OnePlus Exposed Customer Order Information in Data Breach

Chinese smartphone maker OnePlus announced a data breach leading to some of its customers' order information including names, contact numbers, emails, and shipping addresses being accessed by a third-party without authorization. [...]

https://www.bleepingcomputer.com/news/security/oneplus-exposed-customer-order-information-in-data-breach/

The Week in Ransomware - November 22nd 2019 - Leaky Files

This week the biggest news was Maze Ransomware escalating the ransomware threat releasing a victim's stolen data because they did not pay the ransom. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-22nd-2019-leaky-files/

TrickBot Trojan Getting Ready to Steal OpenSSH and OpenVPN Keys

The Trickbot banking trojan keeps evolving according to researchers who spotted this week an updated password grabber module that could be used to steal OpenSSH private keys and OpenVPN passwords and configuration files. [...]

https://www.bleepingcomputer.com/news/security/trickbot-trojan-getting-ready-to-steal-openssh-and-openvpn-keys/

Catch Restaurants Disclose Credit Card Stealing Malware Incident

Catch Hospitality Group has disclosed that point-of-sale systems (POS) at NYC hotspots Catch NYC, Catch Rooftop, and Catch Steak were infected with malware that allowed attackers to steal credit card information from customers. [...]

https://www.bleepingcomputer.com/news/security/catch-restaurants-disclose-credit-card-stealing-malware-incident/

Windows 10 Upgrades Blocked if Using Old Versions of AVG, Avast

If you are using older versions of Avast or AVG Antivirus, Microsoft has placed a compatibility hold that will prevent you from upgrading to Windows 10 1903 or Windows 10 1909 until you upgrade to a newer version of the antivirus software. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-upgrades-blocked-if-using-old-versions-of-avg-avast/

Silly Phishing Spotlight: Login to Unblock Microsoft Excel

As part of our ongoing series to educate users about some of the more silly phishing scams out there, we bring a new one that states Excel is blocked unless you login and verify your details. [...]

https://www.bleepingcomputer.com/news/security/silly-phishing-spotlight-login-to-unblock-microsoft-excel/

Livingston School District in New Jersey Hit With Ransomware

Students at the Livingston public school district in New Jersey are undoubtedly happy for a two hour delayed opening tomorrow. Unfortunately, this delay is not being caused by snow, but rather by a ransomware attack that the district is still recovering from. [...]

https://www.bleepingcomputer.com/news/security/livingston-school-district-in-new-jersey-hit-with-ransomware/

Microsoft Fixes Windows 10 Qualcomm Wi-Fi Driver Update Block

Microsoft has removed a compatibility hold that prevents users from upgrading to Windows 10 1903 and Windows 1909 if they are using older Qualcomm Wi-Fi drivers. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-qualcomm-wi-fi-driver-update-block/

Ginp Android Banker Sets as Default SMS App, Steals All Text

A new strain of mobile banking trojan called Ginp has been constantly refined to collect login credentials and credit card details. [...]

https://www.bleepingcomputer.com/news/security/ginp-android-banker-sets-as-default-sms-app-steals-all-text/

Scam Browser Notification Prompts Increased by 69% in 2019

Web browser notifications are increasingly being used to push unwanted ads for dating sites, scam sites, unwanted browser extensions, and even malware to users who subscribe to them. [...]

https://www.bleepingcomputer.com/news/security/scam-browser-notification-prompts-increased-by-69-percent-in-2019/

FortiGuard Used Hardcoded Key, XOR to Encrypt Communications

Security researchers found that multiple security products from Fortinet use weak encryption and static keys to communicate with FortiGuard services in the cloud, such as AntiSpam, AntiVirus, and Web Filter. [...]

https://www.bleepingcomputer.com/news/security/fortiguard-used-hardcoded-key-xor-to-encrypt-communications/

Mozilla to Block Fingerprinters by Default in Firefox 72

As part of its Enhanced Tracking Protection feature, Mozilla is planning on blocking Fingerprinters by default in Firefox 72, which is slated to be released in January 2020. [...]

https://www.bleepingcomputer.com/news/security/mozilla-to-block-fingerprinters-by-default-in-firefox-72/

Splunk Faces Y2K Bug-Like Problem Unless Patched

Remember the Y2K bug that threatened computer programs to go crazy on January 1, 2000? A similar timestamp recognition problem is affecting Splunk platform instances neglected by their administrators before 2020. [...]

https://www.bleepingcomputer.com/news/security/splunk-faces-y2k-bug-like-problem-unless-patched/

Over 38 Million Healthcare Records Exposed in Breaches Over 2019

This October was the month with the largest number of data breaches formally reported by entities in the healthcare sector. [...]

https://www.bleepingcomputer.com/news/security/over-38-million-healthcare-records-exposed-in-breaches-over-2019/

Phishers Create Fake Sites as Bait for Holiday Shopping Deals

While most users are familiar with phishing scams that attempt to steal a user's login credentials, phishers also use emails to lure consumers to fake retail sites in order to steal their money or sell cheap knockoffs. [...]

https://www.bleepingcomputer.com/news/security/phishers-create-fake-sites-as-bait-for-holiday-shopping-deals/

Holiday Scam Season Is Here for All Shoppers

The holiday shopping season is in full swing, with Black Friday and Cyber Monday just around the corner, and scammers have been getting ready to cash in from their fraud campaigns. [...]

https://www.bleepingcomputer.com/news/security/holiday-scam-season-is-here-for-all-shoppers/

New DeathRansom Ransomware Begins to Make a Name for Itself

A new ransomware called DeathRansom began with a rocky start, but has now resolved it's issues and has begun to infect victims and encrypt their data. [...]

https://www.bleepingcomputer.com/news/security/new-deathransom-ransomware-begins-to-make-a-name-for-itself/

Dexphot Polymorphic Malware Shows Complexity of Everyday Threats

Ordinary malware can be a real nuisance to detect due to complex methods that allowed it to slip past security solutions. Dexphot is one such strain that managed to run attack routines on close to 80,000 machines earlier this year. [...]

https://www.bleepingcomputer.com/news/security/dexphot-polymorphic-malware-shows-complexity-of-everyday-threats/

Almost 60% Of Malicious Ads Come from Three Ad Providers

In Confiant's "Demand Quality Report for Q3 2019", the ad fraud and security company analyzed 120 billion ad impressions between January 1st and September 20th that flowed through their systems in order to provide a breakdown of different malicious ad campaigns. [...]

https://www.bleepingcomputer.com/news/security/almost-60-percent-of-malicious-ads-come-from-three-ad-providers/

HP Warns That Some SSD Drives Will Fail at 32,768 Hours of Use

HP released firmware updates for a number of its Serial-Attached SCSI solid-state drives to prevent their failure at exactly 32,768 hours of operation time. [...]

https://www.bleepingcomputer.com/news/hardware/hp-warns-that-some-ssd-drives-will-fail-at-32-768-hours-of-use/

Windows 10 1909 KB4517245 Update Causes File Explorer Issues

With the release of Windows 10 1909, users have noticed a annoying bugs related to the new search experience in File Explorer that was not present in the previous version of Windows 10. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-1909-kb4517245-update-causes-file-explorer-issues/