Google Chrome Offers a Glimpse of it's Upcoming Settings Screen

In the latest Chrome Nightly build, Google is finally giving in and putting a fixed left-hand navigation bar in the browser's Settings page. [...]

https://www.bleepingcomputer.com/news/security/google-chrome-offers-a-glimpse-of-its-upcoming-settings-screen/

Hackers Access Over 461,000 Accounts in Uniqlo Data Breach

Fast Retailing, the company behind multiple Japanese retail brands, announced that the UNIQLO Japan and GU Japan online stores have been hacked and third parties accessed 461,091 customer accounts following a credential stuffing attack. [...]

https://www.bleepingcomputer.com/news/security/hackers-access-over-461-000-accounts-in-uniqlo-data-breach/

Keyloggers Injected in Web Trust Seal Supply Chain Attack

Hackers compromised the script used by Best of the Web to display their trust seal on their customers' websites and to add two key logging scripts designed to sniff keystrokes from visitors. [...]

https://www.bleepingcomputer.com/news/security/keyloggers-injected-in-web-trust-seal-supply-chain-attack/

Microsoft Fixes Critical Remote Desktop Flaw, Blocks Worm Malware

Microsoft patched today a critical Remote Code Execution vulnerability found in the Remote Desktop Services platform which can allow malicious actors to create malware designed to propagate between computers running vulnerable RDS installations. [...]

https://www.bleepingcomputer.com/news/security/microsoft-fixes-critical-remote-desktop-flaw-blocks-worm-malware/

New RIDL and Fallout Attacks Impact All Modern Intel CPUs

Multiple security researchers have released details about a new class of speculative attacks against all modern Intel processors. The attacks are different from and more dangerous than Meltdown and Spectre and their variations because they can leak data from CPU buffers, which is not necessarily present in caches. [...]

https://www.bleepingcomputer.com/news/security/new-ridl-and-fallout-attacks-impact-all-modern-intel-cpus/

Security Updates Released for Adobe Flash Player and Media Encoder

Adobe has published their monthly Patch Tuesday updates for the month of May 2019. These updates includes fixes for two vulnerabilities in Adobe Media Encoder and one in Adobe Flash Player. [...]

https://www.bleepingcomputer.com/news/security/security-updates-released-for-adobe-flash-player-and-media-encoder/

Microsoft Releases May 2019 Office Updates With Security Fixes

Microsoft released the May 2019 Office Update today, which consists of 9 security updates and 25 non-security updates. As some of the Microsoft Office security updates resolve critical vulnerabilities, it is strongly advised to install them as soon as possible. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-may-2019-office-updates-with-security-fixes/

Windows 10 May 2019 Cumulative Updates Released With Fixes

Microsoft has just released new cumulative updates for Windows 10 version 1903, version 1809 and version 1803 as part of the monthly Patch Tuesday cycle. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-may-2019-cumulative-updates-released-with-fixes/

Microsoft's May 2019 Patch Tuesday Fixes 79 Vulnerabilities

Today is Microsoft's May 2019 Patch Tuesday, which means Windows admins are pouring themselves a drink (maybe two) and getting ready ti pull their hair out while testing the new patches and security updates released by Microsoft. Included in this month's updates are fixes for publicly disclosed or exploited vulnerabilities. [...]

https://www.bleepingcomputer.com/news/microsoft/microsofts-may-2019-patch-tuesday-fixes-79-vulnerabilities/

Microsoft Releases Windows 7 & 8.1 Cumulative Updates KB4499164 & KB4499151

Microsoft is rolling out new cumulative updates to Windows 10 versions with security fixes and improvements. Microsoft has also released the May 2019 patches to users with Windows 7 and Windows 8.1 device. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-7-and-81-cumulative-updates-kb4499164-and-kb4499151/

List of MDS Speculative Execution Vulnerability Advisories & Updates

Four new vulnerabilities have been discovered in Intel processors that can be exploited via speculative execution side-channel attacks called RIDL, Fallout, and ZombieLoad. These vulnerabilities allow attackers to steal passwords, cryptographic keys, or any other type of data to be loaded or stored in the memory of the CPU buffers. [...]

