Maze Ransomware Now Delivered by Spelevo Exploit Kit

The Spelevo exploit kit has been spotted by security researchers while infecting victims with Maze Ransomware payloads via a new malicious campaign that exploits a Flash Player use after free vulnerability. [...]

https://www.bleepingcomputer.com/news/security/maze-ransomware-now-delivered-by-spelevo-exploit-kit/

Hackers Backdoor Sites by Hiding Fake WordPress Plugins

Malicious plugins that hide in plain sight and act as backdoors are used by attackers to gain and maintain a foothold on WordPress websites, and to upload web shells and scripts for brute-forcing other sites. [...]

https://www.bleepingcomputer.com/news/security/hackers-backdoor-sites-by-hiding-fake-wordpress-plugins/

How to Update Windows 10 Drivers Manually

Drivers allow Windows to work with hardware components such as graphics card, memory card, storage, camera and other essential components recognized by the operating system. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-update-windows-10-drivers-manually/

Tools and Tactics of the Sodinokibi Ransomware Distributors

Using a network of honeypots, researchers from McAfee examined the tools and tactics used by the Sodinokibi Ransomware (REvil) affiliates to infect their victims with ransomware and compromise other machines on the network. [...]

https://www.bleepingcomputer.com/news/security/tools-and-tactics-of-the-sodinokibi-ransomware-distributors/

Hackers Breach Avast Antivirus Network Through Insecure VPN Profile

Hackers accessed the internal network of Czech cybersecurity company Avast, likely aiming for a supply chain attack targeting CCleaner. Detected on September 25, intrusion attempts started since May 14. [...]

https://www.bleepingcomputer.com/news/security/hackers-breach-avast-antivirus-network-through-insecure-vpn-profile/

Chinese Hackers Use New Malware to Backdoor Microsoft SQL Servers

New malware created by Chinese-backed Winnti Group has been discovered by researchers at ESET while being used to gain persistence on Microsoft SQL Server (MSSQL) systems. [...]

https://www.bleepingcomputer.com/news/security/chinese-hackers-use-new-malware-to-backdoor-microsoft-sql-servers/

New Windows 10 Secured-Core PCs Block Firmware-Level Attacks

Microsoft introduced a new range of devices called Secured-core PCs which come with built-in protection against firmware attacks that have been increasingly used by state-sponsored hacking groups. [...]

https://www.bleepingcomputer.com/news/security/new-windows-10-secured-core-pcs-block-firmware-level-attacks/

Office 365 Now Warns About Suspicious Emails with Unverified Senders

Microsoft is currently rolling out a new Office 365 feature dubbed 'Unverified Sender' and designed to help users identify potential spam or phishing emails that reach their Outlook client's inbox. [...]

https://www.bleepingcomputer.com/news/microsoft/office-365-now-warns-about-suspicious-emails-with-unverified-senders/

Hacker Breached Servers Belonging to Multiple VPN Providers

Servers belonging to the NordVPN and TorGuard VPN companies were hacked and attackers stole and leaked the private keys associated with certificates used to secure their web servers and VPN configuration files.  [...]

https://www.bleepingcomputer.com/news/security/hacker-breached-servers-belonging-to-multiple-vpn-providers/

Russian Hackers Use Iranian Threat Group's Tools, Servers as Cover

The Russian-backed Turla cyber-espionage group used stolen malware and hijacked infrastructure from the Iranian-sponsored OilRig to attack targets from dozens of countries according to a joint United Kingdom's National Cyber Security Centre (NCSC) and U.S. National Security Agency (NSA) advisory published today. [...]

https://www.bleepingcomputer.com/news/security/russian-hackers-use-iranian-threat-groups-tools-servers-as-cover/

Malicious Apps on Alexa or Google Home Can Spy or Steal Passwords

Google and Amazon smart speakers can be leveraged to record user conversation or to phish for passwords through malicious voice apps, security researchers warn. [...]

https://www.bleepingcomputer.com/news/security/malicious-apps-on-alexa-or-google-home-can-spy-or-steal-passwords/

Samsung Galaxy S10 Banned by Banks Due to Buggy Fingerprint Reader

At least three banks operating in the UK have decided to temporarily suspend their mobile banking services for Samsung Galaxy S10 users. [...]

https://www.bleepingcomputer.com/news/security/samsung-galaxy-s10-banned-by-banks-due-to-buggy-fingerprint-reader/

Retina-X Banned by FTC From Selling Their ‘Stalking’ Apps

The U.S. Federal Trade Commission (FTC) says that a settlement has been reached with Retina-X Studios, LLC (Retina-X), the company behind three 'stalkerware' mobile applications, that bars it from selling the apps unless they are used for legitimate purposes. [...]

https://www.bleepingcomputer.com/news/security/retina-x-banned-by-ftc-from-selling-their-stalking-apps/

Firefox 70 Released with In-Browser Data Breach Notifications

Mozilla has officially released Firefox 70 for Windows, Mac, and Linux and with it comes additional protections for user's privacy and passwords. This includes the new social tracking protection feature, a new Privacy protections report, and an integrated data breach notification service for your saved logins. [...]

https://www.bleepingcomputer.com/news/software/firefox-70-released-with-in-browser-data-breach-notifications/

Billing Provider Billtrust Suffers Outage After Malware Attack

U.S. financial services provider Billtrust experienced an outage affecting all of its services after some of the company's computing systems were impacted by a malware attack on October 17. [...]

https://www.bleepingcomputer.com/news/security/billing-provider-billtrust-suffers-outage-after-malware-attack/

Scammers Behind €10 Million BEC Fraud Arrested in Spain

Three people, part of a Business Email Compromise (BEC) scammer group that stole roughly €10.7 million ($11,900,000) from 12 companies, were arrested in Spain by the Guardia Civil as part of Operation Lavanco. [...]

https://www.bleepingcomputer.com/news/security/scammers-behind-10-million-bec-fraud-arrested-in-spain/

MedusaLocker Ransomware Wants Its Share of Your Money

A new ransomware called MedusaLocker is being actively distributed and victims have been seen from all over the world. It is not known at this time, how the attacker is distributing the ransomware. [...]

https://www.bleepingcomputer.com/news/security/medusalocker-ransomware-wants-its-share-of-your-money/

U.S. Superior Court Systems Hacked to Spread Phishing Emails

A Texas man was sentenced today to 145 months in federal prison for hacking the Los Angeles Superior Court (LASC) computer system and using its servers to deliver around 2 million malspam emails. [...]

https://www.bleepingcomputer.com/news/security/us-superior-court-systems-hacked-to-spread-phishing-emails/

Chrome 78 Released With DoH Trial, Tab Hover Cards, and More

Google has released Chrome 78 to the Stable desktop channel, with new improvements, features, and 37 security fixes. Included in this release is the DoH trial for all users on supported DNS providers, a basic Tab Hover Cards, and some other features behind experimental flags. [...]

https://www.bleepingcomputer.com/news/software/chrome-78-released-with-doh-trial-tab-hover-cards-and-more/

Windows 10 Insider Build 19008 Released With Fixes

Microsoft has released Windows 10 Insider Preview Build 19008 (20H1) to Insiders in the Fast ring and brings various fixes and improvements, but no new features. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-19008-released-with-fixes/