USBAnywhere Bugs in Supermicro Servers Allow Remote USB Access

Baseboard management controllers (BMC) of some Supermicro servers are vulnerable to unauthorized virtual USB mounting attacks that can be carried out remotely. [...]

https://www.bleepingcomputer.com/news/security/usbanywhere-bugs-in-supermicro-servers-allow-remote-usb-access/

New Toolkit Pushes Malware via Fake Program Update Alerts in 30 Languages

A new social engineering toolkit called Domen has been discovered that uses fake browser and program update alerts on compromised sites to infect users with malware and remote access software. [...]

https://www.bleepingcomputer.com/news/security/new-toolkit-pushes-malware-via-fake-program-update-alerts-in-30-languages/

Zerodium Makes Android Zero Days More Expensive Than iOS

Exploit broker Zerodium has updated the payouts for eligible zero-day Android and iOS exploits, with rewards for Android 0days having surpassed the ones for iOS for the first time since 2015 when the company was founded. [...]

https://www.bleepingcomputer.com/news/security/zerodium-makes-android-zero-days-more-expensive-than-ios/

XKCD Forum Breach Exposes Emails, Passwords of 562,000 Users

The forums of the XKCD webcomic created by Randall Munroe in 2005 are currently offline after being impacted by a data breach which exposed the information of 561,991 users on July 1. [...]

https://www.bleepingcomputer.com/news/security/xkcd-forum-breach-exposes-emails-passwords-of-562-000-users/

Microsoft Uses Deep Learning For Malicious PowerShell Detection

Microsoft bets on deep learning to enhance the Microsoft Defender Advanced Threat Protection (ATP) malicious PowerShell detection feature using a new technique originally developed for natural language processing (NLP). [...]

https://www.bleepingcomputer.com/news/security/microsoft-uses-deep-learning-for-malicious-powershell-detection/

Firefox 69 Released with Enhanced Tracking Protection and Flash Disabled

Mozilla has officially released Firefox 69 for Windows, Mac, and Linux.  This version comes with enhanced tracking protection enabled by default, Flash disabled by default, ability to block autoplay videos without sound, and numerous performance and UI improvements. [...]

https://www.bleepingcomputer.com/news/software/firefox-69-released-with-enhanced-tracking-protection-and-flash-disabled/

Hacked SharePoint Sites Used to Bypass Secure Email Gateways

Phishers behind a new campaign have switched to using compromised SharePoint sites and OneNote documents to redirect potential victims from the banking sector to their landing pages. [...]

https://www.bleepingcomputer.com/news/security/hacked-sharepoint-sites-used-to-bypass-secure-email-gateways/

Microsoft Releases September 2019 Office Updates With Fixes, Improvements

Microsoft released the September 2019 non-security Microsoft Office updates with improvements and fixes for the Windows Installer (MSI) editions of Office 2013, and Office 2016. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-september-2019-office-updates-with-fixes-improvements/

Microsoft Investigating Windows 10 Cortana High CPU Issues

Microsoft has confirmed that they are investigating reports of high CPU usage in the SearchUI.exe component of Cortana after users install the Windows 10 v1903 KB4512941 cumulative update. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-investigating-windows-10-cortana-high-cpu-issues/

Hackers Get $1.9M in Bug Bounties at Live Hacking Sessions

More than 1,000 security bug bounty reports were submitted during a three-day live hacking event in Las Vegas. The total payout for the participating hackers was almost $2 million. Three organizations paid the money, one of them covering more than half of the total. [...]

https://www.bleepingcomputer.com/news/security/hackers-get-19m-in-bug-bounties-at-live-hacking-sessions/

Mozilla Will Support Existing Ad Blockers in Extensions Manifest v3

Mozilla has decided to split from Google and continue to support existing ad blockers in the upcoming extension changes being proposed by Google as part of the Extensions Manifest v3. [...]

https://www.bleepingcomputer.com/news/software/mozilla-will-support-existing-ad-blockers-in-extensions-manifest-v3/

Android SMS Phishing Can Stealthily Enable Malicious Settings

Android smartphones from multiple vendors, including Samsung, Huawei, LG, and Sony are susceptible to an advanced type attack that can alter device settings via a short text message. [...]

https://www.bleepingcomputer.com/news/security/android-sms-phishing-can-stealthily-enable-malicious-settings/

Google Chrome Starts Testing Third-Party Cookie Blocking

With yesterday's release of Firefox 69, Mozilla has started blocking third-party tracking cookies by default as part of their Enhanced Tracking Protection feature. Not to be outdone by Firefox, Google has also started to test a new feature that will block third-party tracking cookies within Google Chrome. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-starts-testing-third-party-cookie-blocking/

Glupteba Malware Uses Bitcoin Blockchain to Update C2 Domains

A new variant of the Glupteba malware dropper is using the Bitcoin blockchain to fetch command and control (C2) server domains from Bitcoin transactions marked with OP_RETURN script opcodes. [...]

https://www.bleepingcomputer.com/news/security/glupteba-malware-uses-bitcoin-blockchain-to-update-c2-domains/

Year-Old Samba Bug Allows Access to Forbidden Root Share Paths

For almost a year, threat actors could exploit a vulnerability in Samba software that allowed them to bypass file-sharing permissions and escape outside the share root directory. [...]

https://www.bleepingcomputer.com/news/security/year-old-samba-bug-allows-access-to-forbidden-root-share-paths/

Stealthy Android Trojan Spy Signs You Up For Premium Subscriptions

Security researchers discovered a new Android Trojan with malware dropper and spyware capabilities in 24 Google Play Store apps with more than 472,000 downloads in total. [...]

https://www.bleepingcomputer.com/news/security/stealthy-android-trojan-spy-signs-you-up-for-premium-subscriptions/

Facebook and Instagram Start Fighting Vaccine Misinformation

Facebook and Instagram have started rolling out information pop-ups to provide users with authoritative vaccine information before accessing vaccine-related content on the two social networks. [...]

https://www.bleepingcomputer.com/news/technology/facebook-and-instagram-start-fighting-vaccine-misinformation/

Android Zero-Day Bug Does Not Make It on Google’s 'Fix' List

Google yesterday rolled out security patches for the Android mobile operating system but did not include the fix for at least one bug that enables increasing permissions to kernel level. [...]

https://www.bleepingcomputer.com/news/security/android-zero-day-bug-does-not-make-it-on-google-s-fix-list/

Hackers Ask for $5.3 Million Ransom, Turn Down $400k, Get Nothing

Hackers infecting the computer systems of the city of New Bedford, Massachusetts, with ransomware wouldn't settle for anything less that than $5.3 million to decrypt the data. The ransom was too high and they got a big fat nothing in return. [...]

https://www.bleepingcomputer.com/news/security/hackers-ask-for-53-million-ransom-turn-down-400k-get-nothing/

Ransomware Adopts DoppelPaymer Name Given by Researchers

Whether it be malware devs contacting us about our stories or commenting in our forums, we all know that the ransomware developers monitor researchers and technology sites for information about their programs. Nothing shows this better, than a ransomware that recently decided to adopt the name given to it by researchers. [...]

https://www.bleepingcomputer.com/news/security/ransomware-adopts-doppelpaymer-name-given-by-researchers/

Twitter Suspends SMS-Based Tweeting After High-Profile Account Hacks

Twitter on Wednesday announced that it would turn off its Tweet via SMS feature for an unspecified period following abuses that led to hackers posting from at least two high-profile accounts. [...]

https://www.bleepingcomputer.com/news/security/twitter-suspends-sms-based-tweeting-after-high-profile-account-hacks/