Turla Backdoor Deployed in Attacks Against Worldwide Targets

A Turla backdoor targeted at Microsoft Exchange mail servers and controllable remotely via email attachments using steganography was discovered by researchers while used in attacks against multiple targets from around the world. [...]

https://www.bleepingcomputer.com/news/security/turla-backdoor-deployed-in-attacks-against-worldwide-targets/

Tor Browser 8.0.9 Released to Fix Disabled NoScript Addon

Tor has released Tor Browser 8.0.9, which fixes the expired intermedia signing certificate that was causing the NoScript and HTTPS-Everywhere addons to be disabled. [...]

https://www.bleepingcomputer.com/news/software/tor-browser-809-released-to-fix-disabled-noscript-addon/

NSA Hacking Tools Used by Chinese Hackers One Year Before Leak

A Chinese threat group was using hacking tools developed by the NSA more than a year before Shadow Brokers leaked them in April 2017, tools that were later used in highly destructive attacks such as the WannaCry ransomware campaign from May 2017. [...]

https://www.bleepingcomputer.com/news/security/nsa-hacking-tools-used-by-chinese-hackers-one-year-before-leak/

Confluence Servers Hacked to Install Miners and Rootkits

After getting pounded with ransomware and malware for deploying distributed denial-of-service (DDoS) attacks, unpatched Confluence servers are now compromised to mine for cryptocurrency. [...]

https://www.bleepingcomputer.com/news/security/confluence-servers-hacked-to-install-miners-and-rootkits/

Microsoft Edge for Mac Leaked, Includes Browser Protection

During the Microsoft Build 2019 Keynote yesterday, we were shown a brief glimpse of the new Microsoft Edge running on macOS. In a blog post released in conjunction with MS Build, Microsoft stated that the macOS version would be released soon. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-for-mac-leaked-includes-browser-protection/

Burger King's Online Store for Kids Exposes Customers’ Info

An unprotected Elasticsearch cluster found via a Shodan search exposed 37,900 records of Kool King Shop customers, a French online shop specifically tailored to be used by kids who bought Burger King menus.  [...]

https://www.bleepingcomputer.com/news/security/burger-kings-online-store-for-kids-exposes-customers-info/

FBI Seize DeepDotWeb For Taking Commissions From Illegal Sites

A dark web directory called DeepDotWeb has been seized and arrests were made for alleged affiliate commissions generated by referring traffic to illegal sites. [...]

https://www.bleepingcomputer.com/news/security/fbi-seize-deepdotweb-for-taking-commissions-from-illegal-sites/

Google Chrome To Stop Sites From Messing with the Back Button

Google announced the launch of a new feature designed to block websites from manipulating their visitors' history to make it harder for them to go back to the source page with the help of the browser back button. [...]

https://www.bleepingcomputer.com/news/security/google-chrome-to-stop-sites-from-messing-with-the-back-button/

Cisco Fixes Critical Vulnerability in Elastic Services Controller

Cisco today released security updates for a critical vulnerability affecting its Elastic Services Controller (ESC). An unauthenticated, remote attacker could exploit the flaw on deployments that have REST API enabled. [...]

https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-vulnerability-in-elastic-services-controller/

Researcher Finds CSS-Only Method to Track Mouse Movements

As users become more concerned about their privacy and being tracked online, they have begun to use ad blockers and script blockers to block JavaScript tracking scripts. A new method has been discovered that allows a site to track the mouse movements of their visitors by using only HTML and CSS, which can bypass tracking protection. [...]

https://www.bleepingcomputer.com/news/security/researcher-finds-css-only-method-to-track-mouse-movements/

Ransomware Hits Local Texas and Maryland Authorities

The servers of Baltimore City Hall and Amarillo, TX, Potter County were hit by ransomware attacks, with the former having shut down most servers while the latter already got some of its computing systems back online. [...]

https://www.bleepingcomputer.com/news/security/ransomware-hits-local-texas-and-maryland-authorities/

Scammers Try to Trick YouTubers Into Giving Up Password

A scammer looking to take over a YouTube account got a big fat nothing by targeting the owner of a channel that saw right through the fraud and spread the word about the attempt. [...]

https://www.bleepingcomputer.com/news/security/scammers-try-to-trick-youtubers-into-giving-up-password/

UC Browser for Android Vulnerable to URL Spoofing Attacks

The latest versions of UC Browser and UC Browser Mini Android apps with a total of over 600 million installs expose their users to URL spoofing attacks as explained by security researcher Arif Khan who found the flaw and reported it to the apps' security team. [...]

https://www.bleepingcomputer.com/news/security/uc-browser-for-android-vulnerable-to-url-spoofing-attacks/

Microsoft Announces Enhanced Enterprise BitLocker Management

Microsoft will add cloud-based and on-premises BitLocker management capabilities in enterprise environments via Microsoft Intune and System Center Configuration Manager (SCCM) during the second half of 2019. [...]

https://www.bleepingcomputer.com/news/security/microsoft-announces-enhanced-enterprise-bitlocker-management/

Dharma Ransomware Uses Legit Antivirus Tool To Distract Victims

A new Dharma ransomware strain is using ESET AV Remover installations as a "smoke screen" technique designed to distract victims while their files are encrypted in the background as detailed by Trend Micro. [...]

https://www.bleepingcomputer.com/news/security/dharma-ransomware-uses-legit-antivirus-tool-to-distract-victims/

Microsoft Edge Beta Downloads Leaked, Based on Chromium 75

Right after the download links for Microsoft Edge for Mac were leaked, we now have the download links for the Microsoft Edge Beta leaked as well. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-beta-downloads-leaked-based-on-chromium-75/

Nation State Actors Regularly Breach Public Sector Systems

The number of breaches in the Public Administration sector increased in 2018, the most common attacker being actors linked to a nation-state running a cyber-espionage operation. [...]

https://www.bleepingcomputer.com/news/security/nation-state-actors-regularly-breach-public-sector-systems/

Windows 10 Insider Build 18894 Enhances Search in File Explorer

Microsoft has released Windows 10 Insider Preview Build 18894 to Insiders in the Fast ring. This build includes a new search experience in File Explorer so that it is now powered by Windows Search. Other than that, it is mostly bug fixes. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-18894-enhances-search-in-file-explorer/

Microsoft Pulls Office Update KB4462238 Due to Freezing Bug

Microsoft has pulled an update for Microsoft Office 2016 because it caused Office applications to freeze when you clicked on links. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-office-update-kb4462238-due-to-freezing-bug/

Facebook Removed Pre-Approval for Some Cryptocurrency-Related Ads

Facebook announced an update to the platform's advertising policies which removes the requirement of businesses to get pre-approved for cryptocurrency ads related to blockchain tech, education or events, industry news, and more. [...]

https://www.bleepingcomputer.com/news/cryptocurrency/facebook-removed-pre-approval-for-some-cryptocurrency-related-ads/

Over 275 Million Records Exposed by Unsecured MongoDB Database

A huge MongoDB database exposing 275,265,298 records of Indian citizens containing detailed personally identifiable information (PII) was left unprotected on the Internet for more than two weeks. [...]

https://www.bleepingcomputer.com/news/security/over-275-million-records-exposed-by-unsecured-mongodb-database/