Microsoft Issues Workaround for Windows 10 User Creation IME Bug

Microsoft published a workaround to mitigate an issue preventing Windows 10 customers from creating local users when setting up a new Windows device using Input Method Editor (IME). [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-issues-workaround-for-windows-10-user-creation-ime-bug/

Bed Bath & Beyond Discloses Customer Login Credentials Breach

In a report for the Securities and Exchange Commission (SEC) on Tuesday, Bed Bath & Beyond retailer disclosed that an unauthorized party obtained login information for some of its customers. [...]

https://www.bleepingcomputer.com/news/security/bed-bath-and-beyond-discloses-customer-login-credentials-breach/

Fraudster Admits Role In Theft of Millions From Thousands of Army Members

Fredrick Brown, a former U.S. Army civilian medical records administrator, admitted on Tuesday to taking part in a fraud scheme that victimized thousands and allowed the fraudsters to steal millions mostly from elderly and disabled veterans. [...]

https://www.bleepingcomputer.com/news/security/fraudster-admits-role-in-theft-of-millions-from-thousands-of-army-members/

New Office 365 Phishing Scams Using Audio Voicemail Recordings

Ongoing phishing scams have been spotted targeting Microsoft Office 365 with partial audio voicemail messages to convince targets that they need to login to hear the full recording. [...]

https://www.bleepingcomputer.com/news/security/new-office-365-phishing-scams-using-audio-voicemail-recordings/

Phishing Campaign Targets Precision Engineering Company

Attackers have targeted precision companies in Italy with phishing that is difficult to spot. The final payload is a fileless trojan that harvests credentials.  [...]

https://www.bleepingcomputer.com/news/security/phishing-campaign-targets-precision-engineering-company/

New Gafgyt Variant Recruits Routers to DDoS Servers for Valve Games

A new version of Gafgyt botnet malware has been enlisting routers from Zyxel and Huawei, as well as devices with Realtek RTL81xx chipset, using them for denial-of-service (DoS) attacks against servers running the Valve Source engine. [...]

https://www.bleepingcomputer.com/news/security/new-gafgyt-variant-recruits-routers-to-ddos-servers-for-valve-games/

QSnatch Malware Infects Thousands of NAS Devices, Steals Credentials

Thousands of QNAP NAS devices are getting infected with a malware dubbed QSnatch that injects into their firmware and proceeds to steal credentials and load malicious code retrieved from its command and control (C2) servers. [...]

https://www.bleepingcomputer.com/news/security/qsnatch-malware-infects-thousands-of-nas-devices-steals-credentials/

Microsoft Warns of Windows Slow Startup Due to Persistent Memory

Microsoft acknowledged a new known issue impacting several Windows versions and leading to unexpectedly slow startups on computers configured to use persistent memory. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-windows-slow-startup-due-to-persistent-memory/

Chinese Hackers Steal SMS Messages from Linux Routing Servers

Chinese hackers deployed a new cyber-espionage tool on Linux servers belonging to a telecommunications network provider to steal SMS message content for specific recipients. [...]

https://www.bleepingcomputer.com/news/security/chinese-hackers-steal-sms-messages-from-linux-routing-servers/

Discord Abused to Spread Malware and Harvest Stolen Data

Malware developers and attackers are abusing the Discord chat service by using it to host their malware, act as command and control servers, or by modifying the chat client to perform malicious behavior. [...]

https://www.bleepingcomputer.com/news/security/discord-abused-to-spread-malware-and-harvest-stolen-data/

Microsoft Shares Solutions for Windows TLS Failures, Timeouts

Microsoft has acknowledged a new issue affecting several Windows versions that could lead to Transport Layer Security (TLS) and Secure Sockets Layer (SSL) connections intermittently failing or getting timed out. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-solutions-for-windows-tls-failures-timeouts/

Active Duty U.S. Military Now Gets Free Credit Monitoring

The FTC announced that starting October 31 active-duty U.S. Army service members and National Guard members will get free credit monitoring from the Equifax, Experian, and TransUnion nationwide​​​​​ credit reporting agencies. [...]

https://www.bleepingcomputer.com/news/security/active-duty-us-military-now-gets-free-credit-monitoring/

Emotet Trojan Brings a Malware Scare with Halloween Emails

The Emotet Trojan is celebrating Halloween by pushing out new spam templates that want to invite you to a neighborhood party. While these emails promise you a treat, in reality Emotet is tricking you into installing an infection. [...]

https://www.bleepingcomputer.com/news/security/emotet-trojan-brings-a-malware-scare-with-halloween-emails/

Marriott Reports Exposure of Associates' Social Security Numbers

Marriott International notified some of its associates of an incident that exposed their social security numbers (SSNs) to an unknown party. [...]

https://www.bleepingcomputer.com/news/security/marriott-reports-exposure-of-associates-social-security-numbers/

20 Companies Pledge Support for the Hack_Right Program

The Hack_Right program aiming to help young hackers avoid cybercrime and use their skills for good has received a pledge of support from about 20 companies. [...]

https://www.bleepingcomputer.com/news/security/20-companies-pledge-support-for-the-hack-right-program/

Chrome Zero-Day Bug with Exploit in the Wild Gets A Patch

Google on Thursday night started to roll out an update for Chrome that patches two use-after-free vulnerabilities, one of them having at least one exploit in the wild. [...]

https://www.bleepingcomputer.com/news/security/chrome-zero-day-bug-with-exploit-in-the-wild-gets-a-patch/

GandCrab RaaS Was a Training Ground for Malware Distributors

GandCrab operators changed the ransomware business from the ground up, establishing a model that is embraced and continued by other cybercriminals. [...]

https://www.bleepingcomputer.com/news/security/gandcrab-raas-was-a-training-ground-for-malware-distributors/

Google Chrome is Getting the 'Close other tabs' Option Back

Google has decided to add the "Close other tabs" right-click context menu option back to Google Chrome. While it is not known why they decided to add it back, I have sorely missed this feature and it a welcome change. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-is-getting-the-close-other-tabs-option-back/

Media Giant Nikkei Losses $29 Million to BEC Scammers

Publishing giant Nikkei lost roughly 29 million dollars after an employee of the Nikkei America subsidiary was tricked by scammers to send the funds to a bank account they controlled. [...]

https://www.bleepingcomputer.com/news/security/media-giant-nikkei-losses-29-million-to-bec-scammers/

US MS-ISAC Releases the October List of End of Support Software

The Multi-State Information Sharing and Analysis Center (MS-ISAC) of the Center for Internet Security has a released the October 2019 list of of software that is currently in or nearing end of support. [...]

https://www.bleepingcomputer.com/news/software/us-ms-isac-releases-the-october-list-of-end-of-support-software/

Office 365 Phishing Campaign Baits Employees with Pay Raises

Pay raises were used by scammers to bait employees in a recent phishing campaign that tried to trick them into handing out their Microsoft Office 365 account credentials. [...]

https://www.bleepingcomputer.com/news/security/office-365-phishing-campaign-baits-employees-with-pay-raises/