Microsoft Releases Windows 7 & 8.1 Cumulative Updates KB4499164 & KB4499151
Microsoft is rolling out new cumulative updates to Windows 10 versions with security fixes and improvements. Microsoft has also released the May 2019 patches to users with Windows 7 and Windows 8.1 device. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-7-and-81-cumulative-updates-kb4499164-and-kb4499151/
Microsoft is rolling out new cumulative updates to Windows 10 versions with security fixes and improvements. Microsoft has also released the May 2019 patches to users with Windows 7 and Windows 8.1 device. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-7-and-81-cumulative-updates-kb4499164-and-kb4499151/
BleepingComputer
Microsoft Releases Windows 7 & 8.1 Cumulative Updates KB4499164 & KB4499151
Microsoft is rolling out new cumulative updates to Windows 10 versions with security fixes and improvements. Microsoft has also released the May 2019 patches to users with Windows 7 and Windows 8.1 device.
List of MDS Speculative Execution Vulnerability Advisories & Updates
Four new vulnerabilities have been discovered in Intel processors that can be exploited via speculative execution side-channel attacks called RIDL, Fallout, and ZombieLoad. These vulnerabilities allow attackers to steal passwords, cryptographic keys, or any other type of data to be loaded or stored in the memory of the CPU buffers. [...]
https://www.bleepingcomputer.com/news/security/list-of-mds-speculative-execution-vulnerability-advisories-and-updates/
Four new vulnerabilities have been discovered in Intel processors that can be exploited via speculative execution side-channel attacks called RIDL, Fallout, and ZombieLoad. These vulnerabilities allow attackers to steal passwords, cryptographic keys, or any other type of data to be loaded or stored in the memory of the CPU buffers. [...]
https://www.bleepingcomputer.com/news/security/list-of-mds-speculative-execution-vulnerability-advisories-and-updates/
BleepingComputer
List of MDS Speculative Execution Vulnerability Advisories & Updates
Four new vulnerabilities have been discovered in Intel processors that can be exploited via speculative execution side-channel attacks called RIDL, Fallout, and ZombieLoad. These vulnerabilities allow attackers to steal passwords, cryptographic keys, or anyβ¦
Windows 10 Spectre 2 Mitigation Now Uses Retpoline By Default
If you currently have mitigations enabled for the Spectre Variant 2 (CVE-2017-5715) vulnerability, Microsoft has now enabled the Retpoline Spectre mitigation feature by default in Windows 10 version 1809 (October 2018 Update) for better performance. [...]
https://www.bleepingcomputer.com/news/security/windows-10-spectre-2-mitigation-now-uses-retpoline-by-default/
If you currently have mitigations enabled for the Spectre Variant 2 (CVE-2017-5715) vulnerability, Microsoft has now enabled the Retpoline Spectre mitigation feature by default in Windows 10 version 1809 (October 2018 Update) for better performance. [...]
https://www.bleepingcomputer.com/news/security/windows-10-spectre-2-mitigation-now-uses-retpoline-by-default/
BleepingComputer
Windows 10 Spectre 2 Mitigation Now Uses Retpoline By Default
If you currently have mitigations enabled for the Spectre Variant 2 (CVE-2017-5715) vulnerability, Microsoft has now enabled the Retpoline Spectre mitigation feature by default in Windows 10 version 1809 (October 2018 Update) for better performance.
Hackers Inject Magecart Card Skimmer in Forbesβ Subscription Site
Forbes' subscription website got injected by hackers with a Magecart card skimming script designed to exfiltrate customer payment data to a server controlled by the cybercriminals behind the attack. [...]
https://www.bleepingcomputer.com/news/security/hackers-inject-magecart-card-skimmer-in-forbes-subscription-site/
Forbes' subscription website got injected by hackers with a Magecart card skimming script designed to exfiltrate customer payment data to a server controlled by the cybercriminals behind the attack. [...]
https://www.bleepingcomputer.com/news/security/hackers-inject-magecart-card-skimmer-in-forbes-subscription-site/
BleepingComputer
Hackers Inject Magecart Card Skimmer in Forbesβ Subscription Site
Forbes' subscription website got injected by hackers with a Magecart card skimming script designed to exfiltrate customer payment data to a server controlled by the cybercriminals behind the attack.
