GitHub-Hosted Magecart Card Skimmer Found on Hundreds of Stores

Malicious actors compromised the Magento installations of a few hundred e-commerce websites and injected them with Magecart skimmer scripts hosted on GitHub. [...]

https://www.bleepingcomputer.com/news/security/github-hosted-magecart-card-skimmer-found-on-hundreds-of-stores/

The Week in Ransomware - April 26th 2019 - Targeting the Enterprise

This week the biggest news is that MalwareHunterTeam was able to get a sample of the RobbinHood ransomware that targets the enterprise so that it could be analyzed. The other big news is that attackers are hacking into Confluence servers using a recently released vulnerability to install the GandCrab ransomware, miners, and Trojans. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-26th-2019-targeting-the-enterprise/

Hacked Docker Hub Database Exposed Sensitive Data of 190K Users

An unauthorized person gained access to a Docker Hub database that exposed the the user names and hashed passwords for approximately 190,000 users. In addition, a small percentage of users have had their GitHub and Bitbucket tokens for Docker autobuilds leaked as well. [...]

https://www.bleepingcomputer.com/news/security/hacked-docker-hub-database-exposed-sensitive-data-of-190k-users/

Fake Windows PC Cleaner Drops AZORult Info-Stealing Trojan

Researchers have discovered a web site pushing a PC cleaner tool for Windows that in reality is just a front for the Azorult password and information stealing Trojan. [...]

https://www.bleepingcomputer.com/news/security/fake-windows-pc-cleaner-drops-azorult-info-stealing-trojan/

Europeans Hit with Multi-Stage Malware Loader via Signed Malspam

Multiple malicious spam campaigns using signed emails have been observed while distributing the GootKit (aka talalpek or Xswkit) banking Trojan with the help of a multi-stage malware loader dubbed JasperLoader over the past few months. [...]

https://www.bleepingcomputer.com/news/security/europeans-hit-with-multi-stage-malware-loader-via-signed-malspam/

Microsoft Asks Users to Call Windows 10 Devs About Taskbar Experience

Microsoft has started to display notifications in the action center asking Insiders to schedule a call with Windows 10 developers in order to provide feedback regarding the Taskbar experience. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-asks-users-to-call-windows-10-devs-about-taskbar-experience/

Windows Security Update Caused Recent Antivirus Conflicts and Freezes

According to an updated McAfee support bulletin, a Windows security update for the Windows Client Server Run-Time Subsystem (CSRSS) service appears to have caused the recent conflicts between enterprise antivirus software and Windows. [...]

https://www.bleepingcomputer.com/news/software/windows-security-update-caused-recent-antivirus-conflicts-and-freezes/

Breaches, ID Theft & Malware: Schools At Risk From Vulnerabilities

K-12 educational institutions aren't fairing well either, as a U.S. school district becomes the victim of a cyberattack approximately every three days. The cyber incidents range from data breaches to phishing scams to ransomware attacks. Many of the incidents are hugely consequential, resulting in the theft of millions of taxpayer do [...]

https://www.bleepingcomputer.com/news/security/breaches-id-theft-and-malware-schools-at-risk-from-vulnerabilities/

Google Chrome 74 Now Synchronizes with Windows 10 Dark Mode

When Chrome 74 was released last week it contained the highly anticipated Dark Mode synchronization with Windows 10 color settings. For many, though, when changing the color settings in Windows 10 to Dark, Chrome would not automatically switch to the Dark Mode. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-74-now-synchronizes-with-windows-10-dark-mode/

Tech Support Scammers Freeze Browsers Using Iframes

Tech support scammers are using iframes to lock web browsers and to trick people into calling their support hotlines posing as legitimate services to have their computers fixed after being presented with a "computer has been blocked" alert. [...]

https://www.bleepingcomputer.com/news/security/tech-support-scammers-freeze-browsers-using-iframes/

Windows 10 Users Avoiding October 2018 Update Shows Report

A new report indicates that the majority of users are continuing to use the Windows 10 April 2018 Update rather than upgrading to the latest October 2018 update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-users-avoiding-october-2018-update-shows-report/

