Ransomware Hits Local Texas and Maryland Authorities

The servers of Baltimore City Hall and Amarillo, TX, Potter County were hit by ransomware attacks, with the former having shut down most servers while the latter already got some of its computing systems back online. [...]

https://www.bleepingcomputer.com/news/security/ransomware-hits-local-texas-and-maryland-authorities/

Scammers Try to Trick YouTubers Into Giving Up Password

A scammer looking to take over a YouTube account got a big fat nothing by targeting the owner of a channel that saw right through the fraud and spread the word about the attempt. [...]

https://www.bleepingcomputer.com/news/security/scammers-try-to-trick-youtubers-into-giving-up-password/

UC Browser for Android Vulnerable to URL Spoofing Attacks

The latest versions of UC Browser and UC Browser Mini Android apps with a total of over 600 million installs expose their users to URL spoofing attacks as explained by security researcher Arif Khan who found the flaw and reported it to the apps' security team. [...]

https://www.bleepingcomputer.com/news/security/uc-browser-for-android-vulnerable-to-url-spoofing-attacks/

Microsoft Announces Enhanced Enterprise BitLocker Management

Microsoft will add cloud-based and on-premises BitLocker management capabilities in enterprise environments via Microsoft Intune and System Center Configuration Manager (SCCM) during the second half of 2019. [...]

https://www.bleepingcomputer.com/news/security/microsoft-announces-enhanced-enterprise-bitlocker-management/

Dharma Ransomware Uses Legit Antivirus Tool To Distract Victims

A new Dharma ransomware strain is using ESET AV Remover installations as a "smoke screen" technique designed to distract victims while their files are encrypted in the background as detailed by Trend Micro. [...]

https://www.bleepingcomputer.com/news/security/dharma-ransomware-uses-legit-antivirus-tool-to-distract-victims/

Microsoft Edge Beta Downloads Leaked, Based on Chromium 75

Right after the download links for Microsoft Edge for Mac were leaked, we now have the download links for the Microsoft Edge Beta leaked as well. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-beta-downloads-leaked-based-on-chromium-75/

Nation State Actors Regularly Breach Public Sector Systems

The number of breaches in the Public Administration sector increased in 2018, the most common attacker being actors linked to a nation-state running a cyber-espionage operation. [...]

https://www.bleepingcomputer.com/news/security/nation-state-actors-regularly-breach-public-sector-systems/

Windows 10 Insider Build 18894 Enhances Search in File Explorer

Microsoft has released Windows 10 Insider Preview Build 18894 to Insiders in the Fast ring. This build includes a new search experience in File Explorer so that it is now powered by Windows Search. Other than that, it is mostly bug fixes. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-18894-enhances-search-in-file-explorer/

Microsoft Pulls Office Update KB4462238 Due to Freezing Bug

Microsoft has pulled an update for Microsoft Office 2016 because it caused Office applications to freeze when you clicked on links. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-office-update-kb4462238-due-to-freezing-bug/

Facebook Removed Pre-Approval for Some Cryptocurrency-Related Ads

Facebook announced an update to the platform's advertising policies which removes the requirement of businesses to get pre-approved for cryptocurrency ads related to blockchain tech, education or events, industry news, and more. [...]

https://www.bleepingcomputer.com/news/cryptocurrency/facebook-removed-pre-approval-for-some-cryptocurrency-related-ads/

Over 275 Million Records Exposed by Unsecured MongoDB Database

A huge MongoDB database exposing 275,265,298 records of Indian citizens containing detailed personally identifiable information (PII) was left unprotected on the Internet for more than two weeks. [...]

https://www.bleepingcomputer.com/news/security/over-275-million-records-exposed-by-unsecured-mongodb-database/

Bug in Alpine Linux Docker Image Leaves Root Account Unlocked

A security vulnerability in the Official Docker images based on the  Alpine Linux distribution allowed for more than three years logging into the root account using a blank password. [...]

https://www.bleepingcomputer.com/news/security/bug-in-alpine-linux-docker-image-leaves-root-account-unlocked/

Developer Creates a Two-Way Chat Using Only CSS and HTML

A software developer from San Francisco managed to do what no one else did before, creating a fully-functional two-way chat using only CSS and HTML, completely ditching JavaScript in the process. [...]

https://www.bleepingcomputer.com/news/software/developer-creates-a-two-way-chat-using-only-css-and-html/

Hackers Claim Breaching AV Companies, Offer Access and Source Code

A hacking group or individual is advertising access to the networks of at least three antivirus companies in the U.S. and source code for their software products. [...]

https://www.bleepingcomputer.com/news/security/hackers-claim-breaching-av-companies-offer-access-and-source-code/

Firefox May Add Some Tor Features for Super Private Browsing Mode

Mozilla said in the company's public Research Grants 2019H1 report that it wants to integrate some Tor features into the Firefox web browser with the end goal of adding a so-called Super Private Browsing (SPB) mode. [...]

https://www.bleepingcomputer.com/news/security/firefox-may-add-some-tor-features-for-super-private-browsing-mode/

Jokeroo Ransomware as a Service Pulls an Exit Scam

Since May 7th, 2019, the Tor sites for the Jokeroo Ransomware as a Service (RaaS) have started displaying a notice stating that their server was seized by the Royal Thai Police in conjunction with the Dutch National Police and Europol. It turns out that this notice is fake and the RaaS is performing an exit scam. [...]

https://www.bleepingcomputer.com/news/security/jokeroo-ransomware-as-a-service-pulls-an-exit-scam/

Android Q Hardens Security, Adds Better Encryption

Google announced the integration of more features into Android Q designed to further harden the security of critical areas like the kernel, as well as making storage encryption standard and updated biometrics API. [...]

https://www.bleepingcomputer.com/news/security/android-q-hardens-security-adds-better-encryption/

Site Promoting KeePass Password Manager Pushes Malware

A site that pretends to promote the popular KeePass password management software is actually distributing malware on unsuspecting visitors. This site is part of a larger network of sites distributing adware bundles as free programs. [...]

https://www.bleepingcomputer.com/news/security/site-promoting-keepass-password-manager-pushes-malware/

North Korean Hackers Use ELECTRICFISH Malware to Steal Data

The Federal Bureau of Investigation (FBI) and the U.S. Department of Homeland Security (DHS) have issued a joint malware analysis report (MAR) on a new malware strain dubbed ELECTRICFISH and used by the North-Korean APT group Lazarus to exfiltrate data from victims. [...]

https://www.bleepingcomputer.com/news/security/north-korean-hackers-use-electricfish-malware-to-steal-data/

Mozilla to Delete Usage Data Collected From Firefox Addon Fix

Mozilla has decided to delete all telemetry, or user's usage and performance data, that was collected by Firefox while they were rolling out the study to fix disabled Firefox addons. [...]

https://www.bleepingcomputer.com/news/software/mozilla-to-delete-usage-data-collected-from-firefox-addon-fix/

U.S Indicts Chinese Hackers for Anthem Data Breach

The U.S. Department of Justice has formally charged two members of a hacking group operating in China for illegally accessing computer systems of health insurer Anthem and stealing personally identifiable information (PII) of 78.8 million people. [...]

https://www.bleepingcomputer.com/news/security/us-indicts-chinese-hackers-for-anthem-data-breach/