ExileRat Targeting Tibetan Supporters via Malicious PowerPoint Docs

A targeted attack against pro-Tibetan supporters has been discovered that installs the ExileRat remote access Trojan through malicious PowerPoint attachments. Once infected, the RAT will allow attackers to retrieve information, execute commands, and steal data from the infected computers. [...]

https://www.bleepingcomputer.com/news/security/exilerat-targeting-tibetan-supporters-via-malicious-powerpoint-docs/

Windows 10 Update Continues Having Issues After DNS Fixes

Windows 10 users continue to have problems performing Windows Update even after Microsoft reportedly has fixed the problem that users were having last week. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-update-continues-having-issues-after-dns-fixes/

Mozilla Adding CryptoMining and Fingerprint Blocking to Firefox

In numerous Mozilla bug tickets that were recently updated, Mozilla is getting closer to adding cryptomining and fingerprinting blocking to their Firefox browser. [...]

https://www.bleepingcomputer.com/news/security/mozilla-adding-cryptomining-and-fingerprint-blocking-to-firefox/

Huddle House Fast Food Chain Suffers Data Breach in POS System

Fast food restaurant chain Huddle House has disclosed that they were affected by a data breach in the point of sale system at some locations that allowed attackers to steal payment information. [...]

https://www.bleepingcomputer.com/news/security/huddle-house-fast-food-chain-suffers-data-breach-in-pos-system/

RDP Clients Exposed to Reverse RDP Attacks by Major Protocol Issues

Multiple major vulnerabilities were discovered in the Remote Desktop Protocol (RDP) protocol which can allow bad actors to take control of computers connecting to a malicious server using remote code execution and memory corruption. [...]

https://www.bleepingcomputer.com/news/security/rdp-clients-exposed-to-reverse-rdp-attacks-by-major-protocol-issues/

Mozilla Resumes Firefox 65 Rollout After AVs Disable HTTPS Scanning

Last week Mozilla halted the rollout of Firefox 65 for Windows after users started reporting insecure certificate errors due to antivirus software conflicts. Now that antivirus vendors have disabled HTTPS scanning for Firefox, Mozilla has enabled the automatic update of Firefox 65 again. [...]

https://www.bleepingcomputer.com/news/software/mozilla-resumes-firefox-65-rollout-after-avs-disable-https-scanning/

Google Launches Password Checkup Extension to Alert Users of Data Breaches

Google announced the release of the Password Checkup Chrome extension designed to keep an eye on current data breaches and announce its users if their accounts have been impacted by recent security breaches. [...]

https://www.bleepingcomputer.com/news/security/google-launches-password-checkup-extension-to-alert-users-of-data-breaches/

OpenOffice Vulnerable to Remote Code Execution, LibreOffice Patched

The latest version of OpenOffice is exposed to a remote code execution vulnerability that can be triggered using automated macro execution when users move the mouse over a maliciously crafted ODT document. The issue was patched in LibreOffice 6.0.7/6.1.3. [...]

https://www.bleepingcomputer.com/news/security/openoffice-vulnerable-to-remote-code-execution-libreoffice-patched/

Microsoft Confirms Windows Update Problems Were Caused by DNS Issues

In a new update last night to the Windows 10 and Windows Server 2019 update history support article, Microsoft has confirmed that this problem was caused by data corruption at an external DNS service provider. This caused incorrect records to be pushed to downstream DNS servers at other ISPs. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-windows-update-problems-were-caused-by-dns-issues/

Microsoft Released the February 2019 Non-Security Office Updates

Microsoft released the February Non-Security Microsoft Office updates containing improvements and fixes for MSI-based editions of Office 2010, Office 2013, and Office 2016. These updates do not apply to the Click-to-Run versions of the apps, such as Microsoft Office 365 Home. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-released-the-february-2019-non-security-office-updates/

GandCrab Ransomware Helps Shady Data Recovery Firms Hide Ransom Costs

The GandCrab ransomware TOR site allows dishonest data recovery companies to hide the actual ransom cost from victims and it is currently being disseminated through a large assortment of distribution channels. [...]

