Linux, Windows Users Targeted With New ACBackdoor Malware

Researchers have discovered a new multi-platform backdoor that infects Windows and Linux systems allowing the attackers to run malicious code and binaries on the compromised machines. [...]

https://www.bleepingcomputer.com/news/security/linux-windows-users-targeted-with-new-acbackdoor-malware/

Buran Ransomware Infects PCs via Microsoft Excel Web Queries

A new spam campaign has been spotted distributing the Buran Ransomware through IQY file attachments. When opened, these Microsoft Excel Web Query attachments will execute a remote command that installs the ransomware onto a victim's computer. [...]

https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

IRS Publishes Guidance to Help Taxpayers Fight Identity Theft

Security Summit partners including the Internal Revenue Service (IRS), the US tax industry, and several state tax agencies published security guidance and updated content to highlight identity theft precautions to be taken during the incoming holiday shopping season. [...]

https://www.bleepingcomputer.com/news/security/irs-publishes-guidance-to-help-taxpayers-fight-identity-theft/

Google Chrome's 'Close Other Tabs' Option Is Back!

Google just released Google Chrome 78.0.3904.108 and with it is the return of the 'Close other tabs' feature that Google mistakenly took out in previous versions. [...]

https://www.bleepingcomputer.com/news/google/google-chromes-close-other-tabs-option-is-back/

Microsoft Is Adding DNS-Over-HTTPS (DoH) to Windows 10

Microsoft announced that it's working on adding support for the privacy-focused DNS over HTTPS (DoH) protocol in a future Windows 10 release, while also keeping the addition of DNS over TLS (DoT) on the table. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-is-adding-dns-over-https-doh-to-windows-10/

Macy's Customer Payment Info Stolen in Magecart Data Breach

Macy's has announced that they have suffered a data breach due to their web site being hacked with malicious scripts that steal customer's payment information. [...]

https://www.bleepingcomputer.com/news/security/macys-customer-payment-info-stolen-in-magecart-data-breach/

Louisiana Government Suffers Outage Due to Ransomware Attack

The state government of Louisiana was hit by a ransomware attack today that impacted numerous state services including the Office of Motor Vehicles, the Department of Health, and the Department of Transportion and Development. [...]

https://www.bleepingcomputer.com/news/security/louisiana-government-suffers-outage-due-to-ransomware-attack/

Shade Ransomware Is the Most Actively Distributed Malware via Email

During the first half of 2019, the Shade Ransomware (also known as Troldesh) was the most actively distributed malware via malicious email phishing campaigns according to Singapore-based Group-IB security outfit. [...]

https://www.bleepingcomputer.com/news/security/shade-ransomware-is-the-most-actively-distributed-malware-via-email/

Android Camera App Bug Lets Apps Record Video Without Permission

A new vulnerability has been found in the Camera apps for millions, if not hundreds of millions, of Android devices that could allow other apps to record video, take pictures, and extract GPS data from media without having the required permissions. [...]

https://www.bleepingcomputer.com/news/security/android-camera-app-bug-lets-apps-record-video-without-permission/

Coin Stealer Found in Monero Linux Binaries From Official Site

The Monero Project is currently investigating a potential compromise of the official website after a coin stealer was found in the Linux 64-bit command line (CLI) Monero binaries downloaded from the download page. [...]

https://www.bleepingcomputer.com/news/security/coin-stealer-found-in-monero-linux-binaries-from-official-site/

Critical Windows Update Spam Fails at Delivering Ransomware

A new spam campaign pretending to be a 'Critical Microsoft Windows Update' has been discovered that attempts to deliver the Cyborg Ransomware, but turns out to be an utter failure. [...]

https://www.bleepingcomputer.com/news/security/critical-windows-update-spam-fails-at-delivering-ransomware/

Microsoft Fixes Office 2016 Access Query Error, More Fixes Coming

Microsoft fixed a known issue occurring for Update queries in Click-2-Run and Windows Installer (MSI) editions of Access 2016, triggering errors when accessing databases and breaking functionality for various apps using Access databases. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-office-2016-access-query-error-more-fixes-coming/

NSA Publishes Advisory Addressing Encrypted Traffic Inspection Risks

The National Security Agency (NSA) published an advisory that addresses the risks behind Transport Layer Security Inspection (TLSI) and provides mitigation measures for weakened security in organizations that use TLSI products. [...]

https://www.bleepingcomputer.com/news/security/nsa-publishes-advisory-addressing-encrypted-traffic-inspection-risks/

Thousands of Enterprises At Risk Due to Oracle EBS Critical Flaws

Two critical security vulnerabilities discovered in Oracle's E-Business Suite (EBS) could allow potential attackers to take full control over a company's entire enterprise resource planning (ERP) solution. [...]

https://www.bleepingcomputer.com/news/security/thousands-of-enterprises-at-risk-due-to-oracle-ebs-critical-flaws/

Ransomware Gangs Adopt APT Tactics in Targeted Attacks

Ransomware operators are moving away from mass volume attacks and partnering with specialists who use APT techniques to provide stealthy infiltration and network-wide encryption capabilities. [...]

https://www.bleepingcomputer.com/news/security/ransomware-gangs-adopt-apt-tactics-in-targeted-attacks/

New Banking Trojan Infects Victims via McDonald’s Malvertising

A new banking Trojan distributed via malvertising and malspam campaigns using fake McDonald's coupons as lures was observed while attempting to steal financial information from potential Latin American victim. [...]

https://www.bleepingcomputer.com/news/security/new-banking-trojan-infects-victims-via-mcdonald-s-malvertising/

uBlock Origin Now Blocks Sneaky First-Party Trackers in Firefox

uBlock Origin on Firefox can now block first-party tracking scripts that attempt to bypass filters and rules by utilizing DNS CNAME records to load scripts from a third-party domain. [...]

https://www.bleepingcomputer.com/news/security/ublock-origin-now-blocks-sneaky-first-party-trackers-in-firefox/

Millions of Sites Exposed by Flaw in Jetpack WordPress Plugin

Admins and owners of WordPress websites are urged to immediately apply the Jetpack 7.9.1 critical security update to prevent potential attacks that could abuse a vulnerability present since Jetpack 5.1. [...]

https://www.bleepingcomputer.com/news/security/millions-of-sites-exposed-by-flaw-in-jetpack-wordpress-plugin/

Intel Posts Letter Apologizing for Continued CPU Shortages

In a letter posted to their web site, Intel apologizes for their continued CPU shortage, and while they have invested record levels of capital expenditure in their manufacturing, it has not been enough to meet demands. [...]

https://www.bleepingcomputer.com/news/hardware/intel-posts-letter-apologizing-for-continued-cpu-shortages/

Linux Webmin Servers Being Attacked by New P2P Roboto Botnet

Linux servers running unpatched Webmin installations are under attack and slowly getting added to a new peer-to-peer (P2P) botnet dubbed Roboto by security researchers at 360 Netlab who tracked it for roughly three months.  [...]

https://www.bleepingcomputer.com/news/security/linux-webmin-servers-being-attacked-by-new-p2p-roboto-botnet/

Microsoft Warns Customers of DoppelPaymer Ransomware Threat

The Microsoft Security Response Center (MSRC) warned customers of the threat behind ongoing DoppelPaymer ​​​​​​​ransomware attacks and reminded them about misleading info on how it spreads. [...]

https://www.bleepingcomputer.com/news/security/microsoft-warns-customers-of-doppelpaymer-ransomware-threat/