Category: BleepingComputer

Read the original article: Scammers hacked Twitter and hijacked accounts using admin tool Hackers were able to hijack dozens of high-profile Twitter accounts on Wednesday after gaining access to internal user administration tools and systems. […]   Advertise on IT Security…

Read more →

Read the original article: Apple, Kanye, Gates, Bezos, more hacked in Twitter account crypto scam Hackers are taking over high profile verified Twitter accounts to promote a cryptocurrency scam promising to give away up to 5,000 bitcoins to those sending between 0.1…

Read more →

Read the original article: PoC exploits released for SAP Recon vulnerabilities, patch now! Just two days after SAP released patches for a critical NetWeaver AS JAVA remote code execution vulnerability, proof-of-concept (PoC) exploits have been released, and active scans are…

Read more →

Read the original article: Citrix: No breach, hacker stole business info from third party Citrix has published an official statement to deny claims that the company’s network was breached by a malicious actor who says that he was also able…

Read more →

Read the original article: Microsoft Outlook is crashing worldwide with 0xc0000005 errors, how to fix Microsoft Outlook is immediately crashing worldwide when users start the application, with 0xc0000005 errors being displayed in the Windows Event Viewer. […]   Advertise on…

Read more →

Read the original article: Cisco fixes critical pre-auth flaws allowing router takeover Cisco today has released security updates to address critical remote code execution (RCE), authentication bypass, and static default credential vulnerabilities affecting multiple router and firewall devices that could…

Read more →

Read the original article: Microsoft removes Windows 10 2004 Thunderbolt dock update block Microsoft is removing a Windows 10, version 2004 safeguard hold after resolving a known issue that was triggering blue screens and stop errors when plugging or unplugging Thunderbolt docks…

Read more →

Read the original article: Google Chrome ends Windows 10 memory optimization test after CPU hit Google has stopped testing a Windows 10 memory optimization developed by Microsoft after finding it caused a performance hit in Google Chrome. […]   Advertise…

Read more →

Read the original article: Microsoft Office July security updates patch critical RCE bugs Microsoft released the July 2020 Office security updates with a total of 25 security updates and 5 cumulative updates for 7 different products, fixing 25 remote code…

Read more →

Read the original article: Microsoft fixes Windows 10 issue causing reboots, LSASS crashes Microsoft today fixed a known issue that was causing Local Security Authority Subsystem Service (LSASS) crashes and forced system reboots on some Windows devices. […]   Advertise on IT…

Read more →

Read the original article: WhatsApp is down, users reporting worldwide outage WhatsApp is down with users worldwide reporting problems connecting to the messaging platform. […]   Advertise on IT Security News. Read the original article: WhatsApp is down, users reporting…

Read more →

Read the original article: Microsoft patches critical wormable SigRed bug in Windows DNS Server A critical vulnerability that’s been sitting in Microsoft’s Windows DNS Server for almost two decades could be exploited to gain Domain Administrator privileges and compromise the…

Read more →

Read the original article: Microsoft July 2020 Patch Tuesday: 123 vulnerabilities, 18 Critical! Today is Microsoft’s July 2020 Patch Tuesday, and if you see Windows administrators cursing for no reason, now you know why! With the July 2020 Patch Tuesday…

Read more →

Read the original article: Windows 10 2004 servicing stack update fixes privilege escalation bug Microsoft today released quality improvements and security updates to the Windows 10 servicing stack, a component designed to enable customers to receive and install Windows updates. […]   Advertise…

Read more →

Read the original article: Chrome 84 released with important security enhancements Google has released Chrome 84 today, July 14th, 2020, to the Stable desktop channel, and it includes numerous security enhancements and new APIs for developers. […]   Advertise on IT…

Read more →

Read the original article: Hacker releases database of 270 million alleged Wattpad records An allegedly stolen Wattpad database containing 270 million records were being sold in private sales for over $100,000. Now it is being offered for free on hacker…

