UK Retailer Sweaty Betty Hacked to Steal Customer Payment Info

The web site for UK activewear retailer Sweaty Betty has been hacked to insert malicious code that attempts to steal a customer's payment information when making purchases. [...]

https://www.bleepingcomputer.com/news/security/uk-retailer-sweaty-betty-hacked-to-steal-customer-payment-info/

Ubuntu Linux Gets Intel Microcode Update to Fix CPU Hangs

Canonical has released a new Linux Intel microcode update for Ubuntu that fixes an issue causing Intel Skylake CPUs to hang after a warm reboot. [...]

https://www.bleepingcomputer.com/news/linux/ubuntu-linux-gets-intel-microcode-update-to-fix-cpu-hangs/

Salesforce’s Heroku Used to Host Magecart Skimmers, Stolen Cards

Magecart threat actors have been spotted this week while starting to abuse Salesforce's Heroku cloud application platform to host their card skimming scripts and to store stolen payment card info. [...]

https://www.bleepingcomputer.com/news/security/salesforce-s-heroku-used-to-host-magecart-skimmers-stolen-cards/

Windows 10 Notepad on Microsoft Store is No Longer Supported

Microsoft has decided to no longer offer the Windows 10 Notepad through the Microsoft Store, which will most likely cause future updates to become available at a slower pace. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-notepad-on-microsoft-store-is-no-longer-supported/

Microsoft Remote Desktop Client for iOS is Back After Bug Fixes

After pulling their first release of the Microsoft Remote Desktop Client 10.0 for iOS in over a year due to critical bugs, Microsoft has released an updated and fixed version 10.1. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-remote-desktop-client-for-ios-is-back-after-bug-fixes/

CrackQ Tool Adds Analysis and Reports to Password Cracking

There is a new tool offensive security teams can use for their password cracking needs. CrackQ is open-source and can provide metrics on the current jobs, queuing and re-queuing tasks. [...]

https://www.bleepingcomputer.com/news/security/crackq-tool-adds-analysis-and-reports-to-password-cracking/

US Govt Alerts Financial Services of Ongoing Dridex Malware Attacks

The Department of Homeland Security's today alerted institutions from the financial services sector of risks stemming from ongoing Dridex malware attacks targeting private-sector financial firms through phishing e-mail spam campaigns. [...]

https://www.bleepingcomputer.com/news/security/us-govt-alerts-financial-services-of-ongoing-dridex-malware-attacks/

Evil Corp Hackers Charged For Stealing Over $100 Million

The U.S. Department of Justice (DoJ) charged Russian citizens Maksim V. Yakubets and Igor Turashev for deploying the Dridex malware (aka Bugat and Cridex), and for their involvement in international bank fraud and computer hacking schemes. [...]

https://www.bleepingcomputer.com/news/security/evil-corp-hackers-charged-for-stealing-over-100-million/

New Linux Vulnerability Lets Attackers Hijack VPN Connections

Security researchers found a new vulnerability allowing potential attackers to hijack VPN connections on affected *NIX devices and inject arbitrary data payloads into IPv4 and IPv6 TCP streams. [...]

https://www.bleepingcomputer.com/news/security/new-linux-vulnerability-lets-attackers-hijack-vpn-connections/

Disney+ Now Works in Linux After DRM Tweak

Linux users can now stream shows and movies from the Disney+ streaming service after Disney lowering the level of their DRM requirements.  [...]

https://www.bleepingcomputer.com/news/linux/disney-now-works-in-linux-after-drm-tweak/

Microsoft Starts Forced Feature Updates on Windows 10 1809

Microsoft says that Windows 10 1909 feature updates will start automatically installing on Windows 10 1809 devices beginning today to smooth out the update process to a more recent Windows 10 version. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-starts-forced-feature-updates-on-windows-10-1809/

Facebook Sues Company For Hijacking Accounts to Run Bad Ads

In a lawsuit filed today, Facebook alleges that a Chinese company used malware to compromise user accounts to run deceptive ads on the social media platform. [...]

https://www.bleepingcomputer.com/news/security/facebook-sues-company-for-hijacking-accounts-to-run-bad-ads/

Ransomware Writes Drama at Shakespeare Theatre

A ransomware attack over the weekend has taken down the ticketing system and patron database for the New Jersey Shakespeare Theatre and has also affected at least one other organization in the Madison area.  [...]

https://www.bleepingcomputer.com/news/security/ransomware-writes-drama-at-shakespeare-theatre/

U.S. Data Center Provider Hit by Ransomware Attack

CyrusOne, a large data center provider in the U.S., announced on Thursday that some of its systems were affected by a ransomware attack. [...]

https://www.bleepingcomputer.com/news/security/us-data-center-provider-hit-by-ransomware-attack/

Some Hardware-based Password Managers Have Poor Security

Some hardware-based password managers lack proper protections for the sensitive data they store and allow reading it in plain text, even after they've been reset. [...]

https://www.bleepingcomputer.com/news/security/some-hardware-based-password-managers-have-poor-security/

BMW Infiltrated by Hackers Hunting for Automotive Trade Secrets

The German automotive giant BMW discovered and monitored a group of hackers who infiltrated the company's networks and stayed active since at least the spring of 2019. [...]

https://www.bleepingcomputer.com/news/security/bmw-infiltrated-by-hackers-hunting-for-automotive-trade-secrets/

NVIDIA Patches Severe Flaws in Mercedes Infotainment System Chips

NVIDIA released security updates for six high severity vulnerabilities found in the Tegra Linux Driver Package (L4T) for Jetson AGX Xavier, TK1, TX1, TX2, and Nano chips used in Mercedes-Benz's MBUX infotainment system and Bosch self-driving computer systems. [...]

https://www.bleepingcomputer.com/news/security/nvidia-patches-severe-flaws-in-mercedes-infotainment-system-chips/

Fake VPN Site Pushes CryptBot and Vidar Info-Stealing Trojans

A cyberthreat actor has created a web site that promotes a fake VPN program that installs the Vidar and CryptBot password-stealing trojans. These trojans will then attempt to steal saved browser credentials and other information from a victim's computer. [...]

https://www.bleepingcomputer.com/news/security/fake-vpn-site-pushes-cryptbot-and-vidar-info-stealing-trojans/

Microsoft to Make Office 365 Encrypted Emails Look Less Spammy

Microsoft is currently working on enhancing the way emails sent using the Office 365 Message Encryption service are seen by mail servers so that they are less likely to be marked as spam and sent to the Trash folder. [...]

https://www.bleepingcomputer.com/news/security/microsoft-to-make-office-365-encrypted-emails-look-less-spammy/

The Week in Ransomware - December 6th 2019 - 'We have seen better days'

With this article we are bringing you the latest ransomware news that occurred over the past two weeks. The news is a still a little light due to some of us taking vacations, but we should be back up to speed next week. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-6th-2019-we-have-seen-better-days/

FBI Recommends Securing Your Smart TVs and IoT Devices

The U.S. Federal Bureau of Investigation (FBI) recommends making sure that Internet of Things (IoT) devices and smart TVs in your home are properly configured to protect them and your other devices from potential attackers. [...]

https://www.bleepingcomputer.com/news/security/fbi-recommends-securing-your-smart-tvs-and-iot-devices/