Imperva Discloses Security Incident Affecting Cloud WAF Customers

Cyber security firm Imperva disclosed today a security incident that led to data exposure affecting a subset of customers using its Cloud Web Application Firewall (WAF) product, previously known as Incapsula. [...]

https://www.bleepingcomputer.com/news/security/imperva-discloses-security-incident-affecting-cloud-waf-customers/

Check Point Patches Privilege Escalation Flaw in Endpoint Client

Check Point Software patched a vulnerability discovered in its Endpoint Security Initial Client software for Windows allowing potential attackers to escalate privileges and execute code using SYSTEM privileges. [...]

https://www.bleepingcomputer.com/news/security/check-point-patches-privilege-escalation-flaw-in-endpoint-client/

Android Trojan Infects Tens of Thousands of Devices in 4 Months

A new Trojan dropper dubbed xHelper was observed while slowly but steadily spreading to more and more Android devices since May, with over 32,000 smartphones and tablets having been found infected in the last four months. [...]

https://www.bleepingcomputer.com/news/security/android-trojan-infects-tens-of-thousands-of-devices-in-4-months/

New TrickBot Variant Targets Verizon, T-Mobile, and Sprint Users

A new Trickbot Trojan variant was spotted while focusing on stealing PIN codes from Verizon Wireless, T-Mobile, and Sprint users, marking a new step in this malware's development. [...]

https://www.bleepingcomputer.com/news/security/new-trickbot-variant-targets-verizon-t-mobile-and-sprint-users/

Malware Operation Making Millions Defeated by Design Flaw

The reign of Retadup botnet over more than 850,000 systems has reached an end as its command and control server (C2) was taken down by security researchers from antivirus maker Avast working with the French National Gendarmerie. [...]

https://www.bleepingcomputer.com/news/security/malware-operation-making-millions-defeated-by-design-flaw/

Attackers Target Govt and Financial Orgs With Orcus, Revenge RATs

Multiple malicious campaigns actively targeting government and financial entities around the world have been spotted while backdooring their victims' computers using Revenge and Orcus Remote Access Trojans (RAT). [...]

https://www.bleepingcomputer.com/news/security/attackers-target-govt-and-financial-orgs-with-orcus-revenge-rats/

Microsoft Lifts Update Block On Windows 7 With Symantec AV

Microsoft has raised the safeguard hold put in place to block Symantec or Norton antivirus users from updating their Windows 7 and Windows Server 2008 R2 devices. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-lifts-update-block-on-windows-7-with-symantec-av/

Microsoft Wants exFAT in Linux Kernel, Opens File System Specs

Microsoft announced today that it supports the inclusion of its exFAT (Extended File Allocation Table) file system for USB flash drives and SD cards in the Linux kernel through the Open Invention Network. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-wants-exfat-in-linux-kernel-opens-file-system-specs/

Cisco Fixes Critical Bug in Virtual Service Container for IOS XE

Cisco today published an update for its IOS XE operating system to patch a critical vulnerability that could allow a remote attacker to bypass authentication on devices running an outdated version of the software. [...]

https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-bug-in-virtual-service-container-for-ios-xe/

Starbucks Abandons Azure Site, Exposed Subdomain to Hijacking

An oversight from Starbucks exposed one of its subdomains to takeover threat, which could be further leveraged in attacks against customers and the company. [...]

https://www.bleepingcomputer.com/news/security/starbucks-abandons-azure-site-exposed-subdomain-to-hijacking/

Ghost Clicks Boost Ad Revenue for Android Apps with 1.5M Installs

Two apps in the Google Play that collectively had been installed over 1.5 million times used a creative method to load ads without even showing them to the user. [...]

https://www.bleepingcomputer.com/news/security/ghost-clicks-boost-ad-revenue-for-android-apps-with-15m-installs/

Five More Hackers Become Millionaires on HackerOne

HackerOne says that five more hackers have become millionaires after reporting security vulnerabilities through the vulnerability coordination and bug bounty platform. [...]

https://www.bleepingcomputer.com/news/security/five-more-hackers-become-millionaires-on-hackerone/

Fake Windows Game Booster Spreads Password Stealing Malware

Attackers have created a fake site that impersonates the legitimate Smart Game Booster site, but instead distributes a Trojan that steals your passwords, cryptocurrency wallets, browser history, and much more. [...]

https://www.bleepingcomputer.com/news/security/fake-windows-game-booster-spreads-password-stealing-malware/

Google Rewards Bugs Found in All Android Apps with 100M+ Installs

Google expanded the scope of its Google Play Security Reward Program (GPSRP) to include all Android apps from the Google Play Store with over 100 million installs. [...]

https://www.bleepingcomputer.com/news/security/google-rewards-bugs-found-in-all-android-apps-with-100m-installs/

BRATA Android RAT Used to Infect and Spy on Brazilian Users

A new malicious Android remote access tool (RAT) dubbed BRATA was observed by Kaspersky researchers while spreading via WhatsApp and SMS messages to infect and spy on Brazilian users. [...]

https://www.bleepingcomputer.com/news/security/brata-android-rat-used-to-infect-and-spy-on-brazilian-users/

Sodinokibi Ransomware Encrypts Records of Hundreds of Dental Practices

A ransomware attack hit a remote data backup service and encrypted files from dental practices in the U.S. Hundreds of customers relying on the backup solution had their data locked by the Sodinokibi file-encrypting malware. [...]

https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-encrypts-records-of-hundreds-of-dental-practices/

Microsoft Edge Dev Update Released With New Features

Microsoft Chromium-based Edge Dev Build 78.0.256.2 is now rolling out to users with new features and several bug fixes. Microsoft Edge Dev update adds Collections support, built-in abusive ad blocker that was added to Chromium last year, and more. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-dev-update-released-with-new-features/

Windows 7 Still Used in Almost 50% of Surveyed Businesses

A new report shows that businesses continue to use older operating systems such as Windows 7, and even Windows Vista, even though they are no longer supported and less secure compared to Windows 10. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-7-still-used-in-almost-50-percent-of-surveyed-businesses/

Windows 10 Insider Build 18970 Comes With New 2-in-1 Tablet PC Experience

Microsoft has released Windows 10 Insider Preview Build 18970 (20H1) to Insiders in the Fast ring, which includes the new cloud Reset feature and a new tablet experience for 2-in-1 convertible PCs. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-18970-comes-with-new-2-in-1-tablet-pc-experience/

A Look Inside the Highly Profitable Sodinokibi Ransomware Business

Sodinokibi operators started looking for affiliates soon after the GandCrab ransomware-as-a-service (RaaS) shutdown. High-profile members in the underground community have already joined the private program. [...]

https://www.bleepingcomputer.com/news/security/a-look-inside-the-highly-profitable-sodinokibi-ransomware-business/

Foxit Software Discloses Data Breach Exposing User Passwords

PDF software provider Foxit Software disclosed today that a recent breach allowed third parties to access personal identification data of 'My Account' service users, including customer and company names, emails, phone numbers, and passwords. [...]

https://www.bleepingcomputer.com/news/security/foxit-software-discloses-data-breach-exposing-user-passwords/