Read more →

Read the original article: Windows 10 Cumulative Updates KB4565503 & KB4565483 Released The July 2020 Patch Tuesday updates for Windows 10 version 2004 and later are now rolling out and you can download and install the latest security fixes by…

Read more →

Read the original article: New GoldenHelper malware found in official Chinese tax software A new backdoor dubbed GoldenHelper was discovered by Trustwave embedded within Golden Tax Invoicing Software, part of the Chinese government’ Golden Tax Project and required for issuing…

Read more →

Read the original article: Adobe fixes critical bugs in Creative Cloud, Media Encoder Adobe has released security updates to address four critical vulnerabilities that could allow attackers to execute arbitrary code and write arbitrary files on Windows devices running vulnerable versions of…

Read more →

Read the original article: Android chat app uses public code to spy, exposes user data A chat application for Android claiming to be a secure messaging platform comes with spying functionality and stores user data in an unsecure location that…

Read more →

Read the original article: Critical SAP Recon flaw exposes thousands of customers to attacks SAP patched a critical vulnerability affecting over 40,000 customers and found in the SAP NetWeaver AS JAVA (LM Configuration Wizard) versions 7.30 to 7.50, a core…

Read more →

Read the original article: Critical SAP Recon flaw exposes thousands of systems to attacks SAP patched a critical vulnerability affecting over 40,000 systems and found in the SAP NetWeaver Java versions 7.30 to 7.50, a core component of several solutions and products deployed…

Read more →

Read the original article: New AgeLocker Ransomware uses Googler’s utility to encrypt files A new and targeted ransomware named AgeLocker utilizes the ‘Age’ encryption tool created by a Google employee to encrypt victim’s files. […]   Advertise on IT Security…

Read more →

Read the original article: LiveAuctioneers reports data breach after user records sold online LiveAuctioneers has disclosed a data breach after a well-known data breach broker began selling 3.4 million stolen user records on a hacker forum. […]   Advertise on IT…

Read more →

Read the original article: Microsoft extends security for Azure Storage file shares, data lakes Microsoft today announced that advanced threat protection for Azure Storage now also allows customers to protect data stored in Azure Files file shares and Azure Data Lake…

Read more →

Read the original article: Microsoft Office 365 will add support for disposable emails Microsoft will provide Office 365 customers with support for using disposable emails to make it simpler to manage their inboxes and to keep track of email campaigns.…

Read more →

Read the original article: Malware adds online sandbox detection to evade analysis Malware developers are now checking if their malware is running in the Any.Run malware analysis service to prevent their malware from being easily analyzed by researchers. […]  …

Read more →

Read the original article: Windows 10’s Feedback Hub: A forum for political trolls, spammers When Microsoft made the Feedback Hub universal app available to Windows 10 Insiders in March 2016 and generally available two months later, the plan was for…

Read more →

Read the original article: Malware adds Any.Run sandbox detection to evade analysis Malware developers are now checking if their malware is running in the Any.Run malware analysis service to prevent their malware from being easily analyzed by researchers. […]  …

Read more →

Read the original article: How to use Windows 10’s Storage Sense to free up Disk Space Windows has always allowed users to free up storage space by emptying temporary files, recycling bin, and the downloads folder’s contents. With Windows 10,…

Read more →

Read the original article: Zoom fixes zero-day RCE bug affecting Windows 7, more updates soon ​The Zoom web conference Client contained a zero-day vulnerability that could have allowed attackers to execute commands on vulnerable systems remotely. […]   Advertise on…

Read more →

Read the original article: TrickBot malware mistakenly warns victims that they are infected The notorious TrickBot malware mistakenly left a test module that is warning victims that they are infected and should contact their administrator. […]   Advertise on IT…

Read more →

Read the original article: How to enable Windows 10’s hidden features using Mach2 Windows 10 builds contain many hidden features that are used by Microsoft to debug code or test applications that have not been officially released yet. A new tool…