Google Hides Payment Privacy Settings Behind Special URL
It has been discovered that Google is hiding three Google Pay privacy settings unless you access the service's Settings screen through a special URL. These settings allow you to restrict whether Google Pay shares your creditworthiness, personal information, or Google Pay account information. [...]
https://www.bleepingcomputer.com/news/google/google-hides-payment-privacy-settings-behind-special-url/
It has been discovered that Google is hiding three Google Pay privacy settings unless you access the service's Settings screen through a special URL. These settings allow you to restrict whether Google Pay shares your creditworthiness, personal information, or Google Pay account information. [...]
https://www.bleepingcomputer.com/news/google/google-hides-payment-privacy-settings-behind-special-url/
BleepingComputer
Google Payment Privacy Settings Hidden Behind Special URL
It has been discovered that Google is hiding three Google Pay privacy settings unless you access the service's Settings screen through a special URL. These settings allow you to restrict whether Google Pay shares your creditworthiness, personal informationβ¦
Attackers Evade Detection By Randomizing TLS Handshake Ciphers
Cybercriminals are using a new method to evade detection to make sure that the traffic generated by their malicious campaigns is not being detected, a technique based on SSL/TLS signature randomization and dubbed cipher stunting. [...]
https://www.bleepingcomputer.com/news/security/attackers-evade-detection-by-randomizing-tls-handshake-ciphers/
Cybercriminals are using a new method to evade detection to make sure that the traffic generated by their malicious campaigns is not being detected, a technique based on SSL/TLS signature randomization and dubbed cipher stunting. [...]
https://www.bleepingcomputer.com/news/security/attackers-evade-detection-by-randomizing-tls-handshake-ciphers/
BleepingComputer
Attackers Evade Detection By Randomizing TLS Handshake Ciphers
Cybercriminals are using a new method to evade detection to make sure that the traffic generated by their malicious campaigns is not being detected, a technique based on SSL/TLS signature randomization and dubbed cipher stunting.
Google Discloses Bluetooth Flaw in Titan Security Key, Issues Recall
Google disclosed a local proximity vulnerability impacting Bluetooth Low Energy (BLE) Titan Security Keys sold in the U.S. stemming from a "misconfiguration in the Titan Security Keys' Bluetooth pairing protocols." [...]
https://www.bleepingcomputer.com/news/security/google-discloses-bluetooth-flaw-in-titan-security-key-issues-recall/
Google disclosed a local proximity vulnerability impacting Bluetooth Low Energy (BLE) Titan Security Keys sold in the U.S. stemming from a "misconfiguration in the Titan Security Keys' Bluetooth pairing protocols." [...]
https://www.bleepingcomputer.com/news/security/google-discloses-bluetooth-flaw-in-titan-security-key-issues-recall/
BleepingComputer
Google Discloses Bluetooth Flaw in Titan Security Key, Issues Recall
Google disclosed a local proximity vulnerability impacting Bluetooth Low Energy (BLE) Titan Security Keys sold in the U.S. stemming from a "misconfiguration in the Titan Security Keys' Bluetooth pairing protocols."
Azure Active Directory Now Supports 256 Character Passwords
Microsoft has announced that they have removed the 16 character Azure Active Directory password limit and admins can now use up to a maximum of 256 characters. This aligns the passwords lengths with those of on-premises Windows Active Directory services. [...]
https://www.bleepingcomputer.com/news/microsoft/azure-active-directory-now-supports-256-character-passwords/
Microsoft has announced that they have removed the 16 character Azure Active Directory password limit and admins can now use up to a maximum of 256 characters. This aligns the passwords lengths with those of on-premises Windows Active Directory services. [...]
https://www.bleepingcomputer.com/news/microsoft/azure-active-directory-now-supports-256-character-passwords/
BleepingComputer
Azure Active Directory Now Supports 256 Character Passwords
Microsoft has announced that they have removed the 16 character Azure Active Directory password limit and admins can now use up to a maximum of 256 characters. This aligns the passwords lengths with those of on-premises Windows Active Directory services.
