that the site's user database was privately circulating among threat actors. [...]

https://www.bleepingcomputer.com/news/security/mangadex-discloses-data-breach-after-stolen-database-shared-online/