T-Mobile Discloses Data Breach Impacting Prepaid Customers

T-Mobile said today in a data breach notification that the account information of an undisclosed number of customers using the company's prepaid services was accessed by an unauthorized third-party. [...]

https://www.bleepingcomputer.com/news/security/t-mobile-discloses-data-breach-impacting-prepaid-customers/

Edenred Payment Solutions Giant Announces Malware Incident

Payment solutions giant Edenred today revealed in a statement that a malware incident affected an undisclosed number of its computing systems leading to an investigation for establishing the extent of the infection. [...]

https://www.bleepingcomputer.com/news/security/edenred-payment-solutions-giant-announces-malware-incident/

Allied Universal Breached by Maze Ransomware, Stolen Data Leaked

After a deadline was missed for receiving a ransom payment, the group behind Maze Ransomware has published almost 700 MB worth of data and files stolen from security staffing firm Allied Universal. We are told this is only 10% of the total files stolen and the rest will be released if a payment is not made. [...]

https://www.bleepingcomputer.com/news/security/allied-universal-breached-by-maze-ransomware-stolen-data-leaked/

FBI Warns of Cyber Attacks Targeting US Automotive Industry

The U.S. Federal Bureau of Investigation (FBI) Cyber Division warned private industry partners of incoming cyber attacks against the US automotive industry targeting sensitive corporate and enterprise data. [...]

https://www.bleepingcomputer.com/news/security/fbi-warns-of-cyber-attacks-targeting-us-automotive-industry/

Clop Ransomware Tries to Disable Windows Defender, Malwarebytes

In order to successfully encrypt a victim's data, the Clop CryptoMix Ransomware is now attempting to disable Windows Defender as well as remove the Microsoft Security Essentials and Malwarebytes' standalone Anti-Ransomware programs. [...]

https://www.bleepingcomputer.com/news/security/clop-ransomware-tries-to-disable-windows-defender-malwarebytes/

Dozens of VNC Vulnerabilities Found in Linux, Windows Solutions

Researchers found a total of 37 security vulnerabilities impacting four open-source Virtual Network Computing (VNC) implementations and present for the last 20 years, since 1999. [...]

https://www.bleepingcomputer.com/news/security/dozens-of-vnc-vulnerabilities-found-in-linux-windows-solutions/

OnePlus Exposed Customer Order Information in Data Breach

Chinese smartphone maker OnePlus announced a data breach leading to some of its customers' order information including names, contact numbers, emails, and shipping addresses being accessed by a third-party without authorization. [...]

https://www.bleepingcomputer.com/news/security/oneplus-exposed-customer-order-information-in-data-breach/

The Week in Ransomware - November 22nd 2019 - Leaky Files

This week the biggest news was Maze Ransomware escalating the ransomware threat releasing a victim's stolen data because they did not pay the ransom. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-22nd-2019-leaky-files/

TrickBot Trojan Getting Ready to Steal OpenSSH and OpenVPN Keys

The Trickbot banking trojan keeps evolving according to researchers who spotted this week an updated password grabber module that could be used to steal OpenSSH private keys and OpenVPN passwords and configuration files. [...]

https://www.bleepingcomputer.com/news/security/trickbot-trojan-getting-ready-to-steal-openssh-and-openvpn-keys/

Catch Restaurants Disclose Credit Card Stealing Malware Incident

Catch Hospitality Group has disclosed that point-of-sale systems (POS) at NYC hotspots Catch NYC, Catch Rooftop, and Catch Steak were infected with malware that allowed attackers to steal credit card information from customers. [...]

https://www.bleepingcomputer.com/news/security/catch-restaurants-disclose-credit-card-stealing-malware-incident/

Windows 10 Upgrades Blocked if Using Old Versions of AVG, Avast

If you are using older versions of Avast or AVG Antivirus, Microsoft has placed a compatibility hold that will prevent you from upgrading to Windows 10 1903 or Windows 10 1909 until you upgrade to a newer version of the antivirus software. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-upgrades-blocked-if-using-old-versions-of-avg-avast/

Silly Phishing Spotlight: Login to Unblock Microsoft Excel

As part of our ongoing series to educate users about some of the more silly phishing scams out there, we bring a new one that states Excel is blocked unless you login and verify your details. [...]

https://www.bleepingcomputer.com/news/security/silly-phishing-spotlight-login-to-unblock-microsoft-excel/

Livingston School District in New Jersey Hit With Ransomware

Students at the Livingston public school district in New Jersey are undoubtedly happy for a two hour delayed opening tomorrow. Unfortunately, this delay is not being caused by snow, but rather by a ransomware attack that the district is still recovering from. [...]

https://www.bleepingcomputer.com/news/security/livingston-school-district-in-new-jersey-hit-with-ransomware/

Microsoft Fixes Windows 10 Qualcomm Wi-Fi Driver Update Block

Microsoft has removed a compatibility hold that prevents users from upgrading to Windows 10 1903 and Windows 1909 if they are using older Qualcomm Wi-Fi drivers. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-qualcomm-wi-fi-driver-update-block/

Ginp Android Banker Sets as Default SMS App, Steals All Text

A new strain of mobile banking trojan called Ginp has been constantly refined to collect login credentials and credit card details. [...]

https://www.bleepingcomputer.com/news/security/ginp-android-banker-sets-as-default-sms-app-steals-all-text/

Scam Browser Notification Prompts Increased by 69% in 2019

Web browser notifications are increasingly being used to push unwanted ads for dating sites, scam sites, unwanted browser extensions, and even malware to users who subscribe to them. [...]

https://www.bleepingcomputer.com/news/security/scam-browser-notification-prompts-increased-by-69-percent-in-2019/

FortiGuard Used Hardcoded Key, XOR to Encrypt Communications

Security researchers found that multiple security products from Fortinet use weak encryption and static keys to communicate with FortiGuard services in the cloud, such as AntiSpam, AntiVirus, and Web Filter. [...]

https://www.bleepingcomputer.com/news/security/fortiguard-used-hardcoded-key-xor-to-encrypt-communications/

Mozilla to Block Fingerprinters by Default in Firefox 72

As part of its Enhanced Tracking Protection feature, Mozilla is planning on blocking Fingerprinters by default in Firefox 72, which is slated to be released in January 2020. [...]

https://www.bleepingcomputer.com/news/security/mozilla-to-block-fingerprinters-by-default-in-firefox-72/

Splunk Faces Y2K Bug-Like Problem Unless Patched

Remember the Y2K bug that threatened computer programs to go crazy on January 1, 2000? A similar timestamp recognition problem is affecting Splunk platform instances neglected by their administrators before 2020. [...]

https://www.bleepingcomputer.com/news/security/splunk-faces-y2k-bug-like-problem-unless-patched/

Over 38 Million Healthcare Records Exposed in Breaches Over 2019

This October was the month with the largest number of data breaches formally reported by entities in the healthcare sector. [...]

https://www.bleepingcomputer.com/news/security/over-38-million-healthcare-records-exposed-in-breaches-over-2019/

Phishers Create Fake Sites as Bait for Holiday Shopping Deals

While most users are familiar with phishing scams that attempt to steal a user's login credentials, phishers also use emails to lure consumers to fake retail sites in order to steal their money or sell cheap knockoffs. [...]

https://www.bleepingcomputer.com/news/security/phishers-create-fake-sites-as-bait-for-holiday-shopping-deals/