https://www.bleepingcomputer.com/news/security/list-of-mds-speculative-execution-vulnerability-advisories-and-updates/

Windows 10 Spectre 2 Mitigation Now Uses Retpoline By Default

If you currently have mitigations enabled for the Spectre Variant 2 (CVE-2017-5715) vulnerability, Microsoft has now enabled the Retpoline Spectre mitigation feature by default in Windows 10 version 1809 (October 2018 Update) for better performance. [...]

https://www.bleepingcomputer.com/news/security/windows-10-spectre-2-mitigation-now-uses-retpoline-by-default/

Hackers Inject Magecart Card Skimmer in Forbes’ Subscription Site

Forbes' subscription website got injected by hackers with a Magecart card skimming script designed to exfiltrate customer payment data to a server controlled by the cybercriminals behind the attack. [...]

https://www.bleepingcomputer.com/news/security/hackers-inject-magecart-card-skimmer-in-forbes-subscription-site/

Google Hides Payment Privacy Settings Behind Special URL

It has been discovered that Google is hiding three Google Pay privacy settings unless you access the service's Settings screen through a special URL. These settings allow you to restrict whether Google Pay shares your creditworthiness, personal information, or Google Pay account information. [...]

https://www.bleepingcomputer.com/news/google/google-hides-payment-privacy-settings-behind-special-url/

Attackers Evade Detection By Randomizing TLS Handshake Ciphers

Cybercriminals are using a new method to evade detection to make sure that the traffic generated by their malicious campaigns is not being detected, a technique based on SSL/TLS signature randomization and dubbed cipher stunting. [...]

https://www.bleepingcomputer.com/news/security/attackers-evade-detection-by-randomizing-tls-handshake-ciphers/

Google Discloses Bluetooth Flaw in Titan Security Key, Issues Recall

Google disclosed a local proximity vulnerability impacting Bluetooth Low Energy (BLE) Titan Security Keys sold in the U.S. stemming from a "misconfiguration in the Titan Security Keys' Bluetooth pairing protocols." [...]

https://www.bleepingcomputer.com/news/security/google-discloses-bluetooth-flaw-in-titan-security-key-issues-recall/

Azure Active Directory Now Supports 256 Character Passwords

Microsoft has announced that they have removed the 16 character Azure Active Directory password limit and admins can now use up to a maximum of 256 characters. This aligns the passwords lengths with those of on-premises Windows Active Directory services. [...]

https://www.bleepingcomputer.com/news/microsoft/azure-active-directory-now-supports-256-character-passwords/

Windows 10 Insider Build 18898 Now Shows Drive Types in Task Manager

Microsoft has released Windows 10 Insider Preview Build 18898 to Insiders in the Fast ring. This build includes a new feature in the Task Manager performance tab that shows the drive type of installed disks as well as fixes for crashes in Explorer and DWM. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-18898-now-shows-drive-types-in-task-manager/

Over 757K Fraudulently Obtained IPv4 Addresses Revoked by ARIN

The American Registry for Internet Numbers, Ltd. (ARIN) discovered a fraud scheme through which 757,760 IPv4 addresses worth between $9,850,880 and $14,397,440 were fraudulently obtained. [...]

https://www.bleepingcomputer.com/news/security/over-757k-fraudulently-obtained-ipv4-addresses-revoked-by-arin/

Microsoft Tech Support Scams Invade Azure Cloud Services

Tech support scams have always been a problem, but they typically were located on small web hosting services throughout the world. Researchers have now observed these scams increasingly moving towards the Microsoft Azure cloud platform for ease of deployment and inexpensive web hosting. [...]

https://www.bleepingcomputer.com/news/security/microsoft-tech-support-scams-invade-azure-cloud-services/

GozNym Cybercrime Group Behind $100 Million Damages Dismantled

Ten members of the GozNym cybercriminal group which used the Avalanche malware distribution network to launch malware attacks against businesses and financial institutions were indicted today for computer fraud conspiracy, wire and bank fraud conspiracy, and money laundering. [...]

https://www.bleepingcomputer.com/news/security/goznym-cybercrime-group-behind-100-million-damages-dismantled/