Read more →

Read the original article: The Week in Ransomware – July 10th 2020 – A quiet week It has been a pretty quiet week with few alleged attacks against corporate victims and mostly new variants of existing ransomware released. […]  …

Read more →

Read the original article: Apple: Closing MacBooks with camera covers leads to display damage Apple warns customers to avoid closing their MacBook, MacBook Air, or MacBook Pro devices if they use a camera cover thicker than 0.1mm to avoid display damage. […]  …

Read more →

Read the original article: Microsoft will not support PHP 8.0 for Windows in ‘any capacity’ Microsoft has announced that it will not offer support in ‘any capacity’ for PHP for Windows 8.0 when it is released. […]   Advertise on…

Read more →

Read the original article: Uber Eats outage in multiple countries, ‘Internal Server Error” reports The Uber Eats food delivery service is having an outage in multiple countries that is preventing orders from being placed in the app. […]   Advertise…

Read more →

Read the original article: How to protect your Verizon number from SIM swapping attacks Verizon now makes it possible for customers to defend against SIM swapping attacks by enabling the free Number Lock protection feature through the My Verizon app or the My Verizon website. […]…

Read more →

Read the original article: US Secret Service creates new Cyber Fraud Task Force The U.S. Secret Service announced the creation of the Cyber Fraud Task Force (CFTF) after the merger of its Financial Crimes Task Forces (FCTFs) and Electronic Crimes Task…

Read more →

Read the original article: eToro accounts peddled by the thousands on cybercrime forums A threat actor is peddling 62,000 active eToro accounts on a known cybercrime forum. They are also likely collaborating with REvil ransomware on the corporate intrusion front.…

Read more →

Read the original article: Mozilla reduces TLS certificate lifespan to 1 year in September Mozilla has officially announced that starting September 1st, 2020, they will no longer consider any newly issued certificates with a lifespan greater than 398 days, or…

Read more →

Read the original article: Over 1,300 phishing kits for sale on hacker forum A member of a hacker forum is looking to make over $30,000 from selling a huge collection of more than 1,300 phishing kits. […]   Advertise on…

Read more →

Read the original article: How to import and backup saved passwords in Google Chrome ​Google Chrome Password Manager lets you save usernames and passwords and automatically use them to log in to websites you visit. If you ever decide to…

Read more →

Read the original article: Conti ransomware shows signs of being Ryuk’s successor The Conti Ransomware is an upcoming threat targeting corporate networks with new features that allow it to perform quicker and more targeted attacks. There are also indications that…

Read more →

Read the original article: Conti ransomware shows signs of being a Ryuk successor The Conti Ransomware is an upcoming threat targeting corporate networks with new features that allow it to perform quicker and more targeted attacks. There are also indications…

Read more →

Read the original article: Google will ban ads for stalkerware starting August 11 Google will update its Google Ads Enabling Dishonest Behavior policy to globally ban advertising for spyware and surveillance technology known as stalkerware starting with August 11, 2020.…

Read more →

Read the original article: Persuasive Office 365 phishing uses fake Zoom suspension alerts Microsoft Office 365 users are targeted by a new phishing campaign using fake Zoom notifications to warn those who work in corporate environments that their Zoom accounts…

Read more →

Read the original article: Microsoft testing new Windows 10 KDP anti-malware protection Microsoft is testing a new Windows 10 security feature dubbed Kernel Data Protection (KDP) and designed to block malicious actors from altering Windows drivers and systems’ protected kernel memory as part…

Read more →

Read the original article: Evilnum hackers use the same malware supplier as FIN6, Cobalt Hackers in the Evilnum group have developed a toolset that combines custom malware, legitimate utilities, and tools bought from a malware-as-a-service (MaaS) provider that caters for…

Read more →

Read the original article: Over 15 billion credentials in circulation on hacker forums At least 15 billion credentials are currently circulating on various hacker forums, giving cybercriminals fodder for account takeover attacks and identity renting services. […]   Advertise on…

