Oracle Fixes Critical Bug in WebLogic Server Web Services

Oracle on Tuesday announced a patch for a remote code execution vulnerability affecting specific versions of the WebLogic Server. The bug bypasses a previously fixed flaw and researchers say it is actively used in attacks. [...]

https://www.bleepingcomputer.com/news/security/oracle-fixes-critical-bug-in-weblogic-server-web-services/

Microsoft Prepares to Autoupdate Windows 10 v1803 and Earlier Devices

Microsoft says that a feature update will be automatically initiated for devices running Windows 10 version 1803 and earlier using a machine learning (ML) based rollout process. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-prepares-to-autoupdate-windows-10-v1803-and-earlier-devices/

Microsoft Edge Group Policies Preview Released for Testing

Microsoft has released an early preview of the group policies for the Microsoft Edge Chromium-based browser so that users can begin testing them. As this is a preview, some of the policies may not have been implemented in the current Google Canary and Dev builds. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-group-policies-preview-released-for-testing/

Hackers Disguise New JavaScript-Based Trojan as Game Cheat

Researchers discovered a new JavaScript-based and modular downloader Trojan camouflaged and distributed to targets in the form of game cheats via websites owned by its developers. [...]

https://www.bleepingcomputer.com/news/security/hackers-disguise-new-javascript-based-trojan-as-game-cheat/

Phishing Attack Exposes Data of 645,000 Oregon DHS Clients

The Department of Human Services (DHS) in Oregon today started notifying over half a million of its clients that their personal information was exposed to an unauthorized party in a data breach incident announced earlier this year. [...]

https://www.bleepingcomputer.com/news/security/phishing-attack-exposes-data-of-645-000-oregon-dhs-clients/

Google Pushes Confidential Android Security Update to Pixel User

Google has mistakenly sent out a confidential Google-only dogfood build of their upcoming July 2019 security update to a Pixel owner. These builds are meant to be used internally by Google employees and are not meant to be pushed out to normal users. [...]

https://www.bleepingcomputer.com/news/google/google-pushes-confidential-android-security-update-to-pixel-user/

Modular Plurox Malware Is a Wormable Backdoor Cryptominer

A new modular backdoor malware strain capable of mining cryptocurrencies and of spreading to other machines on the local network with the help of SMB and UPnP plugins has been detected by Kaspersky security researchers. [...]

https://www.bleepingcomputer.com/news/security/modular-plurox-malware-is-a-wormable-backdoor-cryptominer/

Malware Dropper Infects Linux Hosts with Resilient Cryptominer

A cryptomining dropper malware has been spotted by security researchers while gaining persistence on Linux hosts by adding cron jobs to reinfect the compromised machines after being removed. [...]

https://www.bleepingcomputer.com/news/security/malware-dropper-infects-linux-hosts-with-resilient-cryptominer/

Windows 10 Insider Build 18922 With an Updated Feedback Hub

Microsoft has released Windows 10 Insider Preview Build 18922 to Insiders in the Fast ring. This build includes various fixes as well as a redesigned Language settings screen and a "similar feedback" feature for the Windows 10 Feedback Hub. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-18922-with-an-updated-feedback-hub/

Microsoft Edge Chromium Released for Windows 7, 8, and 8.1

Microsoft has officially released their Chromium-based Microsoft Edge browser for the Windows 7, Windows 8, and Windows 8.1 operating systems. This will allow a wider range of Windows users to test out the upcoming chromium-based Edge browser and report bugs that they may encounter. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-chromium-released-for-windows-7-8-and-81/

Tor Browser 8.5.2 Released to Fix Critical Vulnerability

Tor Browser 8.5.2 has been released to fix a critical vulnerability in Firefox that was fixed by Mozilla this week. It is strongly advised that all Tor users install this update as soon as possible. [...]

https://www.bleepingcomputer.com/news/software/tor-browser-852-released-to-fix-critical-vulnerability/

New Standalone Cortana Beta App Coming to Windows 10 Insiders

In the latest Windows 10 Insider build, Microsoft is testing a new hidden standalone Cortana app that gives us a glimpse of the future for Microsoft's personal assistant. [...]

https://www.bleepingcomputer.com/news/microsoft/new-standalone-cortana-beta-app-coming-to-windows-10-insiders/

Samba Vulnerability Can Crash Active Directory Components

A couple of bugs in some versions of Samba software can help an attacker crash key processes on the network in charge of accessing directory, application, and server services. [...]

https://www.bleepingcomputer.com/news/security/samba-vulnerability-can-crash-active-directory-components/

The U.S. Loses Over $1.5 Trillion in a Decade of Data Breaches

A decade's collection of data breaches shows a bleak picture with billions of records exposed in this type of incidents and financial damages of more than $1.6 trillion. [...]

https://www.bleepingcomputer.com/news/security/the-us-loses-over-15-trillion-in-a-decade-of-data-breaches/

Linux Cryptominer Uses Virtual Machines to Attack Windows, macOS

A new cryptocurrency mining malware dubbed LoudMiner uses virtualization software to deploy a Linux XMRig coinminer variant on Windows and macOS systems via a Tiny Core Linux virtual machine. [...]

https://www.bleepingcomputer.com/news/security/linux-cryptominer-uses-virtual-machines-to-attack-windows-macos/

Firefox 0-day Used in Targeted Attacks Against Cryptocurrency Firms

The employees of Coinbase and other cryptocurrency firms were the target of an attack utilizing a recent Firefox zero-day and malware payloads in order to gain access to victim's computers, networks, and sensitive information. [...]

https://www.bleepingcomputer.com/news/security/firefox-0-day-used-in-targeted-attacks-against-cryptocurrency-firms/

Turla Espionage Group Hacks OilRig APT Infrastructure

Security researchers tracking activities of various nation-state cyber-espionage groups found evidence suggesting that the Turla group hijacked the infrastructure of OilRig hackers to compromise a target both actors were interested in. [...]

https://www.bleepingcomputer.com/news/security/turla-espionage-group-hacks-oilrig-apt-infrastructure/

DanaBot Banking Trojan Upgraded with ‘Non Ransomware’ Module

A new malicious campaign is distributing an upgraded variant of DanaBot that comes with a new ransomware module used to target potential victims from Italy and Poland via phishing emails which deliver malware droppers. [...]

https://www.bleepingcomputer.com/news/security/danabot-banking-trojan-upgraded-with-non-ransomware-module/

Mozilla Firefox 67.0.4 Fixes Second Actively Exploited Zero-Day

Mozilla has released Firefox 67.0.4 to fix a security vulnerability that has been used in targeted attacks against cryptocurrency firms such as Coinbase. Users of Firefox should immediately install this update. [...]

https://www.bleepingcomputer.com/news/security/mozilla-firefox-6704-fixes-second-actively-exploited-zero-day/

Windows 10 Will Now Notify Users When Version 1903 is Blocked

Windows Update will now alert Windows 10 users when a featured update such as the Windows 10 May 2019 Update, or version 1903, is blocked from being installed. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-will-now-notify-users-when-version-1903-is-blocked/

Desjardins Group Data Leak Exposes Info of 2.9 Million Members

Sensitive personal information of roughly 2.9 million Desjardins Group members was leaked after an employee disclosed it to people outside the organization without authorization.  [...]

https://www.bleepingcomputer.com/news/security/desjardins-group-data-leak-exposes-info-of-29-million-members/