Microsoft: Attackers increasingly exploit Exchange servers

Microsoft's Defender ATP Research Team today issued guidance on how to defend against attacks targeting Exchange servers by blocking malicious activity identified with the help of behavior-based detection. [...]

https://www.bleepingcomputer.com/news/security/microsoft-attackers-increasingly-exploit-exchange-servers/

AdBlock is causing YouTube video errors in Microsoft Edge

Microsoft has issued a warning about a conflict between Microsoft Edge and the AdBlock Plus browser extension that causes problems when watching YouTube videos. [...]

https://www.bleepingcomputer.com/news/security/adblock-is-causing-youtube-video-errors-in-microsoft-edge/

Sony launches PlayStation bug bounty program with $50K+ rewards

Sony today announced the launch of a public PlayStation bug bounty program to pay security researchers and gamers for security vulnerabilities found in PlayStation 4 devices, the PlayStation Network domains. [...]

https://www.bleepingcomputer.com/news/security/sony-launches-playstation-bug-bounty-program-with-50k-rewards/

Nvidia adds Windows 10 2004 GPU scheduling to GeForce drivers

Nvidia has released the GeForce Game Ready driver version  451.48 and with it comes highly anticipated support for DirectX 12 support, and the Windows 10 2004 GPU Scheduling feature. [...]

https://www.bleepingcomputer.com/news/hardware/nvidia-adds-windows-10-2004-gpu-scheduling-to-geforce-drivers/

NVIDIA patches high severity flaws in Windows, Linux drivers

NVIDIA has released security updates to address security vulnerabilities found in GPU Display and CUDA drivers and Virtual GPU Manager software that could lead to code execution, denial of service, escalation of privileges, and information disclosure on both Windows and Linux machines. [...]

https://www.bleepingcomputer.com/news/security/nvidia-patches-high-severity-flaws-in-windows-linux-drivers/

LG Electronics allegedly hit by Maze ransomware attack

Maze ransomware operators have claimed on their website that they breached and locked the network of the South Korean multinational LG Electronics. [...]

https://www.bleepingcomputer.com/news/security/lg-electronics-allegedly-hit-by-maze-ransomware-attack/

List of Ripple20 vulnerability advisories, patches, and updates

The dust is far from settled following the disclosure of the 19 vulnerabilities in the TCP/IP stack from Treck, collectively referred to as Ripple20, which could help attackers take full control of vulnerable devices on the network. [...]

https://www.bleepingcomputer.com/news/security/list-of-ripple20-vulnerability-advisories-patches-and-updates/

European bank suffers biggest PPS DDoS attack, new botnet suspected

A bank in Europe was the target of a huge distributed denial-of-service (DDoS) attack that sent to its networking gear a flood of 809 million packets per second (PPS). [...]

https://www.bleepingcomputer.com/news/security/european-bank-suffers-biggest-pps-ddos-attack-new-botnet-suspected/

New Lucifer DDoS malware creates a legion of Windows minions

A new botnet identified in the wild leverages close to a dozen exploits for high and critical-severity vulnerabilities against Windows systems to turn them into cryptomining clients and sources for distributed denial-of-service (DDoS) attacks. [...]

https://www.bleepingcomputer.com/news/security/new-lucifer-ddos-malware-creates-a-legion-of-windows-minions/

Microsoft removed the defer feature update setting in Windows 10

Microsoft has removed the setting allowing users to defer feature updates in Windows 10 2004 but still allows it to be configured via group policies for business versions. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-removed-the-defer-feature-update-setting-in-windows-10/

Hackers hide credit card stealing scripts in favicon EXIF data

Hackers are always evolving their tactics to stay one step ahead of security companies. A perfect example of this is the hiding of malicious credit card stealing scripts in the EXIF data of a favicon image to evade detection. [...]

https://www.bleepingcomputer.com/news/security/hackers-hide-credit-card-stealing-scripts-in-favicon-exif-data/

New Ransom X Ransomware used in Texas TxDOT cyberattack

A new ransomware called Ransom X is being actively used in human-operated and targeted attacks against government agencies and enterprises. [...]

https://www.bleepingcomputer.com/news/security/new-ransom-x-ransomware-used-in-texas-txdot-cyberattack/

Evil Corp blocked from deploying ransomware on 30 major US firms

The Evil Corp gang was blocked from deploying WastedLocker ransomware payloads in dozens of attacks against major US corporations, at least of them being Fortune 500 companies. [...]

https://www.bleepingcomputer.com/news/security/evil-corp-blocked-from-deploying-ransomware-on-30-major-us-firms/

Hackers breach E27, want "donation" to reveal vulnerabilities

Asian media firm E27 has been hacked, and attackers ask for a small "donation" to provide information on the vulnerabilities used in the attack. [...]

https://www.bleepingcomputer.com/news/security/hackers-breach-e27-want-donation-to-reveal-vulnerabilities/

The Week in Ransomware - June 26th 2020 - Scrounging around networks

Ransomware has been busy this week with new features being discovered, big name victims, and new ransomware campaigns being discovered. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-26th-2020-scrounging-around-networks/

Developer of Mirai, Qbot-based DDoS botnets jailed for 13 months

A 22-year-old Washington man was sentenced to 13 months in prison for renting and developing Mirai and Qbot-based DDoS botnets used in DDoS attacks against targets from all over the world. [...]

https://www.bleepingcomputer.com/news/security/developer-of-mirai-qbot-based-ddos-botnets-jailed-for-13-months/

Owner of Cardplanet credit card market gets 9 years in prison

A 30-year old Russian national named Aleksey Yurievich Burkov was sentenced today to nine years in prison for running Cardplanet and Direct Connection, two sites that facilitated payment card fraud, computer hacking, and other cybercrimes. [...]

https://www.bleepingcomputer.com/news/security/owner-of-cardplanet-credit-card-market-gets-9-years-in-prison/

Admin of carding portal behind $568M in losses pleads guilty

Russian national Sergey Medvedev, one of the co-founders of Internet-based cybercriminal enterprise Infraud Organization and an admin on the organization's carding forum, today pleaded guilty to RICO conspiracy. [...]

https://www.bleepingcomputer.com/news/security/admin-of-carding-portal-behind-568m-in-losses-pleads-guilty/

Nearly 300 Windows 10 executables vulnerable to DLL hijacking

A simple VBScript may be enough to allow users to gain administrative privileges and bypass UAC entirely on Windows 10. [...]

https://www.bleepingcomputer.com/news/security/nearly-300-windows-10-executables-vulnerable-to-dll-hijacking/

GeoVision access control devices let hackers steal fingerprints

GeoVision, a Taiwanese fingerprint scanner, access control, and surveillance tech manufacturer, fixed critical vulnerabilities in their devices that could be abused by hackers and nation-state threat actors. [...]

https://www.bleepingcomputer.com/news/security/geovision-access-control-devices-let-hackers-steal-fingerprints/