Windows 10 Insider Build 18898 Now Shows Drive Types in Task Manager
Microsoft has released Windows 10 Insider Preview Build 18898 to Insiders in the Fast ring. This build includes a new feature in the Task Manager performance tab that shows the drive type of installed disks as well as fixes for crashes in Explorer and DWM. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-18898-now-shows-drive-types-in-task-manager/
Microsoft has released Windows 10 Insider Preview Build 18898 to Insiders in the Fast ring. This build includes a new feature in the Task Manager performance tab that shows the drive type of installed disks as well as fixes for crashes in Explorer and DWM. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-18898-now-shows-drive-types-in-task-manager/
BleepingComputer
Windows 10 Insider Build 18898 Now Shows Drive Types in Task Manager
Microsoft has released Windows 10 Insider Preview Build 18898 to Insiders in the Fast ring. This build includes a new feature in the Task Manager performance tab that shows the drive type of installed disks as well as fixes for crashes in Explorer and DWM.
Over 757K Fraudulently Obtained IPv4 Addresses Revoked by ARIN
The American Registry for Internet Numbers, Ltd. (ARIN) discovered a fraud scheme through which 757,760 IPv4 addresses worth between $9,850,880 and $14,397,440 were fraudulently obtained. [...]
https://www.bleepingcomputer.com/news/security/over-757k-fraudulently-obtained-ipv4-addresses-revoked-by-arin/
The American Registry for Internet Numbers, Ltd. (ARIN) discovered a fraud scheme through which 757,760 IPv4 addresses worth between $9,850,880 and $14,397,440 were fraudulently obtained. [...]
https://www.bleepingcomputer.com/news/security/over-757k-fraudulently-obtained-ipv4-addresses-revoked-by-arin/
BleepingComputer
Over 757K Fraudulently Obtained IPv4 Addresses Revoked by ARIN
The American Registry for Internet Numbers, Ltd. (ARIN) discovered a fraud scheme through which 757,760 IPv4 addresses worth between $9,850,880 and $14,397,440 were fraudulently obtained.
Microsoft Tech Support Scams Invade Azure Cloud Services
Tech support scams have always been a problem, but they typically were located on small web hosting services throughout the world. Researchers have now observed these scams increasingly moving towards the Microsoft Azure cloud platform for ease of deployment and inexpensive web hosting. [...]
https://www.bleepingcomputer.com/news/security/microsoft-tech-support-scams-invade-azure-cloud-services/
Tech support scams have always been a problem, but they typically were located on small web hosting services throughout the world. Researchers have now observed these scams increasingly moving towards the Microsoft Azure cloud platform for ease of deployment and inexpensive web hosting. [...]
https://www.bleepingcomputer.com/news/security/microsoft-tech-support-scams-invade-azure-cloud-services/
BleepingComputer
Microsoft Tech Support Scams Invade Azure Cloud Services
Tech support scams have always been a problem, but they typically were located on small web hosting services throughout the world. Researchers have now observed these scams increasingly moving towards the Microsoft Azure cloud platform for ease of deploymentβ¦
GozNym Cybercrime Group Behind $100 Million Damages Dismantled
Ten members of the GozNym cybercriminal group which used the Avalanche malware distribution network to launch malware attacks against businesses and financial institutions were indicted today for computer fraud conspiracy, wire and bank fraud conspiracy, and money laundering. [...]
https://www.bleepingcomputer.com/news/security/goznym-cybercrime-group-behind-100-million-damages-dismantled/
Ten members of the GozNym cybercriminal group which used the Avalanche malware distribution network to launch malware attacks against businesses and financial institutions were indicted today for computer fraud conspiracy, wire and bank fraud conspiracy, and money laundering. [...]
