Fake PayPal Site Spreads Nemty Ransomware

A web page pretending to offer an official application from PayPal is currently spreading Nemty ransomware to unsuspecting users. [...]

https://www.bleepingcomputer.com/news/security/fake-paypal-site-spreads-nemty-ransomware/

Hacked Instagram Account of Robert Downey Jr. Pushes iPhone Giveway

You can add Robert Downey Jr. to the list of celebrities whose social media accounts got hacked this week. The actor's Instagram account was hijacked by unknown individuals that tried to capitalize on the move by posting fake giveaways for Apple products. [...]

https://www.bleepingcomputer.com/news/security/hacked-instagram-account-of-robert-downey-jr-pushes-iphone-giveway/

Microsoft Removes Two Windows 10 1903 Upgrade Blocks

Microsoft removed two Windows 10 version 1903 upgrade blocks after resolving the known issues behind them on August 30 with the release of the KB4512941 optional cumulative update. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-two-windows-10-1903-upgrade-blocks/

Wikipedia DDoS Attacks Prompt NCSC to Remind of DoS Mitigation

UK's National Cyber Security Centre urges organizations worried about Denial-of-Service (DoS) attacks to implement mitigation measures following a worldwide Wikipedia outage caused by Distributed Denial-of-Service (DDoS) attacks. [...]

https://www.bleepingcomputer.com/news/security/wikipedia-ddos-attacks-prompt-ncsc-to-remind-of-dos-mitigation/

Telegram Fixes Privacy Bug Caused by Improperly Deleted Messages

The Telegram encrypted messaging app released version 5.11 of their mobile client to fix a serious privacy bug that could allow a recipient to view images or files even after they were deleted by the sender. As this app has over 100 million downloads from the Google Play Store alone, this could be a major privacy violation for many u [...]

https://www.bleepingcomputer.com/news/security/telegram-fixes-privacy-bug-caused-by-improperly-deleted-messages/

PsiXBot Modular Malware Gets New Sextortion, Google DoH Upgrades

Security researchers discovered a new variant of the PsiXBot modular malware with a new sextortion module and designed to use Google's DNS over HTTPS (DoH) service to get command and control (C2) domain addresses. [...]

https://www.bleepingcomputer.com/news/security/psixbot-modular-malware-gets-new-sextortion-google-doh-upgrades/

Exploit Kits Target Windows Users with Ransomware and Trojans

Over the weekend and into today, four different malvertising campaigns have been redirecting users to exploit kits that install password stealing Trojans, ransomware, and clipboard hijackers. [...]

https://www.bleepingcomputer.com/news/security/exploit-kits-target-windows-users-with-ransomware-and-trojans/

Office 365 ATP Automated Incident Response Now Generally Available

Microsoft announced today the general availability of the Automated Incident Response feature in Office 365 Advanced Threat Protection (ATP) users to support the rising requirements of security teams. [...]

https://www.bleepingcomputer.com/news/microsoft/office-365-atp-automated-incident-response-now-generally-available/

Microsoft Phishing Page Uses Captcha to Bypass Automated Detection

A new phishing campaign has been observed in the wild using captcha boxes to hide a fake Microsoft account login page from secure email gateways (SEGs). [...]

https://www.bleepingcomputer.com/news/security/microsoft-phishing-page-uses-captcha-to-bypass-automated-detection/

Microsoft Teams Can Be Used To Execute Arbitrary Payloads

Attackers can use genuine binaries from Microsoft Teams to execute a malicious payload using a mock installation folder for the collaboration software. [...]

https://www.bleepingcomputer.com/news/security/microsoft-teams-can-be-used-to-execute-arbitrary-payloads/

Bugs in D-Link and Comba Networking Gear Disclose Passwords

Vulnerabilities found in networking gear from D-Link and Comba allow retrieving sensitive information like ISP credentials and device access passwords without authentication. [...]

https://www.bleepingcomputer.com/news/security/bugs-in-d-link-and-comba-networking-gear-disclose-passwords/

Business Email Compromise Is a $26 Billion Scam Says the FBI

FBI's Internet Crime Complaint Center (IC3) says that Business Email Compromise scams are continuing to grow every year, with a 100% increase in the identified global exposed losses between May 2018 and July 2019. [...]

https://www.bleepingcomputer.com/news/security/business-email-compromise-is-a-26-billion-scam-says-the-fbi/

Adobe Releases Security Updates for Flash Player and Application Manager

Adobe has published their monthly Patch Tuesday updates for the month of September 2019 that resolves three security vulnerabilities in two programs. All the vulnerabilities fixed today are for arbitrary code execution that could allow an attacker to execute commands on a vulnerable machine. [...]

https://www.bleepingcomputer.com/news/security/adobe-releases-security-updates-for-flash-player-and-application-manager/

Microsoft Releases the September 2019 Security Updates for Office

Microsoft released the September 2019 Microsoft Office security updates, bundling a total of 19 security updates and five cumulative updates across seven different products, five of them patching remote code execution flaws. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-the-september-2019-security-updates-for-office/

Microsoft's September 2019 Patch Tuesday Fixes 79 Vulnerabilities

Today is Microsoft's September 2019 Patch Tuesday, which means your Windows administrators are going to be up to their elbows in problems. So be nice to them! [...]

https://www.bleepingcomputer.com/news/microsoft/microsofts-september-2019-patch-tuesday-fixes-79-vulnerabilities/

Windows 10 KB4515384 and KB4512578 Released With Fixes

Microsoft is rolling out a new cumulative update to devices with Windows 10 May 2019 Update (version 1903), Windows 10 October 2018 Update (version 1809), and other supported versions with multiple fixes and improvements. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4515384-and-kb4512578-released-with-fixes/

LokiBot Info-Stealer Used in Spear Phishing Attack on US Company

Security researchers discovered a malspam campaign distributing LokiBot information stealer payloads using phishing messages targeting the employees of a large U.S. manufacturing company. [...]

https://www.bleepingcomputer.com/news/security/lokibot-info-stealer-used-in-spear-phishing-attack-on-us-company/

Microsoft Fixes Windows 10 High CPU Usage in Cortana

As part of today's Patch Tuesday, Microsoft has released the Windows 10 KB4515384 cumulative update that fixes a high CPU usage issue in Cortana's SearchUI.exe process. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-high-cpu-usage-in-cortana/

281 Arrested in Worldwide Business Email Compromise Crackdown

281 people were arrested over a four-month period in the U.S. and in countries around the world as part of Operation reWired, a coordinated effort of multiple law enforcement agencies from several countries. [...]

https://www.bleepingcomputer.com/news/security/281-arrested-in-worldwide-business-email-compromise-crackdown/

Google Unveils DNS-over-HTTPS (DoH) Plan, Mozilla's Faces Criticism

Google has announced that they would soon be performing a trial of utilizing DNS-over-HTTPS (DoH) in the Google Chrome browser. This experiment will be conducted in Chrome 78 and will attempt to upgrade a user's DNS server to a corresponding DoH server, and if available, use that for DNS resolution. [...]

https://www.bleepingcomputer.com/news/technology/google-unveils-dns-over-https-doh-plan-mozillas-faces-criticism/

Microsoft Releases Servicing Stack Updates for All Windows 10 Versions

Microsoft released quality improvements to the servicing stack for all Windows 10 versions, the component designed to allow users to receive and install Windows updates. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-servicing-stack-updates-for-all-windows-10-versions/