BitDefender fixes bug allowing attackers to run commands remotely

Security solutions are designed to keep an organization safe, but that models crumble when that same software becomes a threat vector for the attackers to exploit. Such is the case with a new Bitdefender remote code execution vulnerability, dubbed CVE-2020-8102, lurking in its Safepay browser component. [...]

https://www.bleepingcomputer.com/news/security/bitdefender-fixes-bug-allowing-attackers-to-run-commands-remotely/

Microsoft says June 2020 updates break Outlook for some users

Microsoft says in a support document recently published that Outlook will fail to start for some users, automatically displaying an error prompting the users to repair some inbox files. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-says-june-2020-updates-break-outlook-for-some-users/

Microsoft rolls out new Edge to Windows 7 via Windows Update

Starting on June 17th, 2020, Microsoft has begun to roll out the KB4567409 update for Windows 7 that installs the new Chromium-based Microsoft Edge browser. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-new-edge-to-windows-7-via-windows-update/

Office 365 now checks docs for known threats before editing

Microsoft today announced the general availability of the Office 365 Safe Documents security feature which expands the protection provided by Protected View by checking untrusted documents for risks and known threats. [...]

https://www.bleepingcomputer.com/news/security/office-365-now-checks-docs-for-known-threats-before-editing/

Indiabulls Group hit by CLOP Ransomware, gets 24h leak deadline

Indian conglomerate Indiabulls Group has allegedly been hit with a cyberattack from the CLOP Ransomware operators who have leaked screenshots of stolen data. [...]

https://www.bleepingcomputer.com/news/security/indiabulls-group-hit-by-clop-ransomware-gets-24h-leak-deadline/

Ryuk ransomware deployed two weeks after Trickbot infection

Activity logs on a server used by the TrickBot trojan in post-compromise stages of an attack show that the actor takes an average of two weeks pivoting to valuable hosts on the network before deploying Ryuk ransomware. [...]

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-deployed-two-weeks-after-trickbot-infection/

Twitter discloses billing info leak after 'data security incident'

Twitter has disclosed a 'Data Security Incident' that caused the billing information for Twitter advertisers to be stored in the browser's cache. This bug would have allowed other users on the computer to see this data. [...]

https://www.bleepingcomputer.com/news/security/twitter-discloses-billing-info-leak-after-data-security-incident/

REvil ransomware scans victim's network for Point of Sale systems

REvil ransomware operators have been observed while scanning one of their victim's network for Point of Sale (PoS) servers by researchers with Symantec's Threat Intelligence team. [...]

https://www.bleepingcomputer.com/news/security/revil-ransomware-scans-victims-network-for-point-of-sale-systems/

Microsoft Defender ATP can now protect Linux, Android devices

Microsoft Defender Advanced Threat Protection (ATP) has expanded to non-Windows platforms and is now generally available for enterprise customers using Linux devices and in public preview for those with Android devices. [...]

https://www.bleepingcomputer.com/news/security/microsoft-defender-atp-can-now-protect-linux-android-devices/

Fxmsp hackers made $1.5M selling access to corporate networks

New details have emerged on the activity of the infamous Fxmsp hacker that last year was advertising access to to networks of three cybersecurity vendors. [...]

https://www.bleepingcomputer.com/news/security/fxmsp-hackers-made-15m-selling-access-to-corporate-networks/

New WastedLocker Ransomware distributed via fake program updates

The Russian cybercrime group known as Evil Corp has added a new ransomware to its arsenal called WastedLocker. This ransomware is used in targeted attacks against the enterprise. [...]

https://www.bleepingcomputer.com/news/security/new-wastedlocker-ransomware-distributed-via-fake-program-updates/

European victims refuse to bow to Thanos ransomware

A Thanos ransomware campaign targeting mid-level employees of multiple organizations from Austria, Switzerland, and Germany was met by the victims' refusal to pay the ransoms demanded to have their data decrypted. [...]

https://www.bleepingcomputer.com/news/security/european-victims-refuse-to-bow-to-thanos-ransomware/

Windows 10 June 2020 updates cause forced reboots, LSASS crashes

Microsoft acknowledged a new known issue leading to Local Security Authority Subsystem Service (LSASS) critical system process crashes and forced reboots on some Windows 10 devices. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-june-2020-updates-cause-forced-reboots-lsass-crashes/

Exposed Frost & Sullivan databases for sale on hacking forum

U.S. business consulting firm Frost & Sullivan was breached after data from an unsecured backup folder exposed on the Internet was sold on a hacker forum. [...]

https://www.bleepingcomputer.com/news/security/exposed-frost-and-sullivan-databases-for-sale-on-hacking-forum/

CryptoCore hackers made over $200M breaching crypto exchanges

A hacking group known as CryptoCore has pulled off cryptocurrency heists worth $70 million, but research indicates that it may be an estimated value of over $200 million since 2018. [...]

https://www.bleepingcomputer.com/news/security/cryptocore-hackers-made-over-200m-breaching-crypto-exchanges/

VMware fixes critical vulnerability in Workstation and Fusion

VMware released security updates to fix multiple vulnerabilities in VMware ESXi, Workstation, and Fusion, with one of them being a critical bug in default configurations of Workstation and Fusion having 3D graphics enabled. [...]

https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-vulnerability-in-workstation-and-fusion/

Microsoft: Attackers increasingly exploit Exchange servers

Microsoft's Defender ATP Research Team today issued guidance on how to defend against attacks targeting Exchange servers by blocking malicious activity identified with the help of behavior-based detection. [...]

https://www.bleepingcomputer.com/news/security/microsoft-attackers-increasingly-exploit-exchange-servers/

AdBlock is causing YouTube video errors in Microsoft Edge

Microsoft has issued a warning about a conflict between Microsoft Edge and the AdBlock Plus browser extension that causes problems when watching YouTube videos. [...]

https://www.bleepingcomputer.com/news/security/adblock-is-causing-youtube-video-errors-in-microsoft-edge/

Sony launches PlayStation bug bounty program with $50K+ rewards

Sony today announced the launch of a public PlayStation bug bounty program to pay security researchers and gamers for security vulnerabilities found in PlayStation 4 devices, the PlayStation Network domains. [...]

https://www.bleepingcomputer.com/news/security/sony-launches-playstation-bug-bounty-program-with-50k-rewards/

Nvidia adds Windows 10 2004 GPU scheduling to GeForce drivers

Nvidia has released the GeForce Game Ready driver version  451.48 and with it comes highly anticipated support for DirectX 12 support, and the Windows 10 2004 GPU Scheduling feature. [...]

https://www.bleepingcomputer.com/news/hardware/nvidia-adds-windows-10-2004-gpu-scheduling-to-geforce-drivers/