New Echobot Variant Exploits 77 Remote Code Execution Flaws

The Echobot botnet is still after the low hanging fruit as a new variant has been spotted with an increased number of exploits that target unpatched devices, IoT for the most part. [...]

https://www.bleepingcomputer.com/news/security/new-echobot-variant-exploits-77-remote-code-execution-flaws/

VISA Warns of Ongoing Cyber Attacks on Gas Pump PoS Systems

The point-of-sale (POS) systems of North American fuel dispenser merchants are under an increased and ongoing threat of being targeted by an attack coordinated by cybercrime groups according to a security alert published by VISA. [...]

https://www.bleepingcomputer.com/news/security/visa-warns-of-ongoing-cyber-attacks-on-gas-pump-pos-systems/

Google Now Bans Some Linux Web Browsers From Their Services

Google is now banning the popular Linux browsers named Konqueror, Falkon, and Qutebrowser from logging into Google services because they may not be secure. [...]

https://www.bleepingcomputer.com/news/google/google-now-bans-some-linux-web-browsers-from-their-services/

Apple to Fix Bug That Bypasses Communication Controls for Kids

Apple rolled out the Communication Limits feature in iOS 13.3 on Tuesday with a bug that allows kids to bypass parental controls that prevent them from talking to anyone that is not in the contacts list. [...]

https://www.bleepingcomputer.com/news/apple/apple-to-fix-bug-that-bypasses-communication-controls-for-kids/

Attackers Steal Credit Cards in Rooster Teeth Data Breach

Rooster Teeth Productions have suffered a data breach that allowed attackers to steal credit card and other payment information from shoppers on the company's online store. [...]

https://www.bleepingcomputer.com/news/security/attackers-steal-credit-cards-in-rooster-teeth-data-breach/

Attackers Terrify Homeowners After Hacking Ring Devices

In a series of hacks targeting Ring camera devices, attackers are terrifying homeowners and making them feel violated in their own homes after taunting them or speaking to their children over the device's speakers. [...]

https://www.bleepingcomputer.com/news/security/attackers-terrify-homeowners-after-hacking-ring-devices/

New Orleans Suffers Ransomware Attack, Emergency Services Intact

The City of New Orleans, Louisiana has suffered a ransomware attack that has led to the shut down of the city's servers and computer, but the city states emergency services remain intact. [...]

https://www.bleepingcomputer.com/news/security/new-orleans-suffers-ransomware-attack-emergency-services-intact/

The Week in Ransomware - December 13th 2019 - Data Extortion

This has been a busy week with large scale attacks targeting local governments, new variants released, and another ransomware stating that they will use stolen data as leverage to get victims to pay. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-13th-2019-data-extortion/

Microsoft Pushes Windows 10 Autopilot Update by Mistake, How to Remove

Microsoft mistakenly installed the a Windows 10 update for Autopilot on consumer versions of Windows. After learning of their mistake, Microsoft pulled the update from being offered incorrectly, but by that point the update was already mistakenly installed on user's devices. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-pushes-windows-10-autopilot-update-by-mistake-how-to-remove/

Ryuk Ransomware Likely Behind New Orleans Cyberattack

Based on files uploaded to the VirusTotal scanning service, the ransomware attack on the City of New Orleans was likely done by the Ryuk Ransomware threat actors. [...]

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-likely-behind-new-orleans-cyberattack/

High-School Students Find Spy Cams in Their Hotel Rooms

High-school students from Wisconsin attending a conference in Minneapolis found spycams in their rooms at a downtown hotel, prompting a police investigation. [...]

https://www.bleepingcomputer.com/news/security/high-school-students-find-spy-cams-in-their-hotel-rooms/

Update Intel's Rapid Storage Software to Fix System Takeover Bug

A DLL hijacking vulnerability exists in an older version of the Intel Rapid Storage Technology (Intel RST) software that could allow attackers to execute malware at elevated privileges in Windows. [...]

https://www.bleepingcomputer.com/news/security/update-intels-rapid-storage-software-to-fix-system-takeover-bug/

Over 435K Security Certs Can Be Compromised With Less Than $3,000

After analyzing millions of RSA keys and certificates generated on low entropy lightweight IoT devices, security researchers at Keyfactor discovered that more than a quarter-million of them shared their prime factors making it easy to derive their private key and compromise them. [...]

https://www.bleepingcomputer.com/news/security/over-435k-security-certs-can-be-compromised-with-less-than-3-000/

Emotet Trojan is Inviting You To A Malicious Christmas Party

Just in time for the holidays, the Emotet Trojan gang has started to send Christmas themed emails that they hope will entice you to open their attachments and become infected. They even want you to wear your ugliest Christmas sweater! [...]

https://www.bleepingcomputer.com/news/security/emotet-trojan-is-inviting-you-to-a-malicious-christmas-party/

TP-Link Router Bug Lets Attackers Login Without Passwords

TP-Link patched a critical vulnerability impacting some of its Archer routers that could allow potential attackers to void their admin passwords and remotely take control of the devices over LAN via a Telnet connection. [...]

https://www.bleepingcomputer.com/news/security/tp-link-router-bug-lets-attackers-login-without-passwords/

Google to Force OAuth in G Suite to Increase Security

Google announced that it will block less secure apps (LSAs) from accessing G Suite account data starting February 2021, following an initial stage of limiting their access during June 2020. [...]

https://www.bleepingcomputer.com/news/security/google-to-force-oauth-in-g-suite-to-increase-security/

Windows 10 Build 19536 Out for Insiders With Optional Drivers

Microsoft has released Windows 10 Insider Preview Build 19536 to Insiders in the Fast ring as part of the Active Development Branch that reflects the latest work in progress code and adds automatic optional driver updates. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-build-19536-out-for-insiders-with-optional-drivers/

Update Intel's Rapid Storage App to Fix Bug Letting Malware Evade AV

A DLL hijacking vulnerability exists in an older version of the Intel Rapid Storage Technology (Intel RST) software that could allow attackers to execute malware at elevated privileges in Windows. [...]

https://www.bleepingcomputer.com/news/security/update-intels-rapid-storage-app-to-fix-bug-letting-malware-evade-av/

Credit Card Data Exposed Online Is Tested Within 2 Hours

Be it fake or real, payment card data does not survive untouched for long on the web, a recent experiment showed. The bad guys are testing everything they find on the internet, just to make sure they don't miss an opportunity to cash in. [...]

https://www.bleepingcomputer.com/news/security/credit-card-data-exposed-online-is-tested-within-2-hours/

Facebook's Tor Site Down for Over a Week Due to Expired TLS Cert

Facebook has announced that its Tor gateway will be down for one to two weeks due to an expired TLS certificate. This is a bit strange as it normally should not take two weeks to renew a certificate. [...]

https://www.bleepingcomputer.com/news/security/facebooks-tor-site-down-for-over-a-week-due-to-expired-tls-cert/

Bug Sent WhatsApp Into Crash Loop, Caused Chat History Loss

Security researchers found a bug in WhatsApp that could be used to crash the messaging app in a loop on the phone of every member of a group. [...]

https://www.bleepingcomputer.com/news/security/bug-sent-whatsapp-into-crash-loop-caused-chat-history-loss/