Read more →

Read the original article: Joker Android malware keeps evading Google Play Store defenses The threat actor behind the Joker Android malware has once again succeeded to successfully slip spyware infected apps onto the Play Store, Google’s official Android app store. […]…

Read more →

Read the original article: Palo Alto Networks fixes another severe flaw in PAN-OS devices Palo Alto Networks (PAN) today addressed another severe vulnerability found in the PAN-OS GlobalProtect portal and affecting unpatched PAN next-generation firewalls. […]   Advertise on IT…

Read more →

Read the original article: Microsoft warns of Office 365 phishing via malicious OAuth apps Microsoft warns that with the shift to remote working, customers are exposed to additional security threats such as consent phishing, besides conventional credential theft and email…

Read more →

Read the original article: First look: Microsoft’s Project Freta detects Linux malware for free Microsoft Research has announced a cloud-based malware detection service called Project Freta to detect rootkits, cryptominers, and previously undetected malware strains lurking in your Linux cloud…

Read more →

Read the original article: NVIDIA fixes code execution bug in GeForce Experience software NVIDIA has addressed a vulnerability in the Windows NVIDIA GeForce Experience (GFE) software that could allow local attackers to execute arbitrary code, trigger a denial of service…

Read more →

Read the original article: Microsoft fixes Word, Skype hangs in July Office 2020 updates Microsoft released the July 2020 non-security Microsoft Office updates with improvements and fixes for issues impacting Windows Installer (MSI) editions of Office 2016 and Office 2013…

Read more →

Read the original article: Risky blogspot.in domain for sale after Google fails to renew it Google’s registration of the Blogspot domain expired recently, and the domain was immediately purchased by a domain service provider: […]   Advertise on IT Security…

Read more →

Read the original article: DOJ indict Fxmsp hacker for selling access to hacked orgs, AV firms The US Department of Justice has indicted a hacker known as ‘Fxmsp’ for hacking into and selling access to over three hundred organizations worldwide.…

Read more →

Read the original article: ThiefQuest info-stealing Mac wiper gets free decryptor Poor coding of the ThiefQuest ransomware in disguise that targets macOS users allows recovery of encrypted files, which would remain lost in lack of a backup. […]   Advertise…

Read more →

Read the original article: Mitigating critical F5 BIG-IP RCE flaw not enough, bypass found F5 BIG-IP customers who only applied recommended mitigations and haven’t yet patched their devices against the unauthenticated remote code execution (RCE) CVE-2020-5902 vulnerability are now advised to update them…

Read more →

Read the original article: How to uninstall Microsoft Edge forced-installed via Windows Update If Microsoft Edge was installed in Windows 10 via Windows Update, you can not remove it via standard methods. That does not mean you cannot remove it,…

Read more →

Read the original article: Microsoft takes down domains used in COVID-19-related cybercrime Microsoft took control of domains used by cybercriminals as part of the infrastructure needed to launch phishing attacks designed to exploit vulnerabilities and public fear resulting from the COVID-19 pandemic. […]…

Read more →

Read the original article: Windows 10: The beginning of the end for Control Panel Microsoft has started testing the removal of the venerable System control panel on Windows 10 and instead redirecting users to the modern About page. […]  …

Read more →

Read the original article: US Treasury shares tips on spotting money mule and imposter scams The US Financial Crimes Enforcement Network (FinCEN) today has issued a security alert designed to share potential indicators of imposter scams and money mule schemes with US…

Read more →

Read the original article: First reported Russian BEC scam gang targets Fortune 500 firms Over the past year, a new group of fraudsters believed to be from the Russian cybercriminal space has elevated Business Email Compromise (BEC) scams to a…

Read more →

Read the original article: Citrix fixes 11 flaws in ADC, Gateway, and SD-WAN WANOP appliances Citrix today patched a set of 11 vulnerabilities found to affect its Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP (appliance models 4000-WO, 4100-WO, 5000-WO,…

Read more →

Read the original article: Microsoft Defender ATP web content filtering is now free The new Microsoft Defender Advanced Threat Protection (ATP) Web Content Filtering feature will be provided for free to all enterprise customers without the need for an additional partner license.…

