Shade Ransomware shuts down, releases 750K decryption keys

The operators behind the Shade Ransomware (Troldesh) have shut down their operations, released over 750,000 decryption keys, and apologized for the harm they caused their victims. [...]

https://www.bleepingcomputer.com/news/security/shade-ransomware-shuts-down-releases-750k-decryption-keys/

Microsoft investigating Windows 10 KB4549951 BSOD reports

Microsoft is investigating Bluetooth issues, failures to install, blue screen reports received from users who have installed or attempted to install the KB4549951 cumulative update released during this month's Patch Tuesday. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-investigating-windows-10-kb4549951-bsod-reports/

Twitter kills SMS-based tweeting in most countries

Twitter announced today that it has turned off the Twitter via SMS service because of security concerns, a service which allowed the social network's users to tweet using text messages since its early beginnings. [...]

https://www.bleepingcomputer.com/news/security/twitter-kills-sms-based-tweeting-in-most-countries/

WordPress plugin bug lets hackers create rogue admin accounts

WordPress owners are advised to secure their websites by updating the Real-Time Find and Replace plugin to prevent attackers from injecting malicious code into their sites by exploiting a Cross-Site Request Forgery flaw. [...]

https://www.bleepingcomputer.com/news/security/wordpress-plugin-bug-lets-hackers-create-rogue-admin-accounts/

Fake Fedex and UPS delivery issues used in COVID-19 phishing

As people socially isolate and work from home, shopping online and home deliveries have increased. Scammers are capitalizing on this by creating new scams using Coronavirus delivery issues as a lure to get people to visit malicious links or open malware. [...]

https://www.bleepingcomputer.com/news/security/fake-fedex-and-ups-delivery-issues-used-in-covid-19-phishing/

Lucy malware for Android adds file-encryption for ransomware ops

A threat actor focusing on Android systems has expanded their malware-as-a-service (MaaS) business with file-encrypting capabilities for ransomware operations. [...]

https://www.bleepingcomputer.com/news/security/lucy-malware-for-android-adds-file-encryption-for-ransomware-ops/

Hacking group used Google Play Store to push spyware for years

A malicious campaign dubbed PhantomLance has been targeting users of Android devices with spyware payloads embedded in applications delivered via multiple platforms including Google's Play Store and the alternative Android app store APKpure. [...]

https://www.bleepingcomputer.com/news/security/hacking-group-used-google-play-store-to-push-spyware-for-years/

Microsoft releases guidance on blocking ransomware attacks

Microsoft warned today of ongoing human-operated ransomware campaigns targeting healthcare organizations and critical services, and shared tips on how to block new breaches by patching vulnerable internet-facing systems. [...]

https://www.bleepingcomputer.com/news/security/microsoft-releases-guidance-on-blocking-ransomware-attacks/

Adobe fixes critical vulnerabilities in Magento and Illustrator

Adobe has released security updates for Adobe Illustrator, Bridge, and Magento that fix numerous vulnerabilities, including ones that could allow remote code execution. [...]

https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-vulnerabilities-in-magento-and-illustrator/

Rogue affiliates are running fake antivirus expiration scams

Rogue security software affiliates are sending emails that falsely tell recipients that their antivirus software is expiring and then prompt them to renew their license so that the affiliate can earn a commission from the sale. [...]

https://www.bleepingcomputer.com/news/security/rogue-affiliates-are-running-fake-antivirus-expiration-scams/

Microsoft warns of malware surprise pushed via pirated movies

Microsoft warns that malicious actors are taking advantage of the boost in traffic seen by movie piracy sites to infect victims with malware delivered via fake movie torrents. [...]

https://www.bleepingcomputer.com/news/security/microsoft-warns-of-malware-surprise-pushed-via-pirated-movies/

RDP brute-force attacks are skyrocketing due to remote working

Internet-exposed and poorly configured RDP servers from all over the globe are the target of an increasing number of brute-forcing attacks that have started since the beginning of March. [...]

https://www.bleepingcomputer.com/news/security/rdp-brute-force-attacks-are-skyrocketing-due-to-remote-working/

Microsoft releases Sysmon 11 with auto-backup of deleted files

Microsoft has released Sysmon 11, and it now comes with an important feature that allows you to monitor for and automatically archive deleted files on a monitored system. [...]

https://www.bleepingcomputer.com/news/software/microsoft-releases-sysmon-11-with-auto-backup-of-deleted-files/

Numerous sites leak user emails to advertising, analytics services

Multiple online services and products are leaking email data belonging to their users to third-party advertising and analytics companies, shows a recent research published today. [...]

https://www.bleepingcomputer.com/news/security/numerous-sites-leak-user-emails-to-advertising-analytics-services/

Microsoft releases Windows 10 Build 19619 with freeze fixes

Microsoft has released Windows 10 Insider Preview Build 19619 to Insiders in the Fast ring with fixes for frequent freezes on some systems, music controls to the Your Phone app, and quick access to COVID-19 info from search. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-build-19619-with-freeze-fixes/

Windows 10 Search now gives easy access to COVID-19 info

Windows 10 is now making it easier to access the latest Coronavirus information via new buttons show in Windows Search. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-search-now-gives-easy-access-to-covid-19-info/

Google updates Chrome Web Store policy to block extension spam

Google today updated the Chrome Web Store's spam policy to block extension spam so that users can have a real chance to avoid potentially malicious extensions while sifting through 200,000 add-ons available in the store. [...]

https://www.bleepingcomputer.com/news/security/google-updates-chrome-web-store-policy-to-block-extension-spam/

US govt updates Microsoft Office 365 security best practices

The Cybersecurity and Infrastructure Security Agency (CISA) today issued an update to its Microsoft Office 365 security best practices as part of an alert distributed via the US National Cyber Awareness System. [...]

https://www.bleepingcomputer.com/news/security/us-govt-updates-microsoft-office-365-security-best-practices/

Bugs in WordPress plugins for online courses let students cheat

Popular WordPress plugins for creating learning management systems (LMS) are rife with vulnerabilities that can be exploited to take control of the platform, get test answers, and modify grades. [...]

https://www.bleepingcomputer.com/news/security/bugs-in-wordpress-plugins-for-online-courses-let-students-cheat/

Clop ransomware leaks ExecuPharm's files after failed ransom

Clop ransomware leaked files stolen from U.S pharmaceutical company ExecuPharm after ransom negotiations allegedly failed. [...]

https://www.bleepingcomputer.com/news/security/clop-ransomware-leaks-execupharms-files-after-failed-ransom/