Adobe Flash Player Update Released for Remote Code Execution Vulnerability

[...]

https://www.bleepingcomputer.com/news/security/adobe-flash-player-update-released-for-remote-code-execution-vulnerability/

Amazon Data Leak Exposes Email Addresses Right Before Black Friday

f you received a strange email from Amazon stating that they may have disclosed your email address due to a technical error, you are not alone. It seems a web site issue caused some user's email addresses to be disclosed and has since been resolved.  [...]

https://www.bleepingcomputer.com/news/security/amazon-data-leak-exposes-email-addresses-right-before-black-friday/

Mozilla Overhauls Content Blocking Settings in Firefox 65

In Firefox 65, Mozilla is overhauling how users can configure the Content Blocking settings. With this version, the previously confusing configuration is replaced by three different modes that a user can select that offer varying degrees of blocking and customization. [...]

https://www.bleepingcomputer.com/news/software/mozilla-overhauls-content-blocking-settings-in-firefox-65/

German eID Authentication Flaw Lets You Change Identity

The authentication process via German ID cards with RFID chips to certain web services can be manipulated to allow identity spoofing and changing the date of birth. [...]

https://www.bleepingcomputer.com/news/security/german-eid-authentication-flaw-lets-you-change-identity/

Microsoft Launcher Beta Gets a Big Update With New Features

Today, Microsoft announced a big update for Microsoft Launcher and the build is currently rolling out to beta testers. The updated Microsoft Launcher includes a host of new features, improvements and refinements. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-launcher-beta-gets-a-big-update-with-new-features/

How a Security Test for DropBox Revealed 3 Apple Zero Day Vulnerabilities

When Dropbox hired a security firm to perform a Red Team cyber attack simulation on their services, little did they know that they would discover zero day vulnerabilities in Apple products that could affect much more than Dropbox. [...]

https://www.bleepingcomputer.com/news/security/how-a-security-test-for-dropbox-revealed-3-apple-zero-day-vulnerabilities/

Split View Mode Is Now Available for Skype on Windows 10

This new update to Microsoft's modernized Skype 8 brings Split View which allows you to simultaneously open multiple Skype chats. It's a pretty useful feature if you'd like to chat with multiple people at the same time. [...]

https://www.bleepingcomputer.com/news/microsoft/split-view-mode-is-now-available-for-skype-on-windows-10/

PSA: Phishing Levels Rise Ahead of Black Friday and Cyber Monday

With the shopping season underway, cybercriminals are making efforts to capitalize from key holidays and users' craze for Black Friday and Cyber Monday discounts. [...]

https://www.bleepingcomputer.com/news/security/psa-phishing-levels-rise-ahead-of-black-friday-and-cyber-monday/

US Postal Service Exposes Data of 60 Million Users for Over a Year

The US Postal Service ignored for more than a year an authentication oversight that exposed the account details of 60 million users to anyone that logged into the web service. [...]

https://www.bleepingcomputer.com/news/security/us-postal-service-exposes-data-of-60-million-users-for-over-a-year/

Aurora / Zorro Ransomware Actively Being Distributed

A ransomware that has been distributed since the summer of 2018 has started to pick up steam in the latest variant. This new variant is currently being called Zorro Ransomware, but has also been called Aurora Ransomware in the past. [...]

https://www.bleepingcomputer.com/news/security/aurora-zorro-ransomware-actively-being-distributed/

Rotexy Mobile Trojan Launches 70k+ Attacks in Three Months

A mobile spyware that turned into a banking trojan with ransomware capabilities managed to launch over 70,000 attacks in the course of just three months. [...]

https://www.bleepingcomputer.com/news/security/rotexy-mobile-trojan-launches-70k-attacks-in-three-months/

First GDPR Sanction in Germany Fines Flirty Chat Platform EUR 20,000

Following a hack that resulted in leaking online about 808,000 email addresses and over 1.8 million usernames and passwords, a social network website in Germany received a fine of EUR 20,000 from the Baden-Württemberg Data Protection Office. [...]

https://www.bleepingcomputer.com/news/security/first-gdpr-sanction-in-germany-fines-flirty-chat-platform-eur-20-000/

Google is Adding Force-Installed Extension Removal to the Chrome Cleanup Tool

Google is adding the ability to remove force-installed extensions, or ones installed by Windows group policies, to the Chrome Cleanup Tool. [...]

https://www.bleepingcomputer.com/news/google/google-is-adding-force-installed-extension-removal-to-the-chrome-cleanup-tool/

The Week in Ransomware - November 23rd 2018 - STOP, Dharma, and More

This week has mostly been releases of new variants of existing ransomware. Not much of interest other than the developer of the DelphiMorix ransomware trolling ransomware researchers by utilizing their aliases as the extensions for encrypted files. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/

ECC Memory Vulnerable to Rowhammer Attack

Memory modules with error-correcting code (ECC) protection are vulnerable to Rowhammer, an attack that can help corrupt data the computer stores in its volatile memory chips. [...]

https://www.bleepingcomputer.com/news/security/ecc-memory-vulnerable-to-rowhammer-attack/

Chrome and Firefox Developers Aim to Remove Support for FTP

Google developers have wanted to remove FTP support from Chrome for years and an upcoming change in how files stored on FTP servers are rendered in the browser may be the first step in its ultimate removal.  [...]

https://www.bleepingcomputer.com/news/google/chrome-and-firefox-developers-aim-to-remove-support-for-ftp/

Backdoor in Popular JavaScript Library Set to Steal Cryptocurrency

A JavaScript library that scores over two million downloads every week has been injected with malicious code for stealing coins from a cryptocurrency wallet. [...]

https://www.bleepingcomputer.com/news/security/backdoor-in-popular-javascript-library-set-to-steal-cryptocurrency/

New BEC Scams Take Advantage of the California Wildfires

Whenever there is a tragedy, some lowlife will try to take advantage of it. Such is the case with a new round of BEC scams that try to take leverage the California wildfires to defraud their victims. [...]

https://www.bleepingcomputer.com/news/security/new-bec-scams-take-advantage-of-the-california-wildfires/

Uber Fined for Covering Up 2016 Data Breach

The time has come for Uber to pay the piper for the data breach two years ago that leaked personal details of 57 million users and drivers as two data protection offices in Europe set fines that collectively amount to over 1 million euros. [...]

https://www.bleepingcomputer.com/news/security/uber-fined-for-covering-up-2016-data-breach/

Windows Defender Can Detect Accessibility Tool Backdoors

Windows Defender will now detect when accessibility programs such as sethc.exe or utilman.exe have been hijacked by an Image File Execution Options debugger so that they can be used as a backdoor.  [...]

https://www.bleepingcomputer.com/news/security/windows-defender-can-detect-accessibility-tool-backdoors/

Windows 10 Cumulative Updates Released With Fix For File Association Bug

Microsoft has released another cumulative update for Windows 10 with some fixes. The update is not available for Windows 10 October 2018 Update and you will see it only if you've Windows 10 April 2018 Update and Fall Creators Update installed. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-updates-released-with-fix-for-file-association-bug/