Windows 10 Cumulative Update KB4517389 & KB4519338 Released

It's Patch Tuesday and Microsoft is servicing all supported version of Windows. If you use Windows 10 May 2019 Update and Windows 10 October 2018 Update on your computer at home or office, a new cumulative update is out with fixes and improvements. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-update-kb4517389-and-kb4519338-released/

Windows 10 Servicing Stack Updates Fix Secure Boot Issues

Microsoft released October's servicing stack quality improvements for all Windows 10 versions, the component which allows users to receive and install Windows updates. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-servicing-stack-updates-fix-secure-boot-issues/

Twitter Apologizes for Using Your Phone Number for Advertising

Twitter says that some of its users' phone numbers and email addresses provided for account security like two-factor authentication may have been used accidentally for ad targeting. [...]

https://www.bleepingcomputer.com/news/technology/twitter-apologizes-for-using-your-phone-number-for-advertising/

Windows 10 Insider Build 18999 Gives all Insiders a Resizable Cortana

Microsoft has released Windows 10 Insider Preview Build 18999 (20H1) to Insiders in the Fast ring and brings the ability to move and resize Cortana to all Insiders. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-18999-gives-all-insiders-a-resizable-cortana/

C is for Credit Card: MageCart Hits Volusion E-Commerce Sites

Hackers compromised the infrastructure of Volusion cloud-based e-commerce platform to inject customer checkout pages with malicious JavaScript code that steals payment card data. [...]

https://www.bleepingcomputer.com/news/security/c-is-for-credit-card-magecart-hits-volusion-e-commerce-sites/

Beware of Fake Amazon AWS Suspension Emails for Unpaid Bills

In this article we take a look at a phishing campaign that pretends to be an Amazon AWS suspension notice for unpaid bills that looks good enough to trick many users. [...]

https://www.bleepingcomputer.com/news/security/beware-of-fake-amazon-aws-suspension-emails-for-unpaid-bills/

New Microsoft NTLM Flaws May Allow Full Domain Compromise

Two security vulnerabilities in Microsoft's NTLM authentication protocol allow attackers to bypass the MIC (Message Integrity Code) protection and downgrade NTLM security features leading to full domain compromise of a network. [...]

https://www.bleepingcomputer.com/news/security/new-microsoft-ntlm-flaws-may-allow-full-domain-compromise/

Games and Utility Apps in Play Store Hide Bankers and Spyware

Despite Google's efforts to keep its Android store risk free, malicious apps continue to make it past the verification process. In September, the assortment of trojans detected in Google Play included downloaders, bankers, adware, and spyware. [...]

https://www.bleepingcomputer.com/news/security/games-and-utility-apps-in-play-store-hide-bankers-and-spyware/

EU Member States Publish Joint Report on 5G Networks Security

European Union (EU) member states published a joint high-level report on the coordinated risk assessment on the security of 5G networks, identifying the main threats and threats actors, the most sensitive assets, and the main vulnerabilities behind them. [...]

https://www.bleepingcomputer.com/news/security/eu-member-states-publish-joint-report-on-5g-networks-security/

Phishing Incident Exposes Medical, Personal Info of 60K Patients

Community-based healthcare system Methodist Hospitals from Gary, Indiana, disclosed that sensitive personal and medical information of 68039 individuals may have been exposed following a successful phishing attack against two of its employees. [...]

https://www.bleepingcomputer.com/news/security/phishing-incident-exposes-medical-personal-info-of-60k-patients/

Singapore Man Faces 34 Years for Amazon AWS Cryptomining Fraud

29-year old Singapore citizen Ho Jun Jia aka Matthew Ho was charged today under a 14-count indictment for allegedly mining cryptocurrency using stolen Amazon AWS and Google Cloud computing power and services. [...]

https://www.bleepingcomputer.com/news/security/singapore-man-faces-34-years-for-amazon-aws-cryptomining-fraud/

iTerm2 Patches Critical Vulnerability Active for 7 Years

The most popular terminal emulator for macOS, iTerm2, has been updated to fix a critical security issue that survived undisclosed for at least seven years. [...]

https://www.bleepingcomputer.com/news/security/iterm2-patches-critical-vulnerability-active-for-7-years/

HP Touchpoint Analytics LPE Vulnerability Affects Most HP PCs

HP patched a vulnerability discovered in the HP Touchpoint Analytics software installed by default on most of its Windows laptops and desktops, a flaw allowing attackers to escalate privileges and execute arbitrary code using SYSTEM privileges. [...]

https://www.bleepingcomputer.com/news/security/hp-touchpoint-analytics-lpe-vulnerability-affects-most-hp-pcs/

Apple Software Update Zero-Day Used by BitPaymer Ransomware

Several companies from the automotive industry were targeted by BitPaymer ransomware operators during August, in attacks that used an Apple zero-day vulnerability impacting the Apple Software Update service bundled with iTunes and iCloud for Windows. [...]

https://www.bleepingcomputer.com/news/security/apple-software-update-zero-day-used-by-bitpaymer-ransomware/

Hacker Selling User Info Stolen From Prostitution Forums

Popular prostitution and escort forums in the Netherlands and Italy have suffered data breaches that exposed the usernames, email addresses, and hashed passwords for their registered members. [...]

https://www.bleepingcomputer.com/news/security/hacker-selling-user-info-stolen-from-prostitution-forums/

New Malware Spies on Diplomats, High-Profile Government Targets

A new modular and malware designed to target diplomatic and government entities was spotted by ESET researchers while being utilized in attacks aimed at Russian-speaking individuals for at least 7 years. [...]

https://www.bleepingcomputer.com/news/security/new-malware-spies-on-diplomats-high-profile-government-targets/

Nemty Ransomware Decryptor Released, Recover Files for Free

Victims of the Nemty Ransomware finally have something to be happy about as researchers have released a decryptor that allows them to recover files for free. [...]

https://www.bleepingcomputer.com/news/security/nemty-ransomware-decryptor-released-recover-files-for-free/

Oracle Cancels Venezuela Partner Contracts Citing US Sanctions

Oracle has sent out letters to partners in Venezuela stating that they will no longer be able to work with them in order to comply with President Trump's Executive Order 13884. [...]

https://www.bleepingcomputer.com/news/software/oracle-cancels-venezuela-partner-contracts-citing-us-sanctions/

Almost 50% of Company Network Traffic Comes From Bots, Report Says

Network traffic in companies is generated by bots almost as much as by humans, shows a recent study. As bots become more sophisticated, they bypass the security challenges in place. [...]

https://www.bleepingcomputer.com/news/security/almost-50-percent-of-company-network-traffic-comes-from-bots-report-says/

Microsoft Improves Azure Active Directory Security with New Roles

Microsoft announced that 16 new Azure Active Directory (Azure AD) lower-privileged roles are available today in preview to help admins improve security by decreasing the number of Global administrators, and to enhance Azure and Microsoft 365 granular delegation capabilities. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-improves-azure-active-directory-security-with-new-roles/

Windows 10 1703 is Now End of Service, No More Security Updates

Windows 10 version 1703, otherwise known as the Creators Update, has now reached end of service and will no longer receive any future security or quality updates. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-1703-is-now-end-of-service-no-more-security-updates/