Microsoft Outlines Their Vision of a Modern Operating System

Microsoft detailed its vision for a future operating system and highlighted the path forward for the operating system that could be Windows or something entirely new. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-outlines-their-vision-of-a-modern-operating-system/

Billing Details for 11.9M Quest Diagnostics Clients Exposed

Quest Diagnostics Incorporated, a Fortune 500 diagnostic services provider, says that approximately 12 million of its clients may have been impacted by a data breach reported by one of its billing providers. [...]

https://www.bleepingcomputer.com/news/security/billing-details-for-119m-quest-diagnostics-clients-exposed/

Windows 10 Apps Hit by Malicious Ads that Blockers Won't Stop

Windows 10 users in Germany are reporting that while using their computer, their default browser would suddenly open to malicious and scam advertisements. These advertisements are being shown by malvertising campaigns on the Microsoft Advertising network that are being displayed in ad supported apps. [...]

https://www.bleepingcomputer.com/news/security/windows-10-apps-hit-by-malicious-ads-that-blockers-wont-stop/

Improper App Check Revives the Synthetic Clicks Issue in macOS Mojave

An unpatched flaw in the app verification process on macOS Mojave allows trusted apps to load and execute unverified content on the machine. The bug is easy to exploit and can be used to generate synthetic clicks that allow malicious actions. [...]

https://www.bleepingcomputer.com/news/security/improper-app-check-revives-the-synthetic-clicks-issue-in-macos-mojave/

Headhunting Firm Leaks Millions of Resumes, Client Private Data

A misconfigured and publicly accessible ElasticSearch cluster owned by FMC Consulting, a Chinese headhunting company, leaked millions of resumes and company records, as well as customers and employees PII data. [...]

https://www.bleepingcomputer.com/news/security/headhunting-firm-leaks-millions-of-resumes-client-private-data/

New Email Hacking Tool from OilRig APT Group Leaked Online

A tool for hijacking Microsoft Exchange email accounts allegedly used by the OilRig hacker group has been leaked online. The utility is called Jason and it is not detected by antivirus engines on VirusTotal. [...]

https://www.bleepingcomputer.com/news/security/new-email-hacking-tool-from-oilrig-apt-group-leaked-online/

Windows 10 to Require 32GB of Storage Only on New OEM PCs

In an updated support document, Microsoft has stated that the 32 GB storage requirement for Windows 10 version 1903 only applies to OEMs when manufacturing new PCs. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-to-require-32gb-of-storage-only-on-new-oem-pcs/

Older Windows 10 Versions Get Intel Microcode Updates for MDS Vulns

Microsoft has released Intel Microcode update that resolve MDS speculative side channel execution vulnerabilities in older versions of Windows 10 and Windows server. [...]

https://www.bleepingcomputer.com/news/microsoft/older-windows-10-versions-get-intel-microcode-updates-for-mds-vulns/

BlackSquid Uses 7 Exploits to Infect Web Servers with Miners

A newly discovered cryptomining threat targeting web servers, network drives, and removable drives comes filled to the brim with exploits and precautions against analysis tools and environments. [...]

https://www.bleepingcomputer.com/news/security/blacksquid-uses-7-exploits-to-infect-web-servers-with-miners/

Romanian ATM Skimmer Gets Over 5 Years of Jail Time

Romanian national Bogdan Viorel Rusu was sentenced on Monday to 65 months in prison for running a multi-state ATM card skimming operation that caused losses close to $1 million. [...]

https://www.bleepingcomputer.com/news/security/romanian-atm-skimmer-gets-over-5-years-of-jail-time/

Private Info of Over 1.5M Donors Leaked by UChicago Medicine

The personal information of more than 1,6 million potential and existing University of Chicago Medicine donors were exposed by a misconfigured and unprotected ElasticSearch server left open on the Internet without a password. [...]

https://www.bleepingcomputer.com/news/security/private-info-of-over-15m-donors-leaked-by-uchicago-medicine/

Remote Desktop Zero-Day Bug Allows Attackers to Hijack Sessions

A new zero-day vulnerability has been disclosed that could allow attackers to hijack existing Remote Desktop Services sessions in order to gain access to a computer. [...]

https://www.bleepingcomputer.com/news/security/remote-desktop-zero-day-bug-allows-attackers-to-hijack-sessions/

Attackers Stitch Together Frankenstein Campaign Using Free Tools

Threat actors behind a highly-targeted series of cyber attacks spanning from January to April 2019 have been seen employing malicious tools built using freely available components to infect victims with malware designed to harvest credentials. [...]

https://www.bleepingcomputer.com/news/security/attackers-stitch-together-frankenstein-campaign-using-free-tools/

New Privacy Features for Mozilla Firefox, Lockwise Is Live

Mozilla announced new features and changes today that aim to increase the privacy of Firefox users by blocking trackers and offering updates to various Firefox security and privacy services. [...]

https://www.bleepingcomputer.com/news/security/new-privacy-features-for-mozilla-firefox-lockwise-is-live/

Chrome 75 Released with 42 Security Fixes and New Features

Google has released Chrome 75 to the Stable desktop channel, with new features and 42 security fixes, with two of them being marked as High severity. [...]

https://www.bleepingcomputer.com/news/google/chrome-75-released-with-42-security-fixes-and-new-features/

Microsoft Asking for Feedback on the Windows 10 Start Menu

In the Windows 10 Insider builds, Microsoft has started asking Insiders for feedback regarding how they feel about the Windows 10 Start Menu better and if they have suggestions on how to make it better. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-asking-for-feedback-on-the-windows-10-start-menu/

MetaSploit Module Created for BlueKeep Flaw, Private for Now

A researcher has created a module for the Metasploit Framework for penetration testing that exploits the critical BlueKeep vulnerability on vulnerable Windows XP, 7, and Server 2008 machines to achieve remote code execution. [...]

https://www.bleepingcomputer.com/news/security/metasploit-module-created-for-bluekeep-flaw-private-for-now/

Scattered Canary Evolves From One-Man Operation to BEC Giant

A Nigerian cybercriminal group dubbed Scattered Canary has evolved from one-man Craigslist and romance scams to a large scale criminal business running multiple types of frauds concomitantly and coordinating at least 35 threat actors. [...]

https://www.bleepingcomputer.com/news/security/scattered-canary-evolves-from-one-man-operation-to-bec-giant/

Phishing Kits Add More Vulnerabilities to Hacked Servers

Many phishing kits come with web app vulnerabilities that could expose the servers used for their deployment to new attacks which could lead to full server take over. [...]

https://www.bleepingcomputer.com/news/security/phishing-kits-add-more-vulnerabilities-to-hacked-servers/

Fake Cryptocurrency Trading Site Pushes Crypto Stealing Malware

Malware distributors have setup a site that impersonates the legitimate Cryptohopper cryptocurrency trading platform in order to distribute malware payloads such as information-stealing Trojans, miners, and clipboard hijackers. [...]

https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Windows 10 Insider Build 18912 Fixes win32k.sys GSOD Crashes

Microsoft has released Windows 10 Insider Preview Build 18912 to Insiders in the Fast ring. This build includes numerous bug fixes, including fixes for Win32k.sys GSOD and DWM crashes and Narrator improvements. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-18912-fixes-win32ksys-gsod-crashes/