Vodafone's Mobile App Briefly Exposed Customer Information

For a brief period on Wednesday morning, Vodafone customers in New Zealand using the mobile carrier's app could see details for other customers. [...]

https://www.bleepingcomputer.com/news/security/vodafones-mobile-app-briefly-exposed-customer-information/

Outlook on the Web to Block File Extensions for PowerShell, Python, and More

Microsoft will soon be blocking an additional 38 file extension from being downloaded as attachments in Outlook on the Web in order to protect users from malicious files. These additional extensions includes files used by Java, PowerShell, Python, and various vulnerabilities. [...]

https://www.bleepingcomputer.com/news/microsoft/outlook-on-the-web-to-block-file-extensions-for-powershell-python-and-more/

Microsoft Enables Tracking Prevention by Default in New Edge Beta

Microsoft released the first update to the Microsoft Edge Beta channel that brings the web browser to the 78.0.276.8 build, enables the tracking prevention feature by default, and adds new sign-in and sync features. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-enables-tracking-prevention-by-default-in-new-edge-beta/

Cisco Fixes Critical IOx Flaw Allowing Root Access to Guest OS

Cisco has released security updates to address a critical vulnerability in the IOx application environment for Cisco IOS Software that could enable authenticated remote attackers to access the Guest Operating System (Guest OS) as the root user. [...]

https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-iox-flaw-allowing-root-access-to-guest-os/

REvil (Sodinokibi) Ransomware Targets Chinese Users with DHL Spam

A new spam campaign is underway that is targeting Chinese recipients to trick them into installing the REvil (Sodinokibi) Ransomware. [...]

https://www.bleepingcomputer.com/news/security/revil-sodinokibi-ransomware-targets-chinese-users-with-dhl-spam/

Microsoft Spots Nodersok Malware Campaign That Zombifies PCs

A new fileless malicious campaign, dubbed Nodersok by Microsoft Defender ATP Research Team researchers who discovered it, drops its own LOLBins to infect Windows computers with a Node.js-based malware that will turn the devices into proxies. [...]

https://www.bleepingcomputer.com/news/security/microsoft-spots-nodersok-malware-campaign-that-zombifies-pcs/

Microsoft Explains Why Signed PowerShell Cmdlets May Run Slow

Microsoft issued an advisory that signed PowerShell cmdlets may run slower then unsigned cmdlets if Windows is having network connectivity problems. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-explains-why-signed-powershell-cmdlets-may-run-slow/

DoorDash Data Breach Exposes Info of Roughly 5 Million Users

DoorDash has announced a data breach where an unauthorized user was able to gain access to the personal information of 4.9 million consumers, Dashers, and merchants. [...]

https://www.bleepingcomputer.com/news/security/doordash-data-breach-exposes-info-of-roughly-5-million-users/

Windows 10 1903 Cumulative Update KB4517211 Fixes Game Audio Issues

Microsoft has released the KB4517211 cumulative update for Windows 10 1903 (May 2019 Update) that introduces a variety of quality improvements and bug fixes. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-1903-cumulative-update-kb4517211-fixes-game-audio-issues/

New WhiteShadow Downloader Uses MSSQL Servers for Malware Delivery

A new malware downloader delivered via multiple campaigns uses detection evasion techniques and Microsoft SQL queries to drop malicious payloads onto compromised machines. [...]

https://www.bleepingcomputer.com/news/security/new-whiteshadow-downloader-uses-mssql-servers-for-malware-delivery/

Microsoft Removes CCleaner Ban From Their Community Forums

Microsoft has decided to roll back their decision to add CCleaner to a blacklist that would prevent the software's official site, www.ccleaner.com, from be posted in the Microsoft Community Forums. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-ccleaner-ban-from-their-community-forums/

Adobe and Google Open Redirects Abused by Phishing Campaigns

Google and Adobe open redirects are being used by phishing campaigns in order to add legitimacy to the URLs used in the spam emails. [...]

https://www.bleepingcomputer.com/news/security/adobe-and-google-open-redirects-abused-by-phishing-campaigns/

Fake Apps Sneak Gambling Into iOS and Android App Stores

Gambling apps double-crossed the review systems in Google Play and the App Store by posing as a policy-abiding app. After bypassing the verification, the infringing functionality became available to users. [...]

https://www.bleepingcomputer.com/news/security/fake-apps-sneak-gambling-into-ios-and-android-app-stores/

Windows 10 Version 1903 Now in Broad Deployment, Available to Everyone

Microsoft has announced that Windows 10 version 1903 has now been added to the broad deployment channel and will be available to everyone via Windows Update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-version-1903-now-in-broad-deployment-available-to-everyone/

Office 365 to Get Automated Incident Response for Hacked Accounts

Microsoft is currently working on adding a new Automated Incident Response playbook to Office 365 Advanced Threat Protection (ATP) to allow Security Operations (SecOps) teams to automatically investigate and remediate hacked accounts. [...]

https://www.bleepingcomputer.com/news/microsoft/office-365-to-get-automated-incident-response-for-hacked-accounts/

Microsoft Wants Your Feedback on the Edge Browser for Linux

The Microsoft Edge Team is looking for Linux developers to provide feedback on how they use web browsers in their development environment. This feedback will then be used to flesh out the requirements for Microsoft Edge on Linux. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-wants-your-feedback-on-the-edge-browser-for-linux/

New Masad Stealer Malware Exfiltrates Crypto Wallets via Telegram

A new and actively distributed malware strain dubbed Masad Stealer steals files, browser information, and cryptocurrency wallet data from infected computers that get sent back to its masters using Telegram as a communication channel. [...]

https://www.bleepingcomputer.com/news/security/new-masad-stealer-malware-exfiltrates-crypto-wallets-via-telegram/

US Senate Passes Bill in Response to Rampant Ransomware, CyberAttacks

The U.S. Senate passed the 'DHS Cyber Hunt and Incident Response Teams Act' (S.315) to authorize the Department of Homeland Security (DHS) to maintain cyber hunt and incident response teams to help private and public entities defend against cyber-attacks. [...]

https://www.bleepingcomputer.com/news/security/us-senate-passes-bill-in-response-to-rampant-ransomware-cyberattacks/

The Week in Ransomware - September 27th 2019 - Quiet Before the Storm?

It is another week of small variants and minor ransomware being released, with no major ransomware attacks being publicized or new large scale ransomware attacks. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-27th-2019-quiet-before-the-storm/

Cyber-Attacks Hit Defense Contractors in Europe and North America

Defense contractors Rheinmetall AG and Defence Construction Canada (DCC) were hit this month by cyber-attacks that impacted and disrupted their information technology systems. [...]

https://www.bleepingcomputer.com/news/security/cyber-attacks-hit-defense-contractors-in-europe-and-north-america/

Windows 10 1909 Coming Soon, Here Are the New Features

The Windows 10 1909 Feature Update is around the corner and is expected to be released sometime next week. Unlike previous Feature Updates, Windows 10 1909, codenamed 19H2, is more like a larger-than-normal cumulative update or service pack, but does contain some new features that we describe below. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-1909-coming-soon-here-are-the-new-features/