FTC Advises Checking Smart Toy Features Before Buying

With internet-connected toys in high demand this time of the year, the Federal Trade Commission (FTC) is making some recommendations that can help you choose one that is less detrimental to your kids' data. [...]

https://www.bleepingcomputer.com/news/security/ftc-advises-checking-smart-toy-features-before-buying/

Phishing Attack Hijacks Office 365 Accounts Using OAuth Apps

A phishing campaign has been discovered that doesn't target a recipient's username and password, but rather uses the novel approach of gaining access to a recipient's Office 365 account and its data through the Microsoft OAuth API. [...]

https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/

Google Chrome Uses Safe Browsing to Improve Phishing Protection

The Google Chrome browser will get new real-time and improved predictive phishing protection capabilities with release 79, protecting users against such attacks with the help of the Safe Browsing blacklist service. [...]

https://www.bleepingcomputer.com/news/security/google-chrome-uses-safe-browsing-to-improve-phishing-protection/

Adobe Releases Their December 2019 Security Updates

Adobe has released their monthly security updates that fix vulnerabilities in Acrobat, Reader, Photoshop CC, Brackets, and ColdFusion. All users are advised to install the applicable updates as soon as possible to resolve these vulnerabilities. [...]

https://www.bleepingcomputer.com/news/security/adobe-releases-their-december-2019-security-updates/

Windows 10 KB4530684 & KB4530715 Cumulative Updates Released

Microsoft is rolling out a new cumulative update for all supported version of Windows 10. The cumulative update comes with security fixes and minor bug fixes for Windows 10 November 2019 Update, May 2019 Update and October 2018 Update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4530684-and-kb4530715-cumulative-updates-released/

Microsoft's December 2019 Patch Tuesday Fixes Win32k Zero-day, 36 Flaws

Today is Microsoft's December 2019 Patch Tuesday, which means it is your job to be nice to Windows administrators everywhere and not to take it personal if they are a bit grouchy today. [...]

https://www.bleepingcomputer.com/news/microsoft/microsofts-december-2019-patch-tuesday-fixes-win32k-zero-day-36-flaws/

Intel Patches Plundervolt, High Severity Issues in Platform Update

Intel addressed 14 security vulnerabilities during the December 2019 Patch Tuesday, with seven of them being high and medium severity security flaws impacting multiple platforms. [...]

https://www.bleepingcomputer.com/news/security/intel-patches-plundervolt-high-severity-issues-in-platform-update/

Windows, Chrome Zero-Days Chained in Operation WizardOpium Attacks

Zero-day vulnerabilities in Google Chrome and Microsoft Windows were used last month to download and install malware onto Windows computers when visiting a Korean-language news portal. [...]

https://www.bleepingcomputer.com/news/security/windows-chrome-zero-days-chained-in-operation-wizardopium-attacks/

Chrome 79 Released With Security Improvements, Proactive Tab Freeze, and More

Google has released Chrome 79 today, December 10th, 2019, to the Stable desktop channel and it comes with bug fixes, new features, and 51 security fixes. Included are new features such as Tab Freeze, back-forward cache, and security enhancements such as improved phishing protection and compromised password alerts. [...]

https://www.bleepingcomputer.com/news/google/chrome-79-released-with-security-improvements-proactive-tab-freeze-and-more/

Windows 7 to Show Full-Screen Windows 10 Upgrade Alerts

When Windows 7 reaches end of support, the operating system will display a full screen warning stating that Windows is more vulnerable to viruses and that you should upgrade to Windows 10. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-7-to-show-full-screen-windows-10-upgrade-alerts/

Batch of 460,000+ Payment Cards Sold on Black Market Forum

Researchers monitoring activity on underground markets found that more than 460,000 payment card records were offered for sale in two days on a popular forum where such data is being traded. [...]

https://www.bleepingcomputer.com/news/security/batch-of-460-000-payment-cards-sold-on-black-market-forum/

Microsoft Office December Security Updates Fix Remote Execution Bugs

Microsoft released the December 2019 Office security updates, bundling a total of 16 security updates and five cumulative updates for five different products, three of them patching flaws allowing remote code execution. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-office-december-security-updates-fix-remote-execution-bugs/

Domain Takeover at Gunpoint Gets Influencer 14 Years in Jail

Social media influencer Rossi Lorathio Adams II was sentenced to 14 years in federal prison for plotting an Internet domain hijacking at gunpoint and an armed home invasion with his cousin Sherman Hopkins, Jr. [...]

https://www.bleepingcomputer.com/news/security/domain-takeover-at-gunpoint-gets-influencer-14-years-in-jail/

Lazarus Hackers Use TrickBot to Infect High-End Victims

Security researchers analyzing infections from TrickBot trojan found an interesting artifact that points to a connection to the Lazarus group of hackers associated with North Korea. [...]

https://www.bleepingcomputer.com/news/security/lazarus-hackers-use-trickbot-to-infect-high-end-victims/

Microsoft Pulls December 10 Office 365 Client Updates From Catalog

Microsoft pulled multiple Office 365 client updates released on December 10 from the Update Catalog after customers weren't able to download them through the Microsoft System Center Configuration Manager. [...]

https://www.bleepingcomputer.com/news/security/microsoft-pulls-december-10-office-365-client-updates-from-catalog/

Zeppelin Ransomware Targets Healthcare and IT Companies

A new variant of the VegaLocker/Buran Ransomware called Zeppelin has been spotted infecting U.S. and European companies via targeted installs. [...]

https://www.bleepingcomputer.com/news/security/zeppelin-ransomware-targets-healthcare-and-it-companies/

“Aw Snap!” Crash Makes a Comeback in Chrome 79

Google Chrome users are complaining once more of "Aw Snap!" crashes as the Code Integrity feature got re-enabled in the latest version of the browser, released yesterday. [...]

https://www.bleepingcomputer.com/news/google/-aw-snap-crash-makes-a-comeback-in-chrome-79/

Microsoft Threat Protection Released in Public Preview

Microsoft says that the integrated Microsoft Threat Protection is now available in public preview, adding automated threat response to stop attacks in their tracks, as well as self-healing for compromised devices, user identities, and mailboxes. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-threat-protection-released-in-public-preview/

Maze Ransomware Behind Pensacola Cyberattack, $1M Ransom Demand

The operators behind the Maze Ransomware have claimed responsibility for the cyberattack affecting the City of Pensacola, Florida, but state that they are not affiliated with the recent shooting at NAS Pensacola. [...]

https://www.bleepingcomputer.com/news/security/maze-ransomware-behind-pensacola-cyberattack-1m-ransom-demand/

Gmail Now Lets You Forward Emails as Attachments

Google has added a new feature to Gmail that allows you to forward an existing email, or multiple emails, as attachments. This lets the recipient open the attached email and see it in its original form with full mail headers. [...]

https://www.bleepingcomputer.com/news/google/gmail-now-lets-you-forward-emails-as-attachments/

Ransomware Hits Florida PRIDE On Saturday, Systems Still Down

Prison Rehabilitative Industries and Diversified Enterprises Inc (PRIDE) was hit by a ransomware attack on Saturday, December 7. The nonprofit organization's website and affected systems are still down. [...]

https://www.bleepingcomputer.com/news/security/ransomware-hits-florida-pride-on-saturday-systems-still-down/