npm Pulls Malicious Package that Stole Login Passwords

A malicious package was removed today from the npm repository after it was discovered that stole login information from the computers it was installed on. [...]

https://www.bleepingcomputer.com/news/security/npm-pulls-malicious-package-that-stole-login-passwords/

Bitdefender Fixes Privilege Escalation Bug in Free Antivirus 2020

A vulnerability in the free version of Bitdefender Antivirus could be exploited by an attacker to get SYSTEM-level permissions, reserved for the most privileged account on a Windows machine. [...]

https://www.bleepingcomputer.com/news/security/bitdefender-fixes-privilege-escalation-bug-in-free-antivirus-2020/

Portland Public Schools Recovers $2.9 Million Lost in BEC Scam

Oregon urban school district Portland Public Schools is on track to recover roughly $2.9 million wired by district employees to a BEC scammer, after discovering the fraudulent transactions before the money left the fraudster's accounts. [...]

https://www.bleepingcomputer.com/news/security/portland-public-schools-recovers-29-million-lost-in-bec-scam/

GitHub Experienced Widespread Major Services Outage

The GitHub Git repository hosting platform experienced a widespread and major services outage impacting the Issues, PRs, Dashboard, Projects, and Notifications features. [...]

https://www.bleepingcomputer.com/news/technology/github-experienced-widespread-major-services-outage/

Google Twice Misses Android App with Open-Source Spyware Code

One Android app with spyware capabilities based on an open-source remote access tool (RAT) has twice thwarted the security of Google Play over a period of two weeks. [...]

https://www.bleepingcomputer.com/news/security/google-twice-misses-android-app-with-open-source-spyware-code/

Unpatched Squid Servers Exposed to DoS, Code Execution Attacks

Multiple versions of the Squid web proxy cache server built with Basic Authentication features are currently vulnerable to code execution and denial-of-service (DoS) attacks triggered by the exploitation of a heap buffer overflow security flaw. [...]

https://www.bleepingcomputer.com/news/security/unpatched-squid-servers-exposed-to-dos-code-execution-attacks/

Cisco Warns of Public Exploit Code for Critical Switch Flaws

Cisco updated the security advisories for three vulnerabilities patched in early August warning customers that its Product Security Incident Response Team (PSIRT) team is aware of public exploit code being available. [...]

https://www.bleepingcomputer.com/news/security/cisco-warns-of-public-exploit-code-for-critical-switch-flaws/

Steam Patches LPE Vulnerabilities in Beta Version Update

Almost 48 hours after security researcher Vasily Kravets (PsiDragon) released his proof of concept (PoC) for a second vulnerability in Steam client for Windows leading to privilege escalation, Valve released a beta update that allegedly fixes the bugs. [...]

https://www.bleepingcomputer.com/news/security/steam-patches-lpe-vulnerabilities-in-beta-version-update/

Microsoft Forms to Add Enterprise Automatic Phishing Detection

Microsoft is working on also adding automatic phishing to enterprise in-org forms after previously rolling out Microsoft Forms proactive phishing prevention for public forms in July. [...]

https://www.bleepingcomputer.com/news/security/microsoft-forms-to-add-enterprise-automatic-phishing-detection/

Google Chrome to Warn If Logins Are Found in a Data Breach

Google is adding a built-in data breach notification service to the Chrome browser that will alert users when they are logging into sites with credentials that have been exposed by breaches. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-to-warn-if-logins-are-found-in-a-data-breach/

Emotet Botnet Is Back, Servers Active Across the World

Command and control (C2) servers for the Emotet botnet appear to have resumed activity and deliver binaries once more. This comes after being inert since the beginning of June. [...]

https://www.bleepingcomputer.com/news/security/emotet-botnet-is-back-servers-active-across-the-world/

Instagram Phishing Emails Use Fake Login Warning Baits

Instagram users are currently targeted by a new phishing campaign that uses login attempt warnings coupled with what looks like two-factor authentication (2FA) codes to make the scam more believable. [...]

https://www.bleepingcomputer.com/news/security/instagram-phishing-emails-use-fake-login-warning-baits/

Mastercard Reports Data Breach to German and Belgian DPAs

Mastercard disclosed a data breach to the German and Belgian Data Protection Authorities (DPA) involving customer data from the company's Priceless Specials loyalty program. [...]

https://www.bleepingcomputer.com/news/security/mastercard-reports-data-breach-to-german-and-belgian-dpas/

Windows 10 KB4505903 Update Breaks Bluetooth Speakers Connectivity

Microsoft says that Bluetooth speakers will stop connecting to devices running Windows 10, version 1903 after installing the KB4505903 cumulative update released on July 26, 2019. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4505903-update-breaks-bluetooth-speakers-connectivity/

IRS Warns Taxpayers of New Scam Campaign Distributing Malware

The Internal Revenue Service (IRS) issued today a warning to alert taxpayers and tax professionals of an active IRS impersonation scam campaign sending spam emails to deliver malicious payloads. [...]

https://www.bleepingcomputer.com/news/security/irs-warns-taxpayers-of-new-scam-campaign-distributing-malware/

Microsoft Blocks Windows 10 1903 Update on Zebra Rugged Tablets

Microsoft introduced a new compatibility hold to block users of Zebra XSLATE B10 rugged tablets from installing or updating to Windows 10, version 1903 or Windows 10, version 1809. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-blocks-windows-10-1903-update-on-zebra-rugged-tablets/

Hostinger Data Breach Affects Almost 14 Million Customers

Hosting provider Hostinger today announced that it reset the login passwords of 14 million of its customers following a recent security breach that enabled unauthorized access to a client database. [...]

https://www.bleepingcomputer.com/news/security/hostinger-data-breach-affects-almost-14-million-customers/

New Nemty Ransomware May Spread via Compromised RDP Connections

A new ransomware has been spotted over the weekend, carrying references to the Russian president and antivirus software. The researchers call is Nemty. [...]

https://www.bleepingcomputer.com/news/security/new-nemty-ransomware-may-spread-via-compromised-rdp-connections/

Microsoft Warns of Windows 10 1703 End of Life for Enterprise

Microsoft warns the users of Windows 10, version 1703 Enterprise and Education editions to take action since this Windows 10 version will reach end of life on October 9, 2019. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-windows-10-1703-end-of-life-for-enterprise/

Phishing Campaign Delivers Quasar RAT Payloads via Fake Resumes

A new phishing campaign uses fake resume attachments designed to deliver Quasar Remote Administration Tool (RAT) malicious payloads onto the Windows computers of unsuspecting targets. [...]

https://www.bleepingcomputer.com/news/security/phishing-campaign-delivers-quasar-rat-payloads-via-fake-resumes/

Apple Releases iOS 12.4.1 to Patch Security Flaw Behind Jailbreak

Apple released iOS 12.4.1 today to fix a security flaw reintroduced with the release of iOS 12.4, and used by security researcher Pwn20wnd to develop and release a jailbreak tool for up-to-date iOS devices. [...]

https://www.bleepingcomputer.com/news/security/apple-releases-ios-1241-to-patch-security-flaw-behind-jailbreak/