Improper App Check Revives the Synthetic Clicks Issue in macOS Mojave

An unpatched flaw in the app verification process on macOS Mojave allows trusted apps to load and execute unverified content on the machine. The bug is easy to exploit and can be used to generate synthetic clicks that allow malicious actions. [...]

https://www.bleepingcomputer.com/news/security/improper-app-check-revives-the-synthetic-clicks-issue-in-macos-mojave/

Headhunting Firm Leaks Millions of Resumes, Client Private Data

A misconfigured and publicly accessible ElasticSearch cluster owned by FMC Consulting, a Chinese headhunting company, leaked millions of resumes and company records, as well as customers and employees PII data. [...]

https://www.bleepingcomputer.com/news/security/headhunting-firm-leaks-millions-of-resumes-client-private-data/

New Email Hacking Tool from OilRig APT Group Leaked Online

A tool for hijacking Microsoft Exchange email accounts allegedly used by the OilRig hacker group has been leaked online. The utility is called Jason and it is not detected by antivirus engines on VirusTotal. [...]

https://www.bleepingcomputer.com/news/security/new-email-hacking-tool-from-oilrig-apt-group-leaked-online/

Windows 10 to Require 32GB of Storage Only on New OEM PCs

In an updated support document, Microsoft has stated that the 32 GB storage requirement for Windows 10 version 1903 only applies to OEMs when manufacturing new PCs. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-to-require-32gb-of-storage-only-on-new-oem-pcs/

Older Windows 10 Versions Get Intel Microcode Updates for MDS Vulns

Microsoft has released Intel Microcode update that resolve MDS speculative side channel execution vulnerabilities in older versions of Windows 10 and Windows server. [...]

https://www.bleepingcomputer.com/news/microsoft/older-windows-10-versions-get-intel-microcode-updates-for-mds-vulns/

BlackSquid Uses 7 Exploits to Infect Web Servers with Miners

A newly discovered cryptomining threat targeting web servers, network drives, and removable drives comes filled to the brim with exploits and precautions against analysis tools and environments. [...]

https://www.bleepingcomputer.com/news/security/blacksquid-uses-7-exploits-to-infect-web-servers-with-miners/

Romanian ATM Skimmer Gets Over 5 Years of Jail Time

Romanian national Bogdan Viorel Rusu was sentenced on Monday to 65 months in prison for running a multi-state ATM card skimming operation that caused losses close to $1 million. [...]

https://www.bleepingcomputer.com/news/security/romanian-atm-skimmer-gets-over-5-years-of-jail-time/

Private Info of Over 1.5M Donors Leaked by UChicago Medicine

The personal information of more than 1,6 million potential and existing University of Chicago Medicine donors were exposed by a misconfigured and unprotected ElasticSearch server left open on the Internet without a password. [...]

https://www.bleepingcomputer.com/news/security/private-info-of-over-15m-donors-leaked-by-uchicago-medicine/

Remote Desktop Zero-Day Bug Allows Attackers to Hijack Sessions

A new zero-day vulnerability has been disclosed that could allow attackers to hijack existing Remote Desktop Services sessions in order to gain access to a computer. [...]

https://www.bleepingcomputer.com/news/security/remote-desktop-zero-day-bug-allows-attackers-to-hijack-sessions/

Attackers Stitch Together Frankenstein Campaign Using Free Tools

Threat actors behind a highly-targeted series of cyber attacks spanning from January to April 2019 have been seen employing malicious tools built using freely available components to infect victims with malware designed to harvest credentials. [...]

https://www.bleepingcomputer.com/news/security/attackers-stitch-together-frankenstein-campaign-using-free-tools/

New Privacy Features for Mozilla Firefox, Lockwise Is Live

Mozilla announced new features and changes today that aim to increase the privacy of Firefox users by blocking trackers and offering updates to various Firefox security and privacy services. [...]

https://www.bleepingcomputer.com/news/security/new-privacy-features-for-mozilla-firefox-lockwise-is-live/

Chrome 75 Released with 42 Security Fixes and New Features

Google has released Chrome 75 to the Stable desktop channel, with new features and 42 security fixes, with two of them being marked as High severity. [...]

https://www.bleepingcomputer.com/news/google/chrome-75-released-with-42-security-fixes-and-new-features/

Microsoft Asking for Feedback on the Windows 10 Start Menu

In the Windows 10 Insider builds, Microsoft has started asking Insiders for feedback regarding how they feel about the Windows 10 Start Menu better and if they have suggestions on how to make it better. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-asking-for-feedback-on-the-windows-10-start-menu/

MetaSploit Module Created for BlueKeep Flaw, Private for Now

A researcher has created a module for the Metasploit Framework for penetration testing that exploits the critical BlueKeep vulnerability on vulnerable Windows XP, 7, and Server 2008 machines to achieve remote code execution. [...]

https://www.bleepingcomputer.com/news/security/metasploit-module-created-for-bluekeep-flaw-private-for-now/

Scattered Canary Evolves From One-Man Operation to BEC Giant

A Nigerian cybercriminal group dubbed Scattered Canary has evolved from one-man Craigslist and romance scams to a large scale criminal business running multiple types of frauds concomitantly and coordinating at least 35 threat actors. [...]

https://www.bleepingcomputer.com/news/security/scattered-canary-evolves-from-one-man-operation-to-bec-giant/

Phishing Kits Add More Vulnerabilities to Hacked Servers

Many phishing kits come with web app vulnerabilities that could expose the servers used for their deployment to new attacks which could lead to full server take over. [...]

https://www.bleepingcomputer.com/news/security/phishing-kits-add-more-vulnerabilities-to-hacked-servers/

Fake Cryptocurrency Trading Site Pushes Crypto Stealing Malware

Malware distributors have setup a site that impersonates the legitimate Cryptohopper cryptocurrency trading platform in order to distribute malware payloads such as information-stealing Trojans, miners, and clipboard hijackers. [...]

https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Windows 10 Insider Build 18912 Fixes win32k.sys GSOD Crashes

Microsoft has released Windows 10 Insider Preview Build 18912 to Insiders in the Fast ring. This build includes numerous bug fixes, including fixes for Win32k.sys GSOD and DWM crashes and Narrator improvements. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-18912-fixes-win32ksys-gsod-crashes/

LibreOffice Will No Longer Provide 32-bit Linux Binaries

With the announcement of LibreOffice 6.3 Beta 1, the open source office suite has also stopped providing 32-bit binaries for the Linux platform, although 32-bit compatibility has not yet been removed. [...]

https://www.bleepingcomputer.com/news/software/libreoffice-will-no-longer-provide-32-bit-linux-binaries/

Cisco Fixes High Severity Flaws in Industrial, Enterprise Tools

Cisco patched two high severity improper input validation vulnerabilities found in the update feature of the Cisco Industrial Network Director (IND) software and the authentication service of Cisco Unified Presence (Cisco Unified CM IM&P Service, Cisco VCS, and Cisco Expressway Series). [...]

https://www.bleepingcomputer.com/news/security/cisco-fixes-high-severity-flaws-in-industrial-enterprise-tools/

Tor Browser 8.5.1 Released With WebGL Fingerprinting Fix

The Tor Project has released Tor Browser 8.5.1 and it is now available for Windows, Mac, Linux, and Android. This release is the first bug fix since 8.5 was released and also includes a temporary fix for a known WebGL fingerprinting technique. [...]

https://www.bleepingcomputer.com/news/software/tor-browser-851-released-with-webgl-fingerprinting-fix/