Tor's Bug Bash Fund Raises $86K to Fix Critical Issues

The Tor Project has raised $86,000 for a Bug Bash Fund that will be used to pay developers to quickly fix critical bugs such as vulnerabilities or privacy issues that leak personal information about a Tor user. [...]

https://www.bleepingcomputer.com/news/security/tors-bug-bash-fund-raises-86k-to-fix-critical-issues/

Microsoft Edge Gets a new Extensions Menu, Here's How to Enable It

The latest version of the Microsoft Edge Dev browser now includes an experimental Extensions menu that offers a more organized way to manage the installed extensions in the browser. In order to use this feature, though, you will need to start Edge with special command line arguments, which we will describe in this article. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-gets-a-new-extensions-menu-heres-how-to-enable-it/

How to Enable Ransomware Protection in Windows 10

Windows Defender includes a security feature called "Ransomware Protection" that allows you to enable various protections against ransomware infections.  This feature is disabled by default in Windows 10, but with ransomware running rampant, it is important to enable this feature in order to get the most protection on your computer. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-enable-ransomware-protection-in-windows-10/

Password-Revealing Bug Quickly Fixed in LastPass Extensions

A security vulnerability in the extension of LastPass password manager could have allowed stealing the credentials last used for logging into a website. [...]

https://www.bleepingcomputer.com/news/security/password-revealing-bug-quickly-fixed-in-lastpass-extensions/

Phishing Attack Targets The Guardian's Whistleblowing Site

The Guardian's SecureDrop whistleblower submission site was targeted with a phishing page that attempted to harvest the unique "codenames" used to identify sources who used the service. In addition, this phishing page promoted an Android app that allowed attackers to perform a variety of malicious activity on a victim's device. [...]

https://www.bleepingcomputer.com/news/security/phishing-attack-targets-the-guardians-whistleblowing-site/

Microsoft Exchange Server 2010 Support Gets a Life Extension

After analyzing the deployment state of existing Microsoft Exchange customers, Microsoft has decided to move the end of support date for Exchange Server 2010 to October 13th, 2020. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-server-2010-support-gets-a-life-extension/

Windows 10 1903 is Now Having Problems with Network Adapters

Microsoft has acknowledged another problem in Windows 10 version 1903 where user's are reporting that their network adapters suddenly stop working after installing a cumulative update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-1903-is-now-having-problems-with-network-adapters/

Emotet Revived with Large Spam Campaigns Around the World

Less than a month after reactivating its command and control (C2) servers, the Emotet botnet has come to like by spewing spam messages to countries around the globe. [...]

https://www.bleepingcomputer.com/news/security/emotet-revived-with-large-spam-campaigns-around-the-world/

Most Cyber Attacks Focus on Just Three TCP Ports

Small to mid-sized businesses can keep safe from most cyberattacks by protecting the ports that threat actors target the most. Three of them stand out in a crowd of more than 130,000 targeted in cyber incidents. [...]

https://www.bleepingcomputer.com/news/security/most-cyber-attacks-focus-on-just-three-tcp-ports/

Millions of Lion Air Passenger Records Exposed and Exchanged on Forums

Tens of millions of records from customers of two airline companies owned by Lion Air have been circulating on data exchange forums for at least a month. The info was stored in an Amazon bucket that was open on the web. [...]

https://www.bleepingcomputer.com/news/security/millions-of-lion-air-passenger-records-exposed-and-exchanged-on-forums/

Misconfigured Google Calendars Share Events With the World

Thousands of Google users are exposing the contents of their calendars to the public. The information is indexed by search engines and can include email addresses as well as private events from individuals and businesses. [...]

https://www.bleepingcomputer.com/news/security/misconfigured-google-calendars-share-events-with-the-world/

TFlower Ransomware - The Latest Attack Targeting Businesses

The latest ransomware targeting corporate environments is called TFlower and is being installed on networks after attackers hack into exposed Remote Desktop services. [...]

https://www.bleepingcomputer.com/news/security/tflower-ransomware-the-latest-attack-targeting-businesses/

Beware of Venmo Scams Targeting Users via Text Messages

A local police department in the U.S. are warning of a wave of phishing scams targeting users Venmo mobile payment service with text messages that direct to a fake website. [...]

https://www.bleepingcomputer.com/news/security/beware-of-venmo-scams-targeting-users-via-text-messages/

Windows 10 With Chinese IME Installed Causing High CPU Usage

Recent Windows 10 updates are causing the Input Method Editor (IME) for Chinese languages to become unresponsive or use a lot of CPU. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-with-chinese-ime-installed-causing-high-cpu-usage/

400 Million Medical Radiological Images Exposed on the Internet

An analysis of medical image storage systems exposed to the public web reveals that almost 600 servers in 52 countries are completely unprotected against unauthorized access. [...]

https://www.bleepingcomputer.com/news/security/400-million-medical-radiological-images-exposed-on-the-internet/

New TortoiseShell Group Hacks 11 IT Providers to Reach Their Customers

A newly discovered threat group that security researchers call TortoiseShell is compromising IT providers in what seems to be supply-chain attacks intended to reach the network of specific customers. [...]

https://www.bleepingcomputer.com/news/security/new-tortoiseshell-group-hacks-11-it-providers-to-reach-their-customers/

Smominru Mining Botnet In Cyber Turf War With Rival Malware

The Smominru mining botnet continues to wreck havoc on corporate machines by not only installing cryptominers, but also stealing credentials, installing backdoors, and making system configuration modifications that could affect the proper operation of an infected machine. [...]

https://www.bleepingcomputer.com/news/security/smominru-mining-botnet-in-cyber-turf-war-with-rival-malware/

Amadey Botnet Targets U.S. Taxpayers with Tax Refund Notice

A phishing campaign has been spotted recently delivering Amadey botnet malware to taxpayers in the U.S. through fake income tax refund emails. [...]

https://www.bleepingcomputer.com/news/security/amadey-botnet-targets-us-taxpayers-with-tax-refund-notice/

Microsoft Phishing Page Sends Stolen Logins Using JavaScript

A new landing page for a Microsoft account phishing scam has been discovered that utilizes the SmtpJS service to send stolen credentials via email to the attacker. [...]

https://www.bleepingcomputer.com/news/security/microsoft-phishing-page-sends-stolen-logins-using-javascript/

Windows Defender Antivirus Scans Broken After New Update

Microsoft has released a new update for Windows Defender that has broken both the Quick and Full antivirus scans. When users use these scan options, Windows Defender will only scan approximately 40 files. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-defender-antivirus-scans-broken-after-new-update/

Microsoft Acquires Semmle, GitHub Now a CVE Numbering Authority

Microsoft subsidiary GitHub announced today that it has become a CVE Numbering Authority and that it completed its acquisition of Semmle code-analysis platform. [...]

https://www.bleepingcomputer.com/news/security/microsoft-acquires-semmle-github-now-a-cve-numbering-authority/