Microsoft Is Adding DNS-Over-HTTPS (DoH) to Windows 10

Microsoft announced that it's working on adding support for the privacy-focused DNS over HTTPS (DoH) protocol in a future Windows 10 release, while also keeping the addition of DNS over TLS (DoT) on the table. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-is-adding-dns-over-https-doh-to-windows-10/

Macy's Customer Payment Info Stolen in Magecart Data Breach

Macy's has announced that they have suffered a data breach due to their web site being hacked with malicious scripts that steal customer's payment information. [...]

https://www.bleepingcomputer.com/news/security/macys-customer-payment-info-stolen-in-magecart-data-breach/

Louisiana Government Suffers Outage Due to Ransomware Attack

The state government of Louisiana was hit by a ransomware attack today that impacted numerous state services including the Office of Motor Vehicles, the Department of Health, and the Department of Transportion and Development. [...]

https://www.bleepingcomputer.com/news/security/louisiana-government-suffers-outage-due-to-ransomware-attack/

Shade Ransomware Is the Most Actively Distributed Malware via Email

During the first half of 2019, the Shade Ransomware (also known as Troldesh) was the most actively distributed malware via malicious email phishing campaigns according to Singapore-based Group-IB security outfit. [...]

https://www.bleepingcomputer.com/news/security/shade-ransomware-is-the-most-actively-distributed-malware-via-email/

Android Camera App Bug Lets Apps Record Video Without Permission

A new vulnerability has been found in the Camera apps for millions, if not hundreds of millions, of Android devices that could allow other apps to record video, take pictures, and extract GPS data from media without having the required permissions. [...]

https://www.bleepingcomputer.com/news/security/android-camera-app-bug-lets-apps-record-video-without-permission/

Coin Stealer Found in Monero Linux Binaries From Official Site

The Monero Project is currently investigating a potential compromise of the official website after a coin stealer was found in the Linux 64-bit command line (CLI) Monero binaries downloaded from the download page. [...]

https://www.bleepingcomputer.com/news/security/coin-stealer-found-in-monero-linux-binaries-from-official-site/

Critical Windows Update Spam Fails at Delivering Ransomware

A new spam campaign pretending to be a 'Critical Microsoft Windows Update' has been discovered that attempts to deliver the Cyborg Ransomware, but turns out to be an utter failure. [...]

https://www.bleepingcomputer.com/news/security/critical-windows-update-spam-fails-at-delivering-ransomware/

Microsoft Fixes Office 2016 Access Query Error, More Fixes Coming

Microsoft fixed a known issue occurring for Update queries in Click-2-Run and Windows Installer (MSI) editions of Access 2016, triggering errors when accessing databases and breaking functionality for various apps using Access databases. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-office-2016-access-query-error-more-fixes-coming/

NSA Publishes Advisory Addressing Encrypted Traffic Inspection Risks

The National Security Agency (NSA) published an advisory that addresses the risks behind Transport Layer Security Inspection (TLSI) and provides mitigation measures for weakened security in organizations that use TLSI products. [...]

https://www.bleepingcomputer.com/news/security/nsa-publishes-advisory-addressing-encrypted-traffic-inspection-risks/

Thousands of Enterprises At Risk Due to Oracle EBS Critical Flaws

Two critical security vulnerabilities discovered in Oracle's E-Business Suite (EBS) could allow potential attackers to take full control over a company's entire enterprise resource planning (ERP) solution. [...]

https://www.bleepingcomputer.com/news/security/thousands-of-enterprises-at-risk-due-to-oracle-ebs-critical-flaws/

Ransomware Gangs Adopt APT Tactics in Targeted Attacks

Ransomware operators are moving away from mass volume attacks and partnering with specialists who use APT techniques to provide stealthy infiltration and network-wide encryption capabilities. [...]

https://www.bleepingcomputer.com/news/security/ransomware-gangs-adopt-apt-tactics-in-targeted-attacks/

New Banking Trojan Infects Victims via McDonald’s Malvertising

A new banking Trojan distributed via malvertising and malspam campaigns using fake McDonald's coupons as lures was observed while attempting to steal financial information from potential Latin American victim. [...]

https://www.bleepingcomputer.com/news/security/new-banking-trojan-infects-victims-via-mcdonald-s-malvertising/

uBlock Origin Now Blocks Sneaky First-Party Trackers in Firefox

uBlock Origin on Firefox can now block first-party tracking scripts that attempt to bypass filters and rules by utilizing DNS CNAME records to load scripts from a third-party domain. [...]

https://www.bleepingcomputer.com/news/security/ublock-origin-now-blocks-sneaky-first-party-trackers-in-firefox/

Millions of Sites Exposed by Flaw in Jetpack WordPress Plugin

Admins and owners of WordPress websites are urged to immediately apply the Jetpack 7.9.1 critical security update to prevent potential attacks that could abuse a vulnerability present since Jetpack 5.1. [...]

https://www.bleepingcomputer.com/news/security/millions-of-sites-exposed-by-flaw-in-jetpack-wordpress-plugin/

Intel Posts Letter Apologizing for Continued CPU Shortages

In a letter posted to their web site, Intel apologizes for their continued CPU shortage, and while they have invested record levels of capital expenditure in their manufacturing, it has not been enough to meet demands. [...]

https://www.bleepingcomputer.com/news/hardware/intel-posts-letter-apologizing-for-continued-cpu-shortages/

Linux Webmin Servers Being Attacked by New P2P Roboto Botnet

Linux servers running unpatched Webmin installations are under attack and slowly getting added to a new peer-to-peer (P2P) botnet dubbed Roboto by security researchers at 360 Netlab who tracked it for roughly three months.  [...]

https://www.bleepingcomputer.com/news/security/linux-webmin-servers-being-attacked-by-new-p2p-roboto-botnet/

Microsoft Warns Customers of DoppelPaymer Ransomware Threat

The Microsoft Security Response Center (MSRC) warned customers of the threat behind ongoing DoppelPaymer ​​​​​​​ransomware attacks and reminded them about misleading info on how it spreads. [...]

https://www.bleepingcomputer.com/news/security/microsoft-warns-customers-of-doppelpaymer-ransomware-threat/

New RIPlace Bypass Evades Windows 10, AV Ransomware Protection

A new ransomware bypass technique called RIPlace requires only a few lines of code to bypass ransomware protection features built into many security products and Windows 10.​​​ [...]

https://www.bleepingcomputer.com/news/security/new-riplace-bypass-evades-windows-10-av-ransomware-protection/

DePriMon Malware Registers Itself as a Windows Print Monitor

A malware downloader being dubbed DePriMon registers itself as a Windows print monitor in order to gain persistence on infected user's computers. [...]

https://www.bleepingcomputer.com/news/security/deprimon-malware-registers-itself-as-a-windows-print-monitor/

Google Adds $1.5 Million Top Reward to Android Bug Bounty Program

Google is expanding the Android bug bounty program with new data exfiltration and lockscreen bypass categories as well as a $1 million reward for critical vulnerabilities targeting the Titan M chip. [...]

https://www.bleepingcomputer.com/news/security/google-adds-15-million-top-reward-to-android-bug-bounty-program/

Microsoft Outlook for Android Gets Spoofing Vulnerability Fix

Microsoft has released an update for Microsoft Outlook for Android that fixes a spoofing vulnerability in the application that could allow an attacker to compromise the device. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-outlook-for-android-gets-spoofing-vulnerability-fix/