Microsoft Office 365 to Add Reply-All Mail Storm Protection

Microsoft is planning to add protection against Reply-All email storms to Office 365, an issue affecting customers that are members of improperly locked down mail distribution lists. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-office-365-to-add-reply-all-mail-storm-protection/

Hundreds of Counterfeit Sneaker Sites Hacked to Steal Credit Cards

As the craze for the latest Off-White, Nike, and Adidas sneakers heats up, sites selling counterfeit kicks have popped up to capitalize on sneakerheads searching for the best deal. To make a bad deal even worse, hackers are now targeting these sites to install malicious Magecart scripts that also steal your credit card information. [...]

https://www.bleepingcomputer.com/news/security/hundreds-of-counterfeit-sneaker-sites-hacked-to-steal-credit-cards/

Maze Ransomware Demands $6 Million Ransom From Southwire

Maze Ransomware operators claim responsibility for another cyber attack, this time against leading wire and cable manufacturer Southwire Company, LLC (Southwire) from Carrollton, Georgia. [...]

https://www.bleepingcomputer.com/news/security/maze-ransomware-demands-6-million-ransom-from-southwire/

Microsoft Warns of GALLIUM Threat Group Attacking Global Telcos

The Microsoft Threat Intelligence Center (MSTIC) today published an alert about ongoing attacks directed at telecommunication providers from around the world and operated by a threat group tracked by Microsoft as GALLIUM. [...]

https://www.bleepingcomputer.com/news/security/microsoft-warns-of-gallium-threat-group-attacking-global-telcos/

Google Achieves Its Goal of Erasing the WWW Subdomain From Chrome

With the release of Chrome 79, Google completes its goal of erasing www from browser by no longer allowing Chrome users to automatically show the www trivial subdomain in the address bar. [...]

https://www.bleepingcomputer.com/news/google/google-achieves-its-goal-of-erasing-the-www-subdomain-from-chrome/

Another Ransomware Will Now Publish Victims' Data If Not Paid

The operators of the REvil Ransomware, otherwise known as Sodinokibi, have announced that they will use stolen files and data as as leverage to get victims to pay ransoms. [...]

https://www.bleepingcomputer.com/news/security/another-ransomware-will-now-publish-victims-data-if-not-paid/

Microsoft Office 365 to Add Message Recall in Exchange Online

Microsoft is planning to add the highly popular Message Recall feature among Outlook for Windows users to the Exchange Online hosted cloud email service for businesses. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-office-365-to-add-message-recall-in-exchange-online/

New Echobot Variant Exploits 77 Remote Code Execution Flaws

The Echobot botnet is still after the low hanging fruit as a new variant has been spotted with an increased number of exploits that target unpatched devices, IoT for the most part. [...]

https://www.bleepingcomputer.com/news/security/new-echobot-variant-exploits-77-remote-code-execution-flaws/

VISA Warns of Ongoing Cyber Attacks on Gas Pump PoS Systems

The point-of-sale (POS) systems of North American fuel dispenser merchants are under an increased and ongoing threat of being targeted by an attack coordinated by cybercrime groups according to a security alert published by VISA. [...]

https://www.bleepingcomputer.com/news/security/visa-warns-of-ongoing-cyber-attacks-on-gas-pump-pos-systems/

Google Now Bans Some Linux Web Browsers From Their Services

Google is now banning the popular Linux browsers named Konqueror, Falkon, and Qutebrowser from logging into Google services because they may not be secure. [...]

https://www.bleepingcomputer.com/news/google/google-now-bans-some-linux-web-browsers-from-their-services/

Apple to Fix Bug That Bypasses Communication Controls for Kids

Apple rolled out the Communication Limits feature in iOS 13.3 on Tuesday with a bug that allows kids to bypass parental controls that prevent them from talking to anyone that is not in the contacts list. [...]

https://www.bleepingcomputer.com/news/apple/apple-to-fix-bug-that-bypasses-communication-controls-for-kids/

Attackers Steal Credit Cards in Rooster Teeth Data Breach

Rooster Teeth Productions have suffered a data breach that allowed attackers to steal credit card and other payment information from shoppers on the company's online store. [...]

https://www.bleepingcomputer.com/news/security/attackers-steal-credit-cards-in-rooster-teeth-data-breach/

Attackers Terrify Homeowners After Hacking Ring Devices

In a series of hacks targeting Ring camera devices, attackers are terrifying homeowners and making them feel violated in their own homes after taunting them or speaking to their children over the device's speakers. [...]

https://www.bleepingcomputer.com/news/security/attackers-terrify-homeowners-after-hacking-ring-devices/

New Orleans Suffers Ransomware Attack, Emergency Services Intact

The City of New Orleans, Louisiana has suffered a ransomware attack that has led to the shut down of the city's servers and computer, but the city states emergency services remain intact. [...]

https://www.bleepingcomputer.com/news/security/new-orleans-suffers-ransomware-attack-emergency-services-intact/

The Week in Ransomware - December 13th 2019 - Data Extortion

This has been a busy week with large scale attacks targeting local governments, new variants released, and another ransomware stating that they will use stolen data as leverage to get victims to pay. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-13th-2019-data-extortion/

Microsoft Pushes Windows 10 Autopilot Update by Mistake, How to Remove

Microsoft mistakenly installed the a Windows 10 update for Autopilot on consumer versions of Windows. After learning of their mistake, Microsoft pulled the update from being offered incorrectly, but by that point the update was already mistakenly installed on user's devices. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-pushes-windows-10-autopilot-update-by-mistake-how-to-remove/

Ryuk Ransomware Likely Behind New Orleans Cyberattack

Based on files uploaded to the VirusTotal scanning service, the ransomware attack on the City of New Orleans was likely done by the Ryuk Ransomware threat actors. [...]

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-likely-behind-new-orleans-cyberattack/

High-School Students Find Spy Cams in Their Hotel Rooms

High-school students from Wisconsin attending a conference in Minneapolis found spycams in their rooms at a downtown hotel, prompting a police investigation. [...]

https://www.bleepingcomputer.com/news/security/high-school-students-find-spy-cams-in-their-hotel-rooms/

Update Intel's Rapid Storage Software to Fix System Takeover Bug

A DLL hijacking vulnerability exists in an older version of the Intel Rapid Storage Technology (Intel RST) software that could allow attackers to execute malware at elevated privileges in Windows. [...]

https://www.bleepingcomputer.com/news/security/update-intels-rapid-storage-software-to-fix-system-takeover-bug/

Over 435K Security Certs Can Be Compromised With Less Than $3,000

After analyzing millions of RSA keys and certificates generated on low entropy lightweight IoT devices, security researchers at Keyfactor discovered that more than a quarter-million of them shared their prime factors making it easy to derive their private key and compromise them. [...]

https://www.bleepingcomputer.com/news/security/over-435k-security-certs-can-be-compromised-with-less-than-3-000/

Emotet Trojan is Inviting You To A Malicious Christmas Party

Just in time for the holidays, the Emotet Trojan gang has started to send Christmas themed emails that they hope will entice you to open their attachments and become infected. They even want you to wear your ugliest Christmas sweater! [...]

https://www.bleepingcomputer.com/news/security/emotet-trojan-is-inviting-you-to-a-malicious-christmas-party/