Exposed Database Leaks Addresses, Income Info of Millions of Americans

A publicly-accessible database with information on roughly 80 million American households has been discovered on a Microsoft cloud server, representing more than half of the total number of U.S. households. [...]

https://www.bleepingcomputer.com/news/security/exposed-database-leaks-addresses-income-info-of-millions-of-americans/

Botnet of Over 100K Devices Used to DDoS Electrum Servers

The malicious actors behind the DDoS attacks against Electrum Bitcoin wallet users have switched to a new malware loader for their botnet Trojan, after previously using the Smoke Loader tool and the RIG exploit kit. [...]

https://www.bleepingcomputer.com/news/security/botnet-of-over-100k-devices-used-to-ddos-electrum-servers/

Crooks Build Fake Hack Tools and Game Cheats for Profit

Knowing that many people want to get something for nothing, a common tactic is for attackers to create fake hack tools or cheats for games and sites. While users think they are using these tools to hack sites and games to earn free likes, money, or awards, in reality the attackers are just stealing the user's login credentials. [...]

https://www.bleepingcomputer.com/news/security/crooks-build-fake-hack-tools-and-game-cheats-for-profit/

$1.75 Million Stolen by Crooks in Church BEC Attack

Hackers have stolen $1.75 million from the Saint Ambrose Catholic Parish following a successful BEC (Business Email Compromise) attack which was discovered on April 17 after payments related to the church's Vision 2020 project were not received by a contractor. [...]

https://www.bleepingcomputer.com/news/security/175-million-stolen-by-crooks-in-church-bec-attack/

New Phishing Campaign From 'FBI Director Wray' is Hysterical

We regularly write about phishing emails at BleepingComputer.com in order to warn our readers about ongoing threats. Many scam emails are well crafted and their associated phishing sites are spot on, but sometimes you see ones that are so ridiculous that you have no choice but to laugh. [...]

https://www.bleepingcomputer.com/news/security/new-phishing-campaign-from-fbi-director-wray-is-hysterical/

Google Docs Says Chromium-Based Microsoft Edge Is Not Supported

When users of the Chromium-based Microsoft Edge use Google Docs, the service is stating that the browser is not supported. As the new Microsoft Edge uses the same HTML engine as Chrome and is clearly supported, some users feel that Google is playing unfairly. [...]

https://www.bleepingcomputer.com/news/microsoft/google-docs-says-chromium-based-microsoft-edge-is-not-supported/

Emotet Trojan Is the Most Prevalent Threat in Healtcare Systems

Almost 80% of the malware affecting computer systems in the healthcare industry are trojans and the most common of them is Emotet, a report today shows. [...]

https://www.bleepingcomputer.com/news/security/emotet-trojan-is-the-most-prevalent-threat-in-healtcare-systems/

Microsoft 365 Adds More Control Over Encrypted Emails, Increases Privacy

Microsoft announced the arrival of a number of extra Microsoft 365 options and controls for organizations designed to provide them with better and stronger data privacy and compliance practices, with control over encrypted emails shared outside an organization being the one that stands out. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-365-adds-more-control-over-encrypted-emails-increases-privacy/

GitHub-Hosted Malware Targets Accountants With Ransomware

Threat actors ran a malvertising campaign on the Russian Yandex.Direct advertising network starting October 2018 to disseminate a malware cocktail designed to encrypt victims' data and steal cryptocurrency. [...]

https://www.bleepingcomputer.com/news/security/github-hosted-malware-targets-accountants-with-ransomware/

DHS Says Federal Agencies Have 15 Days to Fix Critical Flaws

The Department of Homeland Security' Cybersecurity and Infrastructure Security Agency issued the Binding Operational Directive 19-02 which requires federal agencies to remediate critical security vulnerabilities within 15 days since the initial detection. [...]

https://www.bleepingcomputer.com/news/security/dhs-says-federal-agencies-have-15-days-to-fix-critical-flaws/