https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-helps-shady-data-recovery-firms-hide-ransom-costs/

Cryptojacking Overtakes Ransomware, Malware-as-a-Service on the Rise

Cryptominers infected roughly ten times more organizations during 2018 than ransomware did, however only one in five security professionals knew that their company's systems have been impacted by a malware attack as reported by Check Point Research. [...]

https://www.bleepingcomputer.com/news/security/cryptojacking-overtakes-ransomware-malware-as-a-service-on-the-rise/

Power Company Has Security Breach Due to Downloaded Game

South African energy supplier Eskom Group has been hit with a double security breach consisting of an unsecured database containing customer information and a corporate computer infected with the Azorult information-stealing Trojan. [...]

https://www.bleepingcomputer.com/news/security/power-company-has-security-breach-due-to-downloaded-game/

30% of Automotive Companies Lacking a Dedicated Cybersecurity Team

30% of companies from the automotive industry do not have their own cybersecurity program or team, nor use the services of an external organization to secure the software used in their products even though today's cars are mobile computers on wheels that use software every second of the day, [...]

https://www.bleepingcomputer.com/news/security/30-percent-of-automotive-companies-lacking-a-dedicated-cybersecurity-team/

Mozilla's Site Isolation Coming to Firefox, First Milestone in February

Mozilla's Project Fission team is working on implementing a site isolation Firefox security feature similar to the one implemented by Google in version 67 of its Chrome web browser to mitigate speculative side-channel attacks launched by malicious websites. [...]

https://www.bleepingcomputer.com/news/security/mozillas-site-isolation-coming-to-firefox-first-milestone-in-february/

Researcher Declines to Share Zero-Day macOS Keychain Exploit with Apple

Security researcher Linus Henze demoed a zero-day macOS exploit impacting the Keychain password management system which can store passwords for applications, servers, and websites, as well as sensitive information related to banking accounts. [...]

https://www.bleepingcomputer.com/news/security/researcher-declines-to-share-zero-day-macos-keychain-exploit-with-apple/

59K Data Breaches Reported, 91 Fines Imposed Since GDPR Enactment

More than 59,000 data breach notifications have been reported to Data Protection Authorities (DPAs) across Europe by both public and privately-owned organizations since EU's GDPR was passed on May 25, 2018. Google's €50 million fine from January. was the largest ever imposed. [...]

https://www.bleepingcomputer.com/news/security/59k-data-breaches-reported-91-fines-imposed-since-gdpr-enactment/

"Lucky Draw" Smishing Campaign Asks Money to Deliver Car Prize

A new smishing campaign, or text message phishing campaign, is targeting Nokia owners in India. These text messages pretend to be from Nokia and state that the recipient has won a lucky draw to win a car or money. [...]

https://www.bleepingcomputer.com/news/security/lucky-draw-smishing-campaign-asks-money-to-deliver-car-prize/

New Docs Show Pricing for Windows 7 Extended Security Updates

Microsoft has stated that Windows 7 support will end in January 2020 and customers are recommended to upgrade to Windows 10 for monthly security updates. For those who wish to continue using Windows 7 beyond January 2020, you can either risk using the OS without updatess or pay Microsoft to get support for another three years. [...]

https://www.bleepingcomputer.com/news/microsoft/new-docs-show-pricing-for-windows-7-extended-security-updates/

Netography to Make Network Security Autonomous, Funded by Andreessen Horowitz

Netography, a self-governing network security platform designed to function as an enterprise security crow's nest received $2.6 million in funding from Andreessen Horowitz as part of its seed round. Netography implements an autonomous network security and telemetry tools that stop security threats which usually go unnoticed. [...]

https://www.bleepingcomputer.com/news/security/netography-to-make-network-security-autonomous-funded-by-andreessen-horowitz/

Business Email Compromise Attacks See Almost 500% Increase

Business email compromised (BEC) attacks have seen an explosive 476% growth between Q4 2017 and Q4 2018, while the number of email fraud attempts against companies increased 226% QoQ. [...]

https://www.bleepingcomputer.com/news/security/business-email-compromise-attacks-see-almost-500-percent-increase/