Update Intel's Rapid Storage Software to Fix System Takeover Bug

A DLL hijacking vulnerability exists in an older version of the Intel Rapid Storage Technology (Intel RST) software that could allow attackers to execute malware at elevated privileges in Windows. [...]

https://www.bleepingcomputer.com/news/security/update-intels-rapid-storage-software-to-fix-system-takeover-bug/

Over 435K Security Certs Can Be Compromised With Less Than $3,000

After analyzing millions of RSA keys and certificates generated on low entropy lightweight IoT devices, security researchers at Keyfactor discovered that more than a quarter-million of them shared their prime factors making it easy to derive their private key and compromise them. [...]

https://www.bleepingcomputer.com/news/security/over-435k-security-certs-can-be-compromised-with-less-than-3-000/

Emotet Trojan is Inviting You To A Malicious Christmas Party

Just in time for the holidays, the Emotet Trojan gang has started to send Christmas themed emails that they hope will entice you to open their attachments and become infected. They even want you to wear your ugliest Christmas sweater! [...]

https://www.bleepingcomputer.com/news/security/emotet-trojan-is-inviting-you-to-a-malicious-christmas-party/

TP-Link Router Bug Lets Attackers Login Without Passwords

TP-Link patched a critical vulnerability impacting some of its Archer routers that could allow potential attackers to void their admin passwords and remotely take control of the devices over LAN via a Telnet connection. [...]

https://www.bleepingcomputer.com/news/security/tp-link-router-bug-lets-attackers-login-without-passwords/

Google to Force OAuth in G Suite to Increase Security

Google announced that it will block less secure apps (LSAs) from accessing G Suite account data starting February 2021, following an initial stage of limiting their access during June 2020. [...]

https://www.bleepingcomputer.com/news/security/google-to-force-oauth-in-g-suite-to-increase-security/

Windows 10 Build 19536 Out for Insiders With Optional Drivers

Microsoft has released Windows 10 Insider Preview Build 19536 to Insiders in the Fast ring as part of the Active Development Branch that reflects the latest work in progress code and adds automatic optional driver updates. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-build-19536-out-for-insiders-with-optional-drivers/

Update Intel's Rapid Storage App to Fix Bug Letting Malware Evade AV

A DLL hijacking vulnerability exists in an older version of the Intel Rapid Storage Technology (Intel RST) software that could allow attackers to execute malware at elevated privileges in Windows. [...]

https://www.bleepingcomputer.com/news/security/update-intels-rapid-storage-app-to-fix-bug-letting-malware-evade-av/

Credit Card Data Exposed Online Is Tested Within 2 Hours

Be it fake or real, payment card data does not survive untouched for long on the web, a recent experiment showed. The bad guys are testing everything they find on the internet, just to make sure they don't miss an opportunity to cash in. [...]

https://www.bleepingcomputer.com/news/security/credit-card-data-exposed-online-is-tested-within-2-hours/

Facebook's Tor Site Down for Over a Week Due to Expired TLS Cert

Facebook has announced that its Tor gateway will be down for one to two weeks due to an expired TLS certificate. This is a bit strange as it normally should not take two weeks to renew a certificate. [...]

https://www.bleepingcomputer.com/news/security/facebooks-tor-site-down-for-over-a-week-due-to-expired-tls-cert/

Bug Sent WhatsApp Into Crash Loop, Caused Chat History Loss

Security researchers found a bug in WhatsApp that could be used to crash the messaging app in a loop on the phone of every member of a group. [...]

https://www.bleepingcomputer.com/news/security/bug-sent-whatsapp-into-crash-loop-caused-chat-history-loss/

How to Block Windows 10 Update Force Installing the New Edge Browser

When Microsoft Edge reaches general availability in January, Microsoft has stated that the browser will automatically be installed on Windows 10 devices via Windows Update. Here is how to block it from being automatically installed. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-block-windows-10-update-force-installing-the-new-edge-browser/

Lazarus Hackers Target Linux, Windows With New Dacls Malware

A new Remote Access Trojan (RAT) malware dubbed Dacls and connected to the Lazarus Group has been spotted by researchers while being used to target both Windows and Linux devices. [...]

https://www.bleepingcomputer.com/news/security/lazarus-hackers-target-linux-windows-with-new-dacls-malware/

Chinese Rancor APT Refreshes Malware Kit for Espionage Attacks

A Chinese-linked hacking group deployed a new malware strain dubbed Dudell as part of attacks targeting Cambodian government organizations between December 2018 and January 2019. [...]

https://www.bleepingcomputer.com/news/security/chinese-rancor-apt-refreshes-malware-kit-for-espionage-attacks/

Windows 10's Fast Ring Becomes a Microsoft Dev Playground

Microsoft officially kicks off the new Windows 10 Fast Ring with the release of their latest Insider build. Under this new Fast Ring, Insiders will always receive the latest code from Microsoft developers who are creating new features in Windows 10. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10s-fast-ring-becomes-a-microsoft-dev-playground/

LifeLabs Data Breach Exposes Personal Info of 15 Million Customers

Canadian clinical laboratory services provider LifeLabs has announced a data breach that exposed the personal information for up to 15 million Canadians after an unauthorized user gained access to their systems. [...]

https://www.bleepingcomputer.com/news/security/lifelabs-data-breach-exposes-personal-info-of-15-million-customers/

Ransomware Hit Over 1,000 U.S. Schools in 2019

Since January, 1,039 schools across the U.S. have been potentially hit by a ransomware attack after 72 school districts and/or educational institutions have publicly reported being a ransomware victim according to a report from security solutions provider Armor. [...]

https://www.bleepingcomputer.com/news/security/ransomware-hit-over-1-000-us-schools-in-2019/

Industrial Cyber-Espionage Campaign Targets Hundreds of Companies

Hundreds of industrial companies are currently the targets of cyber-espionage activity from an advanced threat actor. The adversary uses a new version of an older info-stealer to extract sensitive data and files. [...]

https://www.bleepingcomputer.com/news/security/industrial-cyber-espionage-campaign-targets-hundreds-of-companies/

New BlueKeep Scanner Lets You Find Vulnerable Windows PCs

A new scanning tool is now available for checking if your computer is vulnerable to the BlueKeep security issue in Windows Remote Desktop Services. [...]

https://www.bleepingcomputer.com/news/security/new-bluekeep-scanner-lets-you-find-vulnerable-windows-pcs/

FBI Warns of Risks Behind Using Free WiFi While Traveling

The U.S. Federal Bureau of Investigation recommends travelers to avoid connecting their phone, tablet, or computer to free wireless hotspots while traveling during the holiday season. [...]

https://www.bleepingcomputer.com/news/security/fbi-warns-of-risks-behind-using-free-wifi-while-traveling/

ScreenConnect MSP Software Used to Install Zeppelin Ransomware

Threat actors are utilizing the ScreenConnect (now called ConnectWise Control) MSP remote management software to compromise a network, steal data, and install the Zeppelin Ransomware on compromised computers. [...]

https://www.bleepingcomputer.com/news/security/screenconnect-msp-software-used-to-install-zeppelin-ransomware/

Attackers Posing as German Authorities Distribute Emotet Malware

An active malspam is distributing Emotet banking Trojan payloads via emails camouflaged to look like messages delivered by several German federal authorities warns the BSI, Germany's federal cybersecurity agency. [...]

https://www.bleepingcomputer.com/news/security/attackers-posing-as-german-authorities-distribute-emotet-malware/