The Week in Ransomware - December 6th 2019 - 'We have seen better days'

With this article we are bringing you the latest ransomware news that occurred over the past two weeks. The news is a still a little light due to some of us taking vacations, but we should be back up to speed next week. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-6th-2019-we-have-seen-better-days/

FBI Recommends Securing Your Smart TVs and IoT Devices

The U.S. Federal Bureau of Investigation (FBI) recommends making sure that Internet of Things (IoT) devices and smart TVs in your home are properly configured to protect them and your other devices from potential attackers. [...]

https://www.bleepingcomputer.com/news/security/fbi-recommends-securing-your-smart-tvs-and-iot-devices/

Clever Microsoft Phishing Scam Creates a Local Login Form

A clever phishing campaign has been spotted that bundles the scam's landing page in the HTML attachment rather than redirecting users to another site that asks them to log in. [...]

https://www.bleepingcomputer.com/news/security/clever-microsoft-phishing-scam-creates-a-local-login-form/

Moscow Cops Sell Access to City CCTV, Facial Recognition Data

Anyone with a little money can buy access to Moscow's surveillance system of tens of thousands of cameras along and check footage stored over the previous five days. [...]

https://www.bleepingcomputer.com/news/security/moscow-cops-sell-access-to-city-cctv-facial-recognition-data/

Fake Elder Scrolls Online Devs Run PlayStation Phishing Scam

Scammers are masquerading as The Elder Scrolls Online developers and sending Playstation private messages that state your account will be banned if you do not provide your login credentials. [...]

https://www.bleepingcomputer.com/news/security/fake-elder-scrolls-online-devs-run-playstation-phishing-scam/

How to Use Twitter With Keyboard Shortcuts

If you are using Twitter on the desktop, then it may be helpful to know that there are over 25 different keyboard shortcuts that you can use to perform various functions including creating new tweets, opening the Messages section, and opening Notifications. [...]

https://www.bleepingcomputer.com/news/technology/how-to-use-twitter-with-keyboard-shortcuts/

TrickBot Trojan Abuses Google Suite, Baits With Annual Bonuses

A recently active malicious campaign baited targets with phishing messages promising annual bonuses, abusing Google Suite cloud services to infect them with Trickbot banking Trojan payloads. [...]

https://www.bleepingcomputer.com/news/security/trickbot-trojan-abuses-google-suite-baits-with-annual-bonuses/

Tool Illegally Enables Windows 7 Extended Security Updates

A method has been discovered that allows Windows 7 users to bypass eligibility checks and receive Extended Security Updates even if they have not paid for a license. [...]

https://www.bleepingcomputer.com/news/microsoft/tool-illegally-enables-windows-7-extended-security-updates/

Microsoft Office 365 ATP Now Helps Analyze Phishing Attacks

Microsoft announced the rollout of the Office 365 Advanced Threat Protection (ATP) Campaign Views feature in public preview, a new capability designed to provide security teams with an overview of the attack flow behind phishing attacks against their organization. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-office-365-atp-now-helps-analyze-phishing-attacks/

Cybercriminals Lend Tactics and Skills to Political Meddlers

Disinformation campaigns for political purposes are deeply rooted in cybercriminal endeavors, with threat actors relying on actions specific to financially-motivated attacks to attain their goals. [...]

https://www.bleepingcomputer.com/news/security/cybercriminals-lend-tactics-and-skills-to-political-meddlers/

'Government Imposter' Scammers Pay $1.2 Million in FTC Settlement

A settlement with the Federal Trade Commission (FTC) requires the operators of a government imposter scheme to pay $1.2 million and also comes with a ban on sending any further unsolicited direct mail to businesses across the U.S. [...]

https://www.bleepingcomputer.com/news/security/government-imposter-scammers-pay-12-million-in-ftc-settlement/

Ryuk Ransomware Decryptor Is Broken, Could Lead to Data Loss

Due to recent changes in the Ryuk Ransomware encryption process, a bug in the decryptor could lead to data loss in large files. [...]

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-decryptor-is-broken-could-lead-to-data-loss/

Snatch Ransomware Reboots to Windows Safe Mode to Bypass AV Tools

Researchers discovered a new Snatch ransomware strain that will reboot computers it infects into Safe Mode to disable any resident security solutions and immediately starts encrypting files once the system loads. [...]

https://www.bleepingcomputer.com/news/security/snatch-ransomware-reboots-to-windows-safe-mode-to-bypass-av-tools/

Pensacola, Florida Hit by Cyber Attack, City Services Impacted

The city of Pensacola is struggling to recover from a cyber attack that hit its computer network over the weekend. Some services are still affected but no critical ones. [...]

https://www.bleepingcomputer.com/news/security/pensacola-florida-hit-by-cyber-attack-city-services-impacted/

FTC Advises Checking Smart Toy Features Before Buying

With internet-connected toys in high demand this time of the year, the Federal Trade Commission (FTC) is making some recommendations that can help you choose one that is less detrimental to your kids' data. [...]

https://www.bleepingcomputer.com/news/security/ftc-advises-checking-smart-toy-features-before-buying/

Phishing Attack Hijacks Office 365 Accounts Using OAuth Apps

A phishing campaign has been discovered that doesn't target a recipient's username and password, but rather uses the novel approach of gaining access to a recipient's Office 365 account and its data through the Microsoft OAuth API. [...]

https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/

Google Chrome Uses Safe Browsing to Improve Phishing Protection

The Google Chrome browser will get new real-time and improved predictive phishing protection capabilities with release 79, protecting users against such attacks with the help of the Safe Browsing blacklist service. [...]

https://www.bleepingcomputer.com/news/security/google-chrome-uses-safe-browsing-to-improve-phishing-protection/

Adobe Releases Their December 2019 Security Updates

Adobe has released their monthly security updates that fix vulnerabilities in Acrobat, Reader, Photoshop CC, Brackets, and ColdFusion. All users are advised to install the applicable updates as soon as possible to resolve these vulnerabilities. [...]

https://www.bleepingcomputer.com/news/security/adobe-releases-their-december-2019-security-updates/

Windows 10 KB4530684 & KB4530715 Cumulative Updates Released

Microsoft is rolling out a new cumulative update for all supported version of Windows 10. The cumulative update comes with security fixes and minor bug fixes for Windows 10 November 2019 Update, May 2019 Update and October 2018 Update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4530684-and-kb4530715-cumulative-updates-released/

Microsoft's December 2019 Patch Tuesday Fixes Win32k Zero-day, 36 Flaws

Today is Microsoft's December 2019 Patch Tuesday, which means it is your job to be nice to Windows administrators everywhere and not to take it personal if they are a bit grouchy today. [...]

https://www.bleepingcomputer.com/news/microsoft/microsofts-december-2019-patch-tuesday-fixes-win32k-zero-day-36-flaws/

Intel Patches Plundervolt, High Severity Issues in Platform Update

Intel addressed 14 security vulnerabilities during the December 2019 Patch Tuesday, with seven of them being high and medium severity security flaws impacting multiple platforms. [...]

https://www.bleepingcomputer.com/news/security/intel-patches-plundervolt-high-severity-issues-in-platform-update/