Intel Security, Palo Alto Networks, Fortinet, and Symantec under the Cyber Threat Alliance have probed the net scourge revealing that the attackers are thought to be a single entity. That theory's based on commonalities in the Bitcoin wallets they use to receive ransom payments.
Kaspersky Lab has added an additional 14,031 decryption keys to their free repository, enabling all those who have fallen victim to CoinVault and Bitcryptor ransomware to retrieve their encrypted data without having to pay a ransom to cybercriminals.
KeePass 2.46 has been released today!
This is a stable release. It is recommended to upgrade from any previous 2.x version to 2.46.
KeePass 2.46 mainly features user interface and integration enhancements, and various other minor new features and improvements.
Microsoft refutes claims of Windows 10 Defender security problem
In a statement, Microsoft has refuted these reports: Despite these reports, Microsoft Defender antivirus and Microsoft Defender ATP will still protect customers from malware. These programs detect malicious files downloaded to the system through the antivirus file download feature – Microsoft spokesperson.
What’s the Difference Between CHKDSK /F and CHKDSK /R?
Chkdsk is a Windows utility that diagnoses and possibly repairs disk issues. It has several options, but the two most commonly cited are /F, for fix, and /R, for repair.|
Wait.
Aren’t “fix” and “repair” just two words for the same thing?
Yes. But when it comes to CHKDSK, no.
Is It Safe to Delete Everything in Windows’ Disk Cleanup?
For the most part, the items in Disk Cleanup are safe to delete. But, if your computer isn’t running properly, deleting some of these things may prevent you from uninstalling updates, rolling back your operating system, or just troubleshooting a problem, so they’re handy to keep around if you have the space.
[...]
Overall, you can safely delete almost everything in Disk Cleanup as long as you don’t plan on rolling back a device driver, uninstalling an update, or troubleshooting a system problem. But you should probably steer clear of those “Windows ESD Installation files” unless you’re really hurting for space.
Security researchers have observed a new CyrptoJacking campaign where fake Malwarebytes installation files distribute cryptocurrency malware onto infected PCs. These coinminer programs generate cryptocurrencies such as Bitcoin, Ethereum, Monero, and others.
Malware can no longer disable Microsoft Defender via the Registry
Microsoft has removed the ability to disable Microsoft Defender and third-party security software via the Registry to prevent malware from tampering with protection settings.
Just yesterday it was reported that a medical software firm exposed 3.1 million patients’ data to the public. In the latest, it has been found that 350 million unique email addresses were sitting exposed on a misconfigured Amazon S3 bucket for public access without any security authentication.
The CyberNews research team uncovered an unsecured data bucket owned by an unidentified party, containing seven gigabytes worth of unencrypted files that include 350,000,000 strings of unique email addresses.
The massive trove of emails was left on a publicly accessible Amazon AWS server, allowing anyone to download and access the data. This is a huge leak even by today’s standards, with an average of 7 million records being exposed daily in 2020.
Latest COVID-19 Variants from the Ridiculous to the Malicious
With the spectre of the COVID-19 pandemic hovering over the world for the past six months, it is not surprising for a majority of the populace has become be desensitized to all the media coverage. Because of this, attackers are trying to squeeze out every last opportunity of using this topic as a lure – strategy commonly used for other major events, ranging from elections to tragedies to sporting events – before they are forced to move on.
A group of nearly a dozen lawmakers led by member of Congress Anna Eshoo wrote to the California Department of Motor Vehicles (DMV) on Wednesday looking for answers on how and why the organization sells the personal data of residents. The letter comes after Motherboard revealed last year that the DMV was making $50 million annually from selling drivers' information.
The news highlights how selling personal data is not limited to private companies, but some government entities follow similar practices too.
In June, KrebsOnSecurity was contacted by a cybersecurity researcher who discovered that a group of scammers was sharing highly detailed personal and financial records on Americans via a free web-based email service that allows anyone who knows an account’s username to view all email sent to that account — without the need of a password. [...]
The source said the group appears to consist of several hundred individuals who collectively have stolen tens of millions of dollars from U.S. state and federal treasuries via phony loan applications with the U.S. Small Business Administration (SBA) and through fraudulent unemployment insurance claims made against several states. [...]
The source told KrebsOnSecurity he’s identified more than 2,000 people whose SSNs, DoBs and other data were used by the fraud gang to file for unemployment insurance benefits and SBA loans, and that a single payday can land the thieves $20,000 or more. In addition, he said, it seems clear that the fraudsters are recycling stolen identities to file phony unemployment insurance claims in multiple states.
US offers $10 million reward for hackers meddling in US elections
This includes attacks against US election officials, election infrastructure, voting machines, but also candidates and their staff.
More than 80 million Chrome users have installed one of 295 Chrome extensions that hijack and insert ads inside Google and Bing search results.
The malicious extensions were discovered by AdGuard, a company that provides ad-blocking solutions, while the company's staff was looking into a series of fake ad-blocking extensions that were available on the official Chrome Web Store.
Robocall Legal Advocate Leaks Customer Data
A California company that helps telemarketing firms avoid getting sued for violating a federal law that seeks to curb robocalls has leaked the phone numbers, email addresses and passwords of all its customers, as well as the mobile phone numbers and other data on people who have hired lawyers to go after telemarketers.
Disabling Google 2FA Doesn't Need 2FA - JUL 03, 2020
If you're using Chrome to remember your passwords, and it's encrypting your passwords with your default account password, then it's possible for passwords.google.com to be a security vulnerability. Real password managers are preferable. If you're not using a real password manager and you want to continue using passwords.google.com with Chrome, at least choose a different passphrase from your current account.
If you are unsure as to whether anyone is using your Google account, you can check the https:// g.co/securityCheckup page to see what device(s) and locations have used your account recently, and you can revoke them from there.
The security of 2FA isn't under question here, just whether it is temporarily disabled for user convenience is a feature or a bug
Google also provides an Advanced Protection Program that wouldn't have prevented this attack, but may be of interest to readers: https:// landing.google.com/advancedprotection/.
Password managers: Is it OK to use your browser’s built-in password management tools?
Every major browser on every platform includes built-in password management features. Is it safe to use these tools? More importantly, is it smart?