Google Expands Privacy Controls Across Youtube, Maps, and Assistant

Google has announced new privacy and security features that allow you to use incognito mode in more properties, monitor your saved passwords for compromises, and manage how your data is used on YouTube. [...]

https://www.bleepingcomputer.com/news/security/google-expands-privacy-controls-across-youtube-maps-and-assistant/

New Silent Starling Gang Targets 500+ Vendors in BEC Scam Twist

In a variation of the classic business email compromise (BEC) scam, a cyber gang managed to compromise email accounts of more than 700 employees from over 500 companies in 14 countries. [...]

https://www.bleepingcomputer.com/news/security/new-silent-starling-gang-targets-500-vendors-in-bec-scam-twist/

American Express Customer Info Accessed by Employee for Possible Fraud

An American Express employee is being investigated for accessing card holder information and potentially using it to open accounts at other financial institutions. [...]

https://www.bleepingcomputer.com/news/security/american-express-customer-info-accessed-by-employee-for-possible-fraud/

Threat Group Uses Bit.ly, BlogSpot, Pastebin to Deliver Trojans, RATs

A malicious campaign targeting corporations from all over the world was observed while using a combination of pages hosted on Bit.ly, BlogSpot, and Pastebin to deliver Azorult and RevengeRAT malware. [...]

https://www.bleepingcomputer.com/news/security/threat-group-uses-bitly-blogspot-pastebin-to-deliver-trojans-rats/

Sodinokibi Ransomware Builds An All-Star Team of Affiliates

The Sodinokibi Ransomware (REvil) has been making news lately as they target the enterprise, MSPs, and government entities through their hand-picked team of all-star affiliates. These affiliates appear to have had a prior history with the GandCrab RaaS and use similar distribution methods. [...]

https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-builds-an-all-star-team-of-affiliates/

Zendesk Security Breach May Impact Orgs Like Uber, Slack, and FCC

Customer service software company Zendesk is sending users notifications regarding a security incident that might have impacted roughly 10,000 Zendesk Support and Chat accounts activated prior to November 1, 2016. [...]

https://www.bleepingcomputer.com/news/security/zendesk-security-breach-may-impact-orgs-like-uber-slack-and-fcc/

Windows 10X: Microsoft's New Windows OS for Dual-Screen PCs

At the Surface event in New York City, Microsoft announced Windows 10X, a new version of Windows 10 designed for dual-screen folding-screen devices. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10x-microsofts-new-windows-os-for-dual-screen-pcs/

Microsoft Launches New Dual-Screen Surface Devices

At today's Surface event in New York City, Microsoft unveiled the Surface Laptop 3, Surface Pro 7, Surface Pro X and two dual-screen devices. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-launches-new-dual-screen-surface-devices/

Microsoft 365 To Get Tenant-Wide Idle Session Timeout Feature

Microsoft is working on including a new tenant-wide idle session timeout feature for Microsoft 365 web apps to prevent information exposure that might stem from unauthorized access to systems left unattended. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-365-to-get-tenant-wide-idle-session-timeout-feature/

FBI Warns U.S. Organizations About High Impact Ransomware

The U.S. Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) issued a public service announcement today regarding the increasing number of high-impact ransomware attacks against public and private U.S. organizations.   [...]

https://www.bleepingcomputer.com/news/security/fbi-warns-us-organizations-about-high-impact-ransomware/

FTCode PowerShell Ransomware Resurfaces in Spam Campaign

An old PowerShell ransomware has resurfaced with a vengeance in a spam distribution aimed at Italian recipients. This ransomware is called FTCode and is completely PowerShell based, which means it can encrypt the computer without downloading any additional components. [...]

https://www.bleepingcomputer.com/news/security/ftcode-powershell-ransomware-resurfaces-in-spam-campaign/

Police Seize Bot Farm Behind Potentially Fatal Scam Messages

The cyber division of the Ukrainian police took to pieces an operation that made money by registering accounts used to send spam through various services, including email and social networks. [...]

https://www.bleepingcomputer.com/news/security/police-seize-bot-farm-behind-potentially-fatal-scam-messages/

Windows Activator Bundles Banker with C2 in YouTube Description

In their effort to hide the command and control (C2) server addresses, operators of a banking trojan placed them in fake websites and in descriptions for YouTube videos. [...]

https://www.bleepingcomputer.com/news/security/windows-activator-bundles-banker-with-c2-in-youtube-description/

Cyber-Spy Group Active Since 2013 Now Tied to Chinese State Actor

Multiple cyber-espionage campaigns that remained unattributed over the years have now been linked to a single threat actor that researchers named PKPLUG, attacking targets across Asia. [...]

https://www.bleepingcomputer.com/news/security/cyber-spy-group-active-since-2013-now-tied-to-chinese-state-actor/

Office 365 Admins Can Now Block Malicious Microsoft Query IQY Files

Microsoft has silently added new group policies to allow Office 365 admins to block Excel users from opening untrusted Microsoft Query files with IQY, OQY, DQY, and RQY extensions. [...]

https://www.bleepingcomputer.com/news/microsoft/office-365-admins-can-now-block-malicious-microsoft-query-iqy-files/

Microsoft Releases Windows Security Updates to Fix Printing Issue

Microsoft today released out of band security updates, cumulative updates, and monthly rollup updates to address a printing issue plaguing all Windows client and server versions acknowledged on September 30. [...]

https://www.bleepingcomputer.com/news/security/microsoft-releases-windows-security-updates-to-fix-printing-issue/

Windows 10 Insider Build 18995 Adds PIN Sign-ins to Safe Mode

Microsoft has released Windows 10 Insider Preview Build 18995 (20H1) to Insiders in the Fast ring, which now allows you to sign into Windows using your Windows Hello Pin even when in Safe Mode. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-18995-adds-pin-sign-ins-to-safe-mode/

Google Chrome to Gradually Start Blocking Mixed Content by Default

Google announced that the Chrome web browser will gradually start blocking HTTPS pages from loading insecure resources to improve the users' privacy and security while browsing the web. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-to-gradually-start-blocking-mixed-content-by-default/

'Lost Files' Data Wiper Poses as a Windows Security Scanner

A Windows Security Scanner that states it encrypted your files is being distributed by spam, but whether by bug or design, it instead corrupts binary data in a victim's files.  [...]

https://www.bleepingcomputer.com/news/security/lost-files-data-wiper-poses-as-a-windows-security-scanner/

Four U.S. Food Chains Disclose Payment Card Theft via PoS Malware

Hackers caused havoc at four restaurant chains in the U.S. over the summer after compromising their payment systems with malware that stole customers' payment card information. [...]

https://www.bleepingcomputer.com/news/security/four-us-food-chains-disclose-payment-card-theft-via-pos-malware/

Australian Govt Issues Android and iOS Security Hardening Guides

The Australian Signals Directorate (ASD)'s Australian Cyber Security Centre (ACSC) has published a set of two guides designed to help Australian government, commercial organizations, and enterprises harden the security of iOS and Android devices in their fleets. [...]

https://www.bleepingcomputer.com/news/security/australian-govt-issues-android-and-ios-security-hardening-guides/