Smith & Wesson Web Site Hacked to Steal Customer Payment Info

American gun manufacturer Smith & Wesson's online store has been compromised by attackers who have injected a malicious script that attempts to steal customer's payment information. [...]

https://www.bleepingcomputer.com/news/security/smith-and-wesson-web-site-hacked-to-steal-customer-payment-info/

Avast and AVG Firefox Extensions Pulled from Mozilla Addons Site

Mozilla has removed four extensions from Avast and AVG from the Firefox addon site over concerns that they were tracking a user's activity as they are browsed the web. [...]

https://www.bleepingcomputer.com/news/software/avast-and-avg-firefox-extensions-pulled-from-mozilla-addons-site/

Microsoft Forms Now Automatically Blocks Confirmed Phishing

Microsoft is rolling out automatic blocking for repeated Microsoft Forms phishing attempts to boost the product's security by stopping attackers from abusing forms and surveys to harvest sensitive data from their targets. [...]

https://www.bleepingcomputer.com/news/security/microsoft-forms-now-automatically-blocks-confirmed-phishing/

FTC Warns of Ongoing Scam Spreading Scary Terrorism Allegations

The U.S. Federal Trade Commission (FTC) warned consumers today of an active scam campaign targeting potential victims with letters designed to scare them with fake money laundering and terrorism allegations. [...]

https://www.bleepingcomputer.com/news/security/ftc-warns-of-ongoing-scam-spreading-scary-terrorism-allegations/

80% of All Android Apps Now Use Encrypted Network Traffic

Google has announced that as of October 2019, 80% of all Android apps are now using Transport Layer Security (TLS) to encrypt their network traffic. [...]

https://www.bleepingcomputer.com/news/security/80-percent-of-all-android-apps-now-use-encrypted-network-traffic/

Ryuk Ransomware Is Making Victims Left and Right

Doing some open-source intelligence (OSINT), a security researcher discovered that a provider of end-to-end solutions for emergency care facilities in the U.S. fell victim to Ryuk ransomware. [...]

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-is-making-victims-left-and-right/

Microsoft Enhances Tracking Prevention in Microsoft Edge 79

Microsoft announced a series of tracking prevention improvements that rolled out with the release of Microsoft Edge 79, enhancements that should provide a balance between web compatibility and blocking more types of trackers. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-enhances-tracking-prevention-in-microsoft-edge-79/

Firefox 71 Released with Picture-in-Picture Support and More

Mozilla has officially released Firefox 71 for Windows, Mac, and Linux and with it comes support for the picture-in-picture API and improvements to the Enhanced Tracking Protection feature and the Lockwise password manager. [...]

https://www.bleepingcomputer.com/news/software/firefox-71-released-with-picture-in-picture-support-and-more/

Microsoft Releases December 2019 Office Updates With Auth Issue Fix

Microsoft released the December 2019 non-security Microsoft Office updates that fix issues and add stability and performance improvements to Windows Installer (MSI) editions of Office 2016. [...]

https://www.bleepingcomputer.com/news/security/microsoft-releases-december-2019-office-updates-with-auth-issue-fix/

New macOS Threat Served from Cryptocurrency Trading Platform

Security researchers have encountered a new macOS malware sample believed to be the work of the North Korean group of hackers known as Lazarus. [...]

https://www.bleepingcomputer.com/news/security/new-macos-threat-served-from-cryptocurrency-trading-platform/

The Great Cannon DDoS Tool Used Against Hong Kong Protestors’ Forum

The Great Cannon Distributed Denial of Service (DDoS) tool was deployed again to launch attacks against the LIHKG social media platform used by Hong Kong protesters to coordinate during this year's anti-extradition protests. [...]

https://www.bleepingcomputer.com/news/security/the-great-cannon-ddos-tool-used-against-hong-kong-protestors-forum/

Microsoft Warns of Security Risks Behind Orphaned WHfB Keys

Microsoft published guidance on how to mitigate the security risks stemming from orphaned Windows Hello for Business (WHfB) public keys generated with the help of vulnerable Trusted Platform Module (TPM) chips. [...]

https://www.bleepingcomputer.com/news/security/microsoft-warns-of-security-risks-behind-orphaned-whfb-keys/

Malicious Python Package Available in PyPI Repo for a Year

Two malicious versions of two Python packages were introduced in the Python Package Index (PyPI) with the purpose of stealing SSH and GPG keys from Python developers' projects. [...]

https://www.bleepingcomputer.com/news/security/malicious-python-package-available-in-pypi-repo-for-a-year/

New Iranian ZeroCleare Data Wiper Malware Used in Targeted Attacks

A new destructive data-wiping malware dubbed ZeroCleare has been spotted by IBM researchers during multiple targeted attacks against organizations from the energy and industrial sector in the Middle East. [...]

https://www.bleepingcomputer.com/news/security/new-iranian-zerocleare-data-wiper-malware-used-in-targeted-attacks/

UK Retailer Sweaty Betty Hacked to Steal Customer Payment Info

The web site for UK activewear retailer Sweaty Betty has been hacked to insert malicious code that attempts to steal a customer's payment information when making purchases. [...]

https://www.bleepingcomputer.com/news/security/uk-retailer-sweaty-betty-hacked-to-steal-customer-payment-info/

Ubuntu Linux Gets Intel Microcode Update to Fix CPU Hangs

Canonical has released a new Linux Intel microcode update for Ubuntu that fixes an issue causing Intel Skylake CPUs to hang after a warm reboot. [...]

https://www.bleepingcomputer.com/news/linux/ubuntu-linux-gets-intel-microcode-update-to-fix-cpu-hangs/

Salesforce’s Heroku Used to Host Magecart Skimmers, Stolen Cards

Magecart threat actors have been spotted this week while starting to abuse Salesforce's Heroku cloud application platform to host their card skimming scripts and to store stolen payment card info. [...]

https://www.bleepingcomputer.com/news/security/salesforce-s-heroku-used-to-host-magecart-skimmers-stolen-cards/

Windows 10 Notepad on Microsoft Store is No Longer Supported

Microsoft has decided to no longer offer the Windows 10 Notepad through the Microsoft Store, which will most likely cause future updates to become available at a slower pace. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-notepad-on-microsoft-store-is-no-longer-supported/

Microsoft Remote Desktop Client for iOS is Back After Bug Fixes

After pulling their first release of the Microsoft Remote Desktop Client 10.0 for iOS in over a year due to critical bugs, Microsoft has released an updated and fixed version 10.1. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-remote-desktop-client-for-ios-is-back-after-bug-fixes/

CrackQ Tool Adds Analysis and Reports to Password Cracking

There is a new tool offensive security teams can use for their password cracking needs. CrackQ is open-source and can provide metrics on the current jobs, queuing and re-queuing tasks. [...]

https://www.bleepingcomputer.com/news/security/crackq-tool-adds-analysis-and-reports-to-password-cracking/

US Govt Alerts Financial Services of Ongoing Dridex Malware Attacks

The Department of Homeland Security's today alerted institutions from the financial services sector of risks stemming from ongoing Dridex malware attacks targeting private-sector financial firms through phishing e-mail spam campaigns. [...]

https://www.bleepingcomputer.com/news/security/us-govt-alerts-financial-services-of-ongoing-dridex-malware-attacks/