Microsoft Enhances Tracking Prevention in Microsoft Edge 79

Microsoft announced a series of tracking prevention improvements that rolled out with the release of Microsoft Edge 79, enhancements that should provide a balance between web compatibility and blocking more types of trackers. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-enhances-tracking-prevention-in-microsoft-edge-79/

Firefox 71 Released with Picture-in-Picture Support and More

Mozilla has officially released Firefox 71 for Windows, Mac, and Linux and with it comes support for the picture-in-picture API and improvements to the Enhanced Tracking Protection feature and the Lockwise password manager. [...]

https://www.bleepingcomputer.com/news/software/firefox-71-released-with-picture-in-picture-support-and-more/

Microsoft Releases December 2019 Office Updates With Auth Issue Fix

Microsoft released the December 2019 non-security Microsoft Office updates that fix issues and add stability and performance improvements to Windows Installer (MSI) editions of Office 2016. [...]

https://www.bleepingcomputer.com/news/security/microsoft-releases-december-2019-office-updates-with-auth-issue-fix/

New macOS Threat Served from Cryptocurrency Trading Platform

Security researchers have encountered a new macOS malware sample believed to be the work of the North Korean group of hackers known as Lazarus. [...]

https://www.bleepingcomputer.com/news/security/new-macos-threat-served-from-cryptocurrency-trading-platform/

The Great Cannon DDoS Tool Used Against Hong Kong Protestors’ Forum

The Great Cannon Distributed Denial of Service (DDoS) tool was deployed again to launch attacks against the LIHKG social media platform used by Hong Kong protesters to coordinate during this year's anti-extradition protests. [...]

https://www.bleepingcomputer.com/news/security/the-great-cannon-ddos-tool-used-against-hong-kong-protestors-forum/

Microsoft Warns of Security Risks Behind Orphaned WHfB Keys

Microsoft published guidance on how to mitigate the security risks stemming from orphaned Windows Hello for Business (WHfB) public keys generated with the help of vulnerable Trusted Platform Module (TPM) chips. [...]

https://www.bleepingcomputer.com/news/security/microsoft-warns-of-security-risks-behind-orphaned-whfb-keys/

Malicious Python Package Available in PyPI Repo for a Year

Two malicious versions of two Python packages were introduced in the Python Package Index (PyPI) with the purpose of stealing SSH and GPG keys from Python developers' projects. [...]

https://www.bleepingcomputer.com/news/security/malicious-python-package-available-in-pypi-repo-for-a-year/

New Iranian ZeroCleare Data Wiper Malware Used in Targeted Attacks

A new destructive data-wiping malware dubbed ZeroCleare has been spotted by IBM researchers during multiple targeted attacks against organizations from the energy and industrial sector in the Middle East. [...]

https://www.bleepingcomputer.com/news/security/new-iranian-zerocleare-data-wiper-malware-used-in-targeted-attacks/

UK Retailer Sweaty Betty Hacked to Steal Customer Payment Info

The web site for UK activewear retailer Sweaty Betty has been hacked to insert malicious code that attempts to steal a customer's payment information when making purchases. [...]

https://www.bleepingcomputer.com/news/security/uk-retailer-sweaty-betty-hacked-to-steal-customer-payment-info/

Ubuntu Linux Gets Intel Microcode Update to Fix CPU Hangs

Canonical has released a new Linux Intel microcode update for Ubuntu that fixes an issue causing Intel Skylake CPUs to hang after a warm reboot. [...]

https://www.bleepingcomputer.com/news/linux/ubuntu-linux-gets-intel-microcode-update-to-fix-cpu-hangs/

Salesforce’s Heroku Used to Host Magecart Skimmers, Stolen Cards

Magecart threat actors have been spotted this week while starting to abuse Salesforce's Heroku cloud application platform to host their card skimming scripts and to store stolen payment card info. [...]

https://www.bleepingcomputer.com/news/security/salesforce-s-heroku-used-to-host-magecart-skimmers-stolen-cards/

Windows 10 Notepad on Microsoft Store is No Longer Supported

Microsoft has decided to no longer offer the Windows 10 Notepad through the Microsoft Store, which will most likely cause future updates to become available at a slower pace. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-notepad-on-microsoft-store-is-no-longer-supported/

Microsoft Remote Desktop Client for iOS is Back After Bug Fixes

After pulling their first release of the Microsoft Remote Desktop Client 10.0 for iOS in over a year due to critical bugs, Microsoft has released an updated and fixed version 10.1. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-remote-desktop-client-for-ios-is-back-after-bug-fixes/

CrackQ Tool Adds Analysis and Reports to Password Cracking

There is a new tool offensive security teams can use for their password cracking needs. CrackQ is open-source and can provide metrics on the current jobs, queuing and re-queuing tasks. [...]

https://www.bleepingcomputer.com/news/security/crackq-tool-adds-analysis-and-reports-to-password-cracking/

US Govt Alerts Financial Services of Ongoing Dridex Malware Attacks

The Department of Homeland Security's today alerted institutions from the financial services sector of risks stemming from ongoing Dridex malware attacks targeting private-sector financial firms through phishing e-mail spam campaigns. [...]

https://www.bleepingcomputer.com/news/security/us-govt-alerts-financial-services-of-ongoing-dridex-malware-attacks/

Evil Corp Hackers Charged For Stealing Over $100 Million

The U.S. Department of Justice (DoJ) charged Russian citizens Maksim V. Yakubets and Igor Turashev for deploying the Dridex malware (aka Bugat and Cridex), and for their involvement in international bank fraud and computer hacking schemes. [...]

https://www.bleepingcomputer.com/news/security/evil-corp-hackers-charged-for-stealing-over-100-million/

New Linux Vulnerability Lets Attackers Hijack VPN Connections

Security researchers found a new vulnerability allowing potential attackers to hijack VPN connections on affected *NIX devices and inject arbitrary data payloads into IPv4 and IPv6 TCP streams. [...]

https://www.bleepingcomputer.com/news/security/new-linux-vulnerability-lets-attackers-hijack-vpn-connections/

Disney+ Now Works in Linux After DRM Tweak

Linux users can now stream shows and movies from the Disney+ streaming service after Disney lowering the level of their DRM requirements.  [...]

https://www.bleepingcomputer.com/news/linux/disney-now-works-in-linux-after-drm-tweak/

Microsoft Starts Forced Feature Updates on Windows 10 1809

Microsoft says that Windows 10 1909 feature updates will start automatically installing on Windows 10 1809 devices beginning today to smooth out the update process to a more recent Windows 10 version. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-starts-forced-feature-updates-on-windows-10-1809/

Facebook Sues Company For Hijacking Accounts to Run Bad Ads

In a lawsuit filed today, Facebook alleges that a Chinese company used malware to compromise user accounts to run deceptive ads on the social media platform. [...]

https://www.bleepingcomputer.com/news/security/facebook-sues-company-for-hijacking-accounts-to-run-bad-ads/

Ransomware Writes Drama at Shakespeare Theatre

A ransomware attack over the weekend has taken down the ticketing system and patron database for the New Jersey Shakespeare Theatre and has also affected at least one other organization in the Madison area.  [...]

https://www.bleepingcomputer.com/news/security/ransomware-writes-drama-at-shakespeare-theatre/