Hackers Steal Payment Card Data Using Rogue Iframe Phishing

Cybercriminals have upgraded their credit card skimming scripts to use an iframe-based phishing system designed to phish for credit/debit card info from Magento-powered store customers on checkout. [...]

https://www.bleepingcomputer.com/news/security/hackers-steal-payment-card-data-using-rogue-iframe-phishing/

JSWorm 2.0 Ransomware Decryptor Gets Your Files Back For Free

A decryptor for the JSWorm 2.0 Ransomware has been released by Emsisoft this week that allows victims to decrypt their files for free. If you become infected with JSWorm 2.0, do not pay the ransom and instead follow the instructions below. [...]

https://www.bleepingcomputer.com/news/security/jsworm-20-ransomware-decryptor-gets-your-files-back-for-free/

Tor Browser 8.5 for Android Released On The Google Play Store

The stable version of Tor Browser for Android 8.5 has been released today on Google's Play Store, with built-in anti-tracking, fingerprinting blocking, and multi-layered encryption capabilities for censorship-circumvention. [...]

https://www.bleepingcomputer.com/news/security/tor-browser-85-for-android-released-on-the-google-play-store/

Google Stored Unhashed G Suite Passwords for Over a Decade

Google missed a spot when securing passwords for some of its business customers, accidentally storing them in plain text for 14 years. [...]

https://www.bleepingcomputer.com/news/security/google-stored-unhashed-g-suite-passwords-for-over-a-decade/

New Zero-Day Exploit for Bug in Windows 10 Task Scheduler

Security researcher SandboxEscaper quietly dropped a new zero-day exploit for Windows operating system, a week after Microsoft's monthly cycle of security updates. [...]

https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-bug-in-windows-10-task-scheduler/

Zebrocy Operators Also Look for Browser and Email Databases

Malware researchers analyzing the Zebrocy kit determined that the operators run commands manually to collect information of interest from infected systems. [...]

https://www.bleepingcomputer.com/news/security/zebrocy-operators-also-look-for-browser-and-email-databases/

Researchers Demo PoC For Remote Desktop BlueKeep RCE Exploit

A proof-of-concept remote code execution (RCE) exploit for the wormable BlueKeep vulnerability tracked as CVE-2019-0708 has been demoed by security researchers from McAfee Labs. [...]

https://www.bleepingcomputer.com/news/security/researchers-demo-poc-for-remote-desktop-bluekeep-rce-exploit/

Volume of Signed Malware Increases, CAs Need Better Vetting

Digitally signed threats with a valid certificate are no longer the mark of a nation-state, sophisticated attacker. The number of malware samples signed with a valid certificate found on VirusTotal is in the thousands. [...]

https://www.bleepingcomputer.com/news/security/volume-of-signed-malware-increases-cas-need-better-vetting/

BestMixer.io Service Shut Down For Laundering $200 Million+

After a yearlong investigation, the Dutch Fiscal Information and Investigation Service (FIOD) shut down Bestmixer.io today, one of the largest cryptocurrency laundering platform in the world, with the help of Europol and Luxembourg law enforcement authorities. [...]

https://www.bleepingcomputer.com/news/security/bestmixerio-service-shut-down-for-laundering-200-million-/

You're Not At Fault, Google Search Tripped and Broke Its Index

This is an article about a Google problem that most of you won't see until it is fixed. That is because Google Search is having a problem where new content is not being indexed in their searched results. [...]

https://www.bleepingcomputer.com/news/google/youre-not-at-fault-google-search-tripped-and-broke-its-index/

GetCrypt Ransomware Brute Forces Credentials, Decryptor Released

A new ransomware called GetCrypt is being installed via the RIG exploit kit. While encrypting a computer it will try to brute force the network credentials of unmapped network shares. [...]

https://www.bleepingcomputer.com/news/security/getcrypt-ransomware-brute-forces-credentials-decryptor-released/

Google Tracks Purchases For Paying G Suite Users, Doesn’t Show It

Google is also tracking all purchases made by G Suite users just as is it happens for users of the free Gmail email service, although the Google Account's Purchases page will not list them for review for the paid accounts. [...]

https://www.bleepingcomputer.com/news/google/google-tracks-purchases-for-paying-g-suite-users-doesn-t-show-it/

PoC Exploits Released for Two More Windows Vulnerabilities

Right on the heels of a privilege escalation zero-day vulnerability for Windows 10 released yesterday, the same researcher has released two more zero-day vulnerabilities [...]

https://www.bleepingcomputer.com/news/microsoft/poc-exploits-released-for-two-more-windows-vulnerabilities/

Google Under GDPR Probe After Ad Exchange Privacy Complaint

The Irish Data Protection Commission (DPC) announced that it started investigating if Google's processing of personal data collected by the company as part of Ad Exchange online advertising transactions is breaching GDPR regulations. [...]

https://www.bleepingcomputer.com/news/security/google-under-gdpr-probe-after-ad-exchange-privacy-complaint/

Microsoft Defender ATP is Now Publicly Available for Macs

Microsoft Defender ATP for Mac is now publicly available after being tested in a limited preview that started in March. With the release of a Mac endpoint, enterprise customers utilizing Microsoft Defender ATP can now manage the security of Mac computers from a centralized administrative console. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-atp-is-now-publicly-available-for-macs/

Carders Prefer Audio Skimmers over Less Efficient Flash Skimmers

Although web skimming attacks are rampant these days, the underground market for physical card skimming devices is thriving and changing at the rate of technological advancements. [...]

https://www.bleepingcomputer.com/news/security/carders-prefer-audio-skimmers-over-less-efficient-flash-skimmers/

Microsoft Releases Windows 10 Version 1903 Security Baseline

Microsoft announced today the final version of its security configuration baseline settings for Windows 10 Version 1903 and Windows Server Version 1903, downloadable today using the Microsoft Security Compliance Toolkit. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-version-1903-security-baseline/

Two More Windows 10 Zero-Day PoC Exploits Released, Brings Total to 4

After releasing exploit code for three zero-day vulnerabilities in Windows 10 over the past 48 hours, security researcher and exploit developer SandboxEscaper today has published two more, bypass for the CVE-2019-0841 patch and LPE PoC exploit dubbed InstallerBypass. [...]

https://www.bleepingcomputer.com/news/security/two-more-windows-10-zero-day-poc-exploits-released-brings-total-to-4/

Upgraded JasperLoader Malware Adds Anti-Analysis Mechanisms

A new and upgraded variant of the JasperLoader malware downloader has been observed in the wild actively targeting Italian victims and featuring new capabilities such as extra layers of obfuscation, anti-analysis mechanisms, and geofencing abilities. [...]

https://www.bleepingcomputer.com/news/security/upgraded-jasperloader-malware-adds-anti-analysis-mechanisms/

Android Users Being Spammed Using Fake Missed Call Alerts

Scammers are abusing the Notifications and Push APIs and Google Chrome on Android devices to push spam alerts customized to look like a missed phone call. [...]

https://www.bleepingcomputer.com/news/security/android-users-being-spammed-using-fake-missed-call-alerts/

Using the Windows Sandbox to Stay Safe Online

One of the more interesting features of Windows 10 version 1903, otherwise known as the May 2019 Update, is the Windows Sandbox. The Windows Sandbox is a Windows 10 virtual machine that can be quickly launched so you can test downloaded programs and browsers extensions without risk of infecting your normal Windows operating system. [...]

https://www.bleepingcomputer.com/news/microsoft/using-the-windows-sandbox-to-stay-safe-online/