https://www.bleepingcomputer.com/news/security/goznym-cybercrime-group-behind-100-million-damages-dismantled/
BleepingComputer
GozNym Cybercrime Group Behind $100 Million Damages Dismantled
Ten members of the GozNym cybercriminal group which used the Avalanche malware distribution network to launch malware attacks against businesses and financial institutions were indicted today for computer fraud conspiracy, wire and bank fraud conspiracy,β¦
Windows 10 KB4494441 Update May Be Shown As Installed Twice
A bug is causing the Windows 10 KB4494441 May 2019 Cumulative Update to be shown as being installed twice on some computers according to Microsoft and user reports. When users see the update listed twice, it is nothing to worry about as it is just a cosmetic error. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4494441-update-may-be-shown-as-installed-twice/
A bug is causing the Windows 10 KB4494441 May 2019 Cumulative Update to be shown as being installed twice on some computers according to Microsoft and user reports. When users see the update listed twice, it is nothing to worry about as it is just a cosmetic error. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4494441-update-may-be-shown-as-installed-twice/
BleepingComputer
Windows 10 KB4494441 Update May Be Shown As Installed Twice
A bug is causing the Windows 10 KB4494441 May 2019 Cumulative Update to be shown as being installed twice on some computers according to Microsoft and user reports. When users see the update listed twice, it is nothing to worry about as it is just a cosmeticβ¦
Bug in WordPress Live Chat Plugin Lets Hackers Inject Scripts
Site admins using WP Live Chat Support for Wordpress are advised to update the plugin to the latest version to close a persistent cross-site scripting (XSS) vulnerability that can be abused without authentication. [...]
https://www.bleepingcomputer.com/news/security/bug-in-wordpress-live-chat-plugin-lets-hackers-inject-scripts/
Site admins using WP Live Chat Support for Wordpress are advised to update the plugin to the latest version to close a persistent cross-site scripting (XSS) vulnerability that can be abused without authentication. [...]
https://www.bleepingcomputer.com/news/security/bug-in-wordpress-live-chat-plugin-lets-hackers-inject-scripts/
BleepingComputer
Bug in WordPress Live Chat Plugin Lets Hackers Inject Scripts
Site admins using WP Live Chat Support for Wordpress are advised to update the plugin to the latest version to close a persistent cross-site scripting (XSS) vulnerability that can be abused without authentication.
Facebook Bans Israeli Entity For Creating Fake Accounts
Facebook announced that today it removed 265 Facebook and Instagram accounts, Facebook Pages, Groups and events for fake behavior originating from Israeli commercial entity Archimedes Group. [...]
https://www.bleepingcomputer.com/news/security/facebook-bans-israeli-entity-for-creating-fake-accounts/
Facebook announced that today it removed 265 Facebook and Instagram accounts, Facebook Pages, Groups and events for fake behavior originating from Israeli commercial entity Archimedes Group. [...]
https://www.bleepingcomputer.com/news/security/facebook-bans-israeli-entity-for-creating-fake-accounts/
BleepingComputer
Facebook Bans Israeli Entity For Creating Fake Accounts
Facebook announced that today it removed 265 Facebook and Instagram accounts, Facebook Pages, Groups and events for fake behavior originating from Israeli commercial entity Archimedes Group.
Unsecured Survey Database Exposes Info of 8 Million People
An unsecured database has exposed the personal information of 8 million people from the U.S. who participated in online surveys, sweepstakes, and requests for free product samples. [...]
https://www.bleepingcomputer.com/news/security/unsecured-survey-database-exposes-info-of-8-million-people/
An unsecured database has exposed the personal information of 8 million people from the U.S. who participated in online surveys, sweepstakes, and requests for free product samples. [...]
https://www.bleepingcomputer.com/news/security/unsecured-survey-database-exposes-info-of-8-million-people/
BleepingComputer
Unsecured Survey Database Exposes Info of 8 Million People
An unsecured database has exposed the personal information of 8 million people from the U.S. who participated in online surveys, sweepstakes, and requests for free product samples.
Chrome Bug Causing Address Bar to Show Searches Over Site History
A bug in the current versions of Chrome 74, Chrome 75 Beta, and Chrome 76 Nightly are causing address bar suggestions to prioritize your search keywords over the sites you most visited. [...]
https://www.bleepingcomputer.com/news/google/chrome-bug-causing-address-bar-to-show-searches-over-site-history/
A bug in the current versions of Chrome 74, Chrome 75 Beta, and Chrome 76 Nightly are causing address bar suggestions to prioritize your search keywords over the sites you most visited. [...]
https://www.bleepingcomputer.com/news/google/chrome-bug-causing-address-bar-to-show-searches-over-site-history/
BleepingComputer
Chrome Bug Causing Address Bar to Show Searches Over Site History
A bug in the current versions of Chrome 74, Chrome 75 Beta, and Chrome 76 Nightly are causing address bar suggestions to prioritize your search keywords over the sites you most visited.
