Microsoft Uses Deep Learning For Malicious PowerShell Detection

Microsoft bets on deep learning to enhance the Microsoft Defender Advanced Threat Protection (ATP) malicious PowerShell detection feature using a new technique originally developed for natural language processing (NLP). [...]

https://www.bleepingcomputer.com/news/security/microsoft-uses-deep-learning-for-malicious-powershell-detection/

Firefox 69 Released with Enhanced Tracking Protection and Flash Disabled

Mozilla has officially released Firefox 69 for Windows, Mac, and Linux.  This version comes with enhanced tracking protection enabled by default, Flash disabled by default, ability to block autoplay videos without sound, and numerous performance and UI improvements. [...]

https://www.bleepingcomputer.com/news/software/firefox-69-released-with-enhanced-tracking-protection-and-flash-disabled/

Hacked SharePoint Sites Used to Bypass Secure Email Gateways

Phishers behind a new campaign have switched to using compromised SharePoint sites and OneNote documents to redirect potential victims from the banking sector to their landing pages. [...]

https://www.bleepingcomputer.com/news/security/hacked-sharepoint-sites-used-to-bypass-secure-email-gateways/

Microsoft Releases September 2019 Office Updates With Fixes, Improvements

Microsoft released the September 2019 non-security Microsoft Office updates with improvements and fixes for the Windows Installer (MSI) editions of Office 2013, and Office 2016. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-september-2019-office-updates-with-fixes-improvements/

Microsoft Investigating Windows 10 Cortana High CPU Issues

Microsoft has confirmed that they are investigating reports of high CPU usage in the SearchUI.exe component of Cortana after users install the Windows 10 v1903 KB4512941 cumulative update. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-investigating-windows-10-cortana-high-cpu-issues/

Hackers Get $1.9M in Bug Bounties at Live Hacking Sessions

More than 1,000 security bug bounty reports were submitted during a three-day live hacking event in Las Vegas. The total payout for the participating hackers was almost $2 million. Three organizations paid the money, one of them covering more than half of the total. [...]

https://www.bleepingcomputer.com/news/security/hackers-get-19m-in-bug-bounties-at-live-hacking-sessions/

Mozilla Will Support Existing Ad Blockers in Extensions Manifest v3

Mozilla has decided to split from Google and continue to support existing ad blockers in the upcoming extension changes being proposed by Google as part of the Extensions Manifest v3. [...]

https://www.bleepingcomputer.com/news/software/mozilla-will-support-existing-ad-blockers-in-extensions-manifest-v3/

Android SMS Phishing Can Stealthily Enable Malicious Settings

Android smartphones from multiple vendors, including Samsung, Huawei, LG, and Sony are susceptible to an advanced type attack that can alter device settings via a short text message. [...]

https://www.bleepingcomputer.com/news/security/android-sms-phishing-can-stealthily-enable-malicious-settings/

Google Chrome Starts Testing Third-Party Cookie Blocking

With yesterday's release of Firefox 69, Mozilla has started blocking third-party tracking cookies by default as part of their Enhanced Tracking Protection feature. Not to be outdone by Firefox, Google has also started to test a new feature that will block third-party tracking cookies within Google Chrome. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-starts-testing-third-party-cookie-blocking/

Glupteba Malware Uses Bitcoin Blockchain to Update C2 Domains

A new variant of the Glupteba malware dropper is using the Bitcoin blockchain to fetch command and control (C2) server domains from Bitcoin transactions marked with OP_RETURN script opcodes. [...]

https://www.bleepingcomputer.com/news/security/glupteba-malware-uses-bitcoin-blockchain-to-update-c2-domains/

Year-Old Samba Bug Allows Access to Forbidden Root Share Paths

For almost a year, threat actors could exploit a vulnerability in Samba software that allowed them to bypass file-sharing permissions and escape outside the share root directory. [...]

https://www.bleepingcomputer.com/news/security/year-old-samba-bug-allows-access-to-forbidden-root-share-paths/

Stealthy Android Trojan Spy Signs You Up For Premium Subscriptions

Security researchers discovered a new Android Trojan with malware dropper and spyware capabilities in 24 Google Play Store apps with more than 472,000 downloads in total. [...]

https://www.bleepingcomputer.com/news/security/stealthy-android-trojan-spy-signs-you-up-for-premium-subscriptions/

Facebook and Instagram Start Fighting Vaccine Misinformation

Facebook and Instagram have started rolling out information pop-ups to provide users with authoritative vaccine information before accessing vaccine-related content on the two social networks. [...]

https://www.bleepingcomputer.com/news/technology/facebook-and-instagram-start-fighting-vaccine-misinformation/

Android Zero-Day Bug Does Not Make It on Google’s 'Fix' List

Google yesterday rolled out security patches for the Android mobile operating system but did not include the fix for at least one bug that enables increasing permissions to kernel level. [...]

https://www.bleepingcomputer.com/news/security/android-zero-day-bug-does-not-make-it-on-google-s-fix-list/

Hackers Ask for $5.3 Million Ransom, Turn Down $400k, Get Nothing

Hackers infecting the computer systems of the city of New Bedford, Massachusetts, with ransomware wouldn't settle for anything less that than $5.3 million to decrypt the data. The ransom was too high and they got a big fat nothing in return. [...]

https://www.bleepingcomputer.com/news/security/hackers-ask-for-53-million-ransom-turn-down-400k-get-nothing/

Ransomware Adopts DoppelPaymer Name Given by Researchers

Whether it be malware devs contacting us about our stories or commenting in our forums, we all know that the ransomware developers monitor researchers and technology sites for information about their programs. Nothing shows this better, than a ransomware that recently decided to adopt the name given to it by researchers. [...]

https://www.bleepingcomputer.com/news/security/ransomware-adopts-doppelpaymer-name-given-by-researchers/

Twitter Suspends SMS-Based Tweeting After High-Profile Account Hacks

Twitter on Wednesday announced that it would turn off its Tweet via SMS feature for an unspecified period following abuses that led to hackers posting from at least two high-profile accounts. [...]

https://www.bleepingcomputer.com/news/security/twitter-suspends-sms-based-tweeting-after-high-profile-account-hacks/

WordPress 5.2.3 Released with Security and Bug Fixes

WordPress 5.2.3 has been released and includes fixes for six vulnerabilities and 29 bugs or enhancements. As WordPress is a common target for threat actors looking to host their malicious campaigns, it is important that all WordPress users upgrade to the latest release as soon as possible.  [...]

https://www.bleepingcomputer.com/news/security/wordpress-523-released-with-security-and-bug-fixes/

Buggy GPS Trackers Expose Childrens’ Real-Time Location

Several vulnerabilities impacting twenty-nine models of GPS trackers designed to monitor the location of children, pets, and valuable possessions expose real-time location data as Avast Threat Labs researchers found. [...]

https://www.bleepingcomputer.com/news/security/buggy-gps-trackers-expose-childrens-real-time-location/

Amazon AWS Outage Shows Data in the Cloud is Not Always Safe

A recent power outage outage at an Amazon AWS data facility and the resulting data loss for some customers shows that storing data in the cloud does not mean you do not also need a backup. [...]

https://www.bleepingcomputer.com/news/technology/amazon-aws-outage-shows-data-in-the-cloud-is-not-always-safe/

Students Rejoice: School District Closed by Ransomware Attack

The summer school holiday has not ended for students in Flagstaff, Arizona, as a ransomware attack hitting the School District computers forces the decision to cancel classes for today. The schedule for tomorrow is uncertain. [...]

https://www.bleepingcomputer.com/news/security/students-rejoice-school-district-closed-by-ransomware-attack/