Cloudflare Ends CAPTCHAs for TOR Users While Blocking Bad Actors

Cloudflare announces today its own Onion Service, which should make anonymous access easier to websites in its network, and reduce the malicious traffic aimed at them. [...]

https://www.bleepingcomputer.com/news/security/cloudflare-ends-captchas-for-tor-users-while-blocking-bad-actors/

NSS Labs Sues CrowdStrike, Symantec, ESET, AMTSO for Alleged Testing Conspiracy

NSS Labs has filed an anti-trust law suit against CrowdStrike, Symantec, ESET, and the Anti-Malware Testing Standards Organization (AMTSO) over an alleged conspiracy to prevent independent testing companies from performing unbiased reviews of security software. [...]

https://www.bleepingcomputer.com/news/security/nss-labs-sues-crowdstrike-symantec-eset-amtso-for-alleged-testing-conspiracy/

Microsoft Announces Cumulative Updates for .NET Framework for Windows 10

In a blog post, Microsoft yesterday announced that starting with Windows 10 October Update the company plans to deliver new updates for .NET Framework via Cumulative Updates channel. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-cumulative-updates-for-net-framework-for-windows-10/

Windows 10 Cumulative Updates KB4458469 and KB4457136 Released

Today is not Patch Tuesday but Microsoft is rolling out a new batch of cumulative updates for Windows 10. The software giant is rolling out cumulative updates with a long list of fixes for Windows 10 April 2018 Update (version 1803) and Windows 10 Fall Creators Update (version 1709). [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-updates-kb4458469-and-kb4457136-released/

DMARC Policies for Whitehouse.gov Make Spoofing Emails Easier

Federal executive branch departments and agencies have until October 16 to adopt on their domains a policy-based email validation system configured with the strongest setting. Most already comply with the mandatory requirement but whitehouse.gov is not among them, yet. [...]

https://www.bleepingcomputer.com/news/security/dmarc-policies-for-whitehousegov-make-spoofing-emails-easier/

Google Testing Removal of WWW Subdomain from Search Results

Google really wants to get rid of the WWW subdomain. First we had Google removing WWW in the Chrome 69 address bar and now there is some test underway to remove it from search results as well. [...]

https://www.bleepingcomputer.com/news/google/google-testing-removal-of-www-subdomain-from-search-results/

Unwiped Drives and Servers from NCIX Retailer for Sale on Craigslist

[...]

https://www.bleepingcomputer.com/news/security/unwiped-drives-and-servers-from-ncix-retailer-for-sale-on-craigslist/

Romanian Woman Admits Involvement in Hacking Attack On Washington Police Computers

A Romanian woman admitted on Thursday her participation in a ransomware distribution scheme that ended up disabling computers used by the Washington D.C. police for surveillance. [...]

https://www.bleepingcomputer.com/news/security/romanian-woman-admits-involvement-in-hacking-attack-on-washington-police-computers/

0Day Windows JET Database Vulnerability disclosed by Zero Day Initiative

A zero day vulnerability in the Microsoft Windows Jet Database Engine has been disclosed by TrendMicro's Zero Day Initiative even though a security update is not currently available from Microsoft. [...]

https://www.bleepingcomputer.com/news/security/0day-windows-jet-database-vulnerability-disclosed-by-zero-day-initiative/

Twitter Bug May Have Sent your Direct Messages to Twitter Developers As Well

In an alert on Twitter, the social network is alerting users that for over a year, their direct messages and private tweets may have been sent to Twitter developers by mistake. [...]

https://www.bleepingcomputer.com/news/security/twitter-bug-may-have-sent-your-direct-messages-to-twitter-developers-as-well/

Malware Disguised as Job Offers Distributed on Freelance Sites

Attackers are using freelance job sites such as fiverr and Freelancer to distribute malware disguised as job offers. These job offers contain attachments that pretends to be the job brief, but are actually installers for keyloggers such as Agent Tesla or Remote Access Trojan (RATs). [...]