Hackers Accessed Stack Overflow's Production Systems
In a short announcement today, Stack Overflow informs that it was the target of an attack that resulted in hackers accessing its production systems. [...]
https://www.bleepingcomputer.com/news/security/hackers-accessed-stack-overflows-production-systems/
In a short announcement today, Stack Overflow informs that it was the target of an attack that resulted in hackers accessing its production systems. [...]
https://www.bleepingcomputer.com/news/security/hackers-accessed-stack-overflows-production-systems/
BleepingComputer
Hackers Accessed Stack Overflow's Production Systems
In a short announcement today, Stack Overflow informs that it was the target of an attack that resulted in hackers accessing its production systems.
Paterson Public Schools Notified of Breach, Threatens with Civil Case
A report earlier this week from Paterson Times informed that the systems of Paterson Public Schools in New Jersey had been breached and the intruder stole thousands of usernames and weakly protected passwords. In reply, the school district issued a letter informing that "a civil court action must be pursued." [...]
https://www.bleepingcomputer.com/news/security/paterson-public-schools-notified-of-breach-threatens-with-civil-case/
A report earlier this week from Paterson Times informed that the systems of Paterson Public Schools in New Jersey had been breached and the intruder stole thousands of usernames and weakly protected passwords. In reply, the school district issued a letter informing that "a civil court action must be pursued." [...]
https://www.bleepingcomputer.com/news/security/paterson-public-schools-notified-of-breach-threatens-with-civil-case/
BleepingComputer
Paterson Public Schools Notified of Breach, Threatens with Civil Case
A report earlier this week from Paterson Times informed that the systems of Paterson Public Schools in New Jersey had been breached and the intruder stole thousands of usernames and weakly protected passwords. In reply, the school district issued a letterβ¦
Over 12,000 MongoDB Databases Deleted by Unistellar Attackers
Over 12,000 unsecured MongoDB databases have been deleted over the last three weeks, with only a message left behind asking the owners of the databases to contact the cyber-extortionists to have the data restored. [...]
https://www.bleepingcomputer.com/news/security/over-12-000-mongodb-databases-deleted-by-unistellar-attackers/
Over 12,000 unsecured MongoDB databases have been deleted over the last three weeks, with only a message left behind asking the owners of the databases to contact the cyber-extortionists to have the data restored. [...]
https://www.bleepingcomputer.com/news/security/over-12-000-mongodb-databases-deleted-by-unistellar-attackers/
BleepingComputer
Over 12,000 MongoDB Databases Deleted by Unistellar Attackers
Over 12,000 unsecured MongoDB databases have been deleted over the last three weeks, with only a message left behind asking the owners of the databases to contact the cyber-extortionists to have the data restored.
Cisco Upgrades Remote Code Execution Flaws to Critical Severity
Cisco upgraded three remote code execution (RCE) vulnerabilities impacting the web management interfaces to critical severity with a CVSS base score of 9.8 after initially rating them as high with a base score of 8.8 when the advisories were first published on May 15. [...]
https://www.bleepingcomputer.com/news/security/cisco-upgrades-remote-code-execution-flaws-to-critical-severity/
Cisco upgraded three remote code execution (RCE) vulnerabilities impacting the web management interfaces to critical severity with a CVSS base score of 9.8 after initially rating them as high with a base score of 8.8 when the advisories were first published on May 15. [...]
https://www.bleepingcomputer.com/news/security/cisco-upgrades-remote-code-execution-flaws-to-critical-severity/
BleepingComputer
Cisco Upgrades Remote Code Execution Flaws to Critical Severity
Cisco upgraded three remote code execution (RCE) vulnerabilities impacting the web management interfaces to critical severity with a CVSS base score of 9.8 after initially rating them as high with a base score of 8.8 when the advisories were first publishedβ¦