Read more →

Read the original article: EDP energy giant confirms Ragnar Locker ransomware attack EDP Renewables North America (EDPR NA) confirmed a Ragnar Locker ransomware attack that affected its parent corporation’s systems, the Portuguese multinational energy giant Energias de Portugal (EDP). […]   Advertise…

Read more →

Read the original article: Ransomware attack on insurance MSP Xchanging affects clients Global IT services and solutions provider DXC Technology announced over the weekend a ransomware attack on systems from its Xchanging subsidiary. […]   Advertise on IT Security News.…

Read more →

Read the original article: New Google Chrome feature to drastically reduce battery usage Google is planning to add a new Chrome feature that could lead to drops of almost 30% in battery usage by throttling JavaScript timers in background tabs.…

Read more →

Read the original article: Microsoft’s new Windows 10 Alt+Tab plan looks like a mess In what is being called a productivity enhancement, Microsoft is testing a change to the Windows 10 Alt+Tab feature so that it also shows open Microsoft…

Read more →

Read the original article: North Korean hackers linked to credit card stealing attacks on US stores Hackers from North Korea have been stealing payment card information from customers of large retailers in the U.S. and Europe for at least a…

Read more →

Read the original article: Windows 10 2004 upgrade gets blocked due to unsupported settings Some Windows 10 users are being blocked from applying the May 2020 Update when manually seeking to upgrade through Windows Update due to unsupported settings on Windows…

Read more →

Read the original article: PoC exploits released for F5 BIG-IP vulnerabilities, patch now! Two days after patches for critical F5 BIG-IP vulnerability were released, security researchers have started publicly posting proof-of-concept (PoC) exploits show how easy it is to exploit…

Read more →

Read the original article: Windows 10’s Microsoft Store Codecs patches are confusing users Microsoft released security updates via the Microsoft Store last week, and it’s confusing many users who want to make sure their devices are protected. […]   Advertise…

Read more →

Read the original article: .NET Core vulnerability lets attackers evade malware detection A vulnerability in the .NET Core library allows malicious programs to be launched while evading detection by security software. […]   Advertise on IT Security News. Read the…

Read more →

Read the original article: Companies start reporting ransomware attacks as data breaches Corporate victims are finally starting to realize that ransomware attacks are data breaches and have begun to notify employees and clients about data stolen data. […]   Advertise…

Read more →

Read the original article: New Behave! extension warns of website port scans, local attacks A new browser extension called Behave! will warn you if a web site is using scripts to perform scans or attacks on local and private IP…

Read more →

Read the original article: Try2Cry ransomware tries to worm its way to other Windows systems A new ransomware known as Try2Cry is trying to worm its way onto other Windows computers by infecting USB flash drives and using Windows shortcuts (LNK files) posing…

Read more →

Read the original article: The Week in Ransomware – July 3rd 2020 – Yes, Macs need antivirus Many macOS users, including my family and friends, have been under the impression that Macs are not affected by malware and thus do…

Read more →

Read the original article: F5 patches critical BIG-IP ADC remote code execution vulnerability F5 Networks (F5) patched a critical remote code execution (RCE) vulnerability found in undisclosed pages of Traffic Management User Interface (TMUI) of the BIG-IP application delivery controller (ADC). […]  …

Read more →

Read the original article: Avaddon ransomware shows that Excel 4.0 macros are still effective Avaddon ransomware has been spreading this week via an old technique that’s making a comeback, Microsoft cautions on Thursday. […]   Advertise on IT Security News.…

Read more →

Read the original article: Windows 10 2004 breaks OneDrive connectivity for some users Microsoft says that some users might experience OneDrive connectivity issues after updating their devices to Windows 10, version 2004 or enabling Files on Demand in OneDrive. […]   Advertise…