https://www.bleepingcomputer.com/news/security/malware-disguised-as-job-offers-distributed-on-freelance-sites/

Optional Cumulative Update KB4457139 for Windows 7 Released With Bug Fixes

The KB4457139 is now available for Windows 7 via Windows Update and Microsoft's Update Catalog. Windows 7 KB4457139 is an optional update and it includes improvements and fixes that were part of KB4457144. [...]

https://www.bleepingcomputer.com/news/microsoft/optional-cumulative-update-kb4457139-for-windows-7-released-with-bug-fixes/

Port of Barcelona Suffers Cyberattack

The Port of Barcelona was Thursday morning the victim of a cyberattack that affected some of its servers and systems, forcing the organization to launch the contingency plan designed specifically for these incidents. [...]

https://www.bleepingcomputer.com/news/security/port-of-barcelona-suffers-cyberattack/

Gamma, Bkp, & Monro Dharma Ransomware Variants Released in One Week

This week we have seen three new Dharma Ransomware variants released that append either the .Gamma, .Bkp, & .Monro extensions to encrypted files. [...]

https://www.bleepingcomputer.com/news/security/gamma-bkp-and-monro-dharma-ransomware-variants-released-in-one-week/

The Week in Ransomware - September 21st 2018 - Beer, Airports, & Dharma

This has been a busy week. We had a brewery hit, an airport's flight and arrival time displays taken out, and Dharma deciding to release three different variants in one week. The NSA CodeBreaker Challenge was also kicked off today and it has a ransomware theme this year. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-21st-2018-beer-airports-and-dharma/

Western Digital Releases Hotfix for My Cloud Auth Bypass Vulnerability

Western Digital has just released an hotfix firmware update to resolve the authentication bypass vulnerability (CVE-2018-17153) that had remained unpatched for over a year. This vulnerability allowed anyone to bypass authentication and get administrative access to the router. [...]

https://www.bleepingcomputer.com/news/security/western-digital-releases-hotfix-for-my-cloud-auth-bypass-vulnerability/

Thousands of Compromised WordPress Sites Redirect to Tech Support Scams

Thousands of WordPress websites have been compromised and injected with JavaScript code that redirects users to tech-support scam pages. [...]

https://www.bleepingcomputer.com/news/security/thousands-of-compromised-wordpress-sites-redirect-to-tech-support-scams/

Users Forcibly Being Logged Into Chrome When Signing Into a Google Service

With the release of Chrome 69, it was discovered that when you log into your Google account, or any Google service for that matter, you will also be automatically logged into Chrome whether you want to or not. [...]

https://www.bleepingcomputer.com/news/security/users-forcibly-being-logged-into-chrome-when-signing-into-a-google-service/

New Mozilla Firefox Attack Causes Desktop Client to Crash

A new attack has been created that can crash or freeze the Mozilla Firefox desktop browser simply by visiting a web page that contains an embedded JavaScript script.  [...]

https://www.bleepingcomputer.com/news/security/new-mozilla-firefox-attack-causes-desktop-client-to-crash/

Cloudflare Improves Privacy by Encrypting the SNI During TLS Negotation

Cloudflare announces today support for encrypted Server Name Indication, a mechanism that makes it more difficult to track user's browsing. [...]

https://www.bleepingcomputer.com/news/security/cloudflare-improves-privacy-by-encrypting-the-sni-during-tls-negotation/

Microsoft's New Threat Protection Service Gives Security Overview for Orgs

At today's Ignite 2018 conference, Microsoft announced a new end-to-end security solution called Microsoft Threat Protection. Microsoft Threat Protection is designed to provide a view of an organization's overall threat landscape so that administrators can easily spot new threats and attacks. [...]

https://www.bleepingcomputer.com/news/microsoft/microsofts-new-threat-protection-service-gives-security-overview-for-orgs/