Read more →

Read the original article: Microsoft Defender ATP now helps secure network devices Microsoft Defender Advanced Threat Protection (ATP) can now assess the collective security configuration state of devices on an enterprise network with the help of a new feature dubbed Microsoft…

Read more →

Read the original article: Malwarebytes AdwCleaner now removes malware from the command line The popular AdwCleaner tool from Malwarebytes is about to get even more popular as it now can be used entirely from the command line. […]   Advertise…

Read more →

Read the original article: Windows 10 background image tool can be abused to download malware A binary in Windows 10 responsible for setting an image for the desktop and lock screen can help attackers download malware on a compromised system…

Read more →

Read the original article: Surge of MongoDB ransom attacks use GDPR as extortion leverage A flood of attacks is targeting unsecured MongoDB servers and wiping their databases. Left behind are notes demanding a ransom payment, or the data will be…

Read more →

Read the original article: NSA releases guidance on securing IPsec Virtual Private Networks The US National Security Agency (NSA) has published guidance on how to properly secure IP Security (IPsec) Virtual Private Networks (VPNs) against potential attacks. […]   Advertise…

Read more →

Read the original article: Researchers link APT15 hackers to Chinese military company Researchers have linked the APT15 hacking group known for Android spyware apps to a Chinese military company, Xi’an Tian He Defense Technology Co. Ltd. […]   Advertise on…

Read more →

Read the original article: Microsoft shares Windows 10 2004 workaround for Storage Spaces issue Microsoft has provided workarounds to help customers partially mitigate the impact of an issue affecting some devices with Parity Storage Spaces configurations after applying the May…

Read more →

Read the original article: Hundreds arrested after encrypted messaging network takeover European law enforcement agencies arrested hundreds of suspects in several countries including France, Netherlands, the UK, Norway, and Sweden after infiltrating the EncroChat encrypted mobile communication network used by organized crime groups. […]…

Read more →

Read the original article: Hundreds arrested after encrypted phone network takeover European law enforcement agencies arrested hundreds of suspects in several countries including France, Netherlands, the UK, Norway, and Sweden after infiltrating the EncroChat encrypted mobile communication network used by organized crime groups. […]…

Read more →

Read the original article: GoldenSpy backdoor installed by tax software gets remotely removed As soon as security researchers uncovered the activity of GoldenSpy backdoor, the actor behind it fell back and delivered an uninstall tool to remove all traces of…

Read more →

Read the original article: Federal Reserve shares tips on mitigating synthetic identity fraud The U.S. Federal Reserve today issued guidance on how financial organizations from the United States can mitigate payment fraud attempts scammers carry out with the help of synthetic identity accounts. …

Read more →

Read the original article: Microsoft unveils new Windows 10 Start Menu with theme-aware tiles Say goodbye to the blocky Window 10 Start Menu tiles with colored backgrounds and hello to partially transparent theme-aware tiles that look so much nicer. […]  …

Read more →

Read the original article: TrickBot malware now checks screen resolution to evade analysis The infamous TrickBot trojan has started to check the screen resolutions of victims to detect whether the malware is running in a virtual machine. […]   Advertise…

Read more →

Read the original article: Windows POS malware uses DNS to smuggle stolen credit cards A Windows Point-of-Sale (POS) malware has been discovered using the DNS protocol to smuggle stolen credit cards to a remote server under attacker’s control. […]  …

Read more →

Read the original article: US Govt shares tips on defending against cyberattacks via Tor The Cybersecurity and Infrastructure Security Agency (CISA) today issued guidance on how to protect against cyberattacks launched from the activity originating from or routed through the Tor…

Read more →

Read the original article: Dozens of US news sites hacked in WastedLocker ransomware attacks The Evil Corp gang hacked into dozens of US newspaper websites owned by the same company to infect the employees of over 30 major US private…

Read more →

Read the original article: Windows 10 PowerToys 0.19 released in huge stability bug fix Microsoft has released PowerToys 0.19 in a huge bug fix that aims to increase performance and stability in the tools. […]   Advertise on IT Security…

Read more →