NSA's First Public Vulnerability Disclosure: An Effort to Build Trust

The U.S. National Security Agency (NSA) started a new chapter after discovering and reporting to Microsoft a vulnerability tracked as CVE-2020-0601 and impacting Windows 10 and Windows Server systems. [...]

https://www.bleepingcomputer.com/news/security/nsas-first-public-vulnerability-disclosure-an-effort-to-build-trust/

Windows Terminal Adds Retro CRT Effects and Console Search

Microsoft released Windows Terminal Preview v.08 today and with it comes useful improvements that include a console search feature, tab sizing, and a new retro option that makes consoles look like an old CRT. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-terminal-adds-retro-crt-effects-and-console-search/

Intel Patches High Severity Flaw in VTune Performance Profiler

Intel patched six security vulnerabilities during the January 2020 Patch Tuesday, including a high severity vulnerability in VTune and a bug affecting the Intel Processor Graphics drivers for Windows and Linux. [...]

https://www.bleepingcomputer.com/news/security/intel-patches-high-severity-flaw-in-vtune-performance-profiler/

Windows BSOD Betrays Cryptominer Hidden in WAV File

The infamous blue screen of death (BSOD) on computers belonging to a company in the medical tech sector was the tell for a malware infection that spread across more than half the network. [...]

https://www.bleepingcomputer.com/news/security/windows-bsod-betrays-cryptominer-hidden-in-wav-file/

Google Chrome Aims to Make Browser User-Agents Obsolete

To enhance the privacy of its users and reduce the complexity of updating User-Agent strings, Google Chrome plans to move to a new system that web sites can use to identify information about their visitors. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-aims-to-make-browser-user-agents-obsolete/

Windows 7 Begins to Show Full Screen Windows 10 Upgrade Alerts

When users log into Windows 7 today, they should not be surprised if they see a full-screen alert telling them that the operating system is no longer supported, they are vulnerable to viruses, and that they should upgrade to Windows 10 to fix all of these issues. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-7-begins-to-show-full-screen-windows-10-upgrade-alerts/

Microsoft Office January Security Updates Fix Code Execution Bugs

Microsoft released the January 2019 Office security updates, bundling a total of seven security updates and three cumulative updates for five different products, six of them patching flaws allowing remote code execution. [...]

https://www.bleepingcomputer.com/news/security/microsoft-office-january-security-updates-fix-code-execution-bugs/

Microsoft's New Edge Browser Released, What You Need to Know

The Chromium-based Microsoft Edge is now available for download. The new Edge ditches Microsoft's home-grown EdgeHTML rendering engine for Google's open-sourced platform called 'Chromium' and Blink rendering engine. [...]

https://www.bleepingcomputer.com/news/microsoft/microsofts-new-edge-browser-released-what-you-need-to-know/

Microsoft's Indexer Diagnostics Helps Troubleshoot Windows Search

Microsoft released an Indexer Diagnostics utility to help users troubleshoot and, in some cases, fix Windows Search problems they might experience on their Windows 10 devices. [...]

https://www.bleepingcomputer.com/news/microsoft/microsofts-indexer-diagnostics-helps-troubleshoot-windows-search/

iPhones Can Now Double As a Security Key for Google Accounts

Google announced that iPhones running iOS 10 or later can now be used as security keys to protect Google accounts against phishing attacks by verifying sign-ins on Chrome OS, iOS, macOS and Windows 10 devices without pairing. [...]

https://www.bleepingcomputer.com/news/security/iphones-can-now-double-as-a-security-key-for-google-accounts/

Online Pharmacy PlanetDrugsDirect Discloses Security Breach

Canadian online pharmacy PlanetDrugsDirect is emailing customers, notifying them of a data security incident that might have impacted some of their sensitive personal and financial information. [...]

https://www.bleepingcomputer.com/news/security/online-pharmacy-planetdrugsdirect-discloses-security-breach/

Ako Ransomware Uses Spam to Infect Its Victims

It has been discovered that the network-targeting Ako ransomware is being distributed through malicious spam attachments that pretend to be a requested agreement. [...]

https://www.bleepingcomputer.com/news/security/ako-ransomware-uses-spam-to-infect-its-victims/

Customer-Owned Bank Informs 100k of Breach Exposing Account Balance, PII

P&N‌ Bank in West Australia (WA) is informing its customers that hackers may have accessed personal information stored on its systems following a cyber attack. [...]

https://www.bleepingcomputer.com/news/security/customer-owned-bank-informs-100k-of-breach-exposing-account-balance-pii/

Google to Kill Chrome Apps Across All Platforms

Google announced that it will slowly phase out support for Chrome apps on all operating systems until they will completely stop working in June 2022 for all users. [...]

https://www.bleepingcomputer.com/news/google/google-to-kill-chrome-apps-across-all-platforms/

PoCs for Windows CryptoAPI Bug Are Out, Show Real-Life Exploit Risks

Proof-of-concept exploit code is now available for the Windows CryptoAPI spoofing vulnerability tracked as CVE-2020-0601 and reported by the National Security Agency (NSA), just two days after Microsoft released a patch. [...]

https://www.bleepingcomputer.com/news/security/pocs-for-windows-cryptoapi-bug-are-out-show-real-life-exploit-risks/

TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection

The TrickBot Trojan has received an update that adds a UAC bypass targeting the Windows 10 operating system so that it infects users without displaying any visible prompts. [...]

https://www.bleepingcomputer.com/news/security/trickbot-now-uses-a-windows-10-uac-bypass-to-evade-detection/

WordPress Plugin Bugs Let Hackers Wipe or Takeover Your Site

Critical bugs found in the WordPress Database Reset plugin used by over 80,000 sites allow attackers to drop all users and get automatically elevated to an administrator role and to reset any table in the database. [...]

https://www.bleepingcomputer.com/news/security/wordpress-plugin-bugs-let-hackers-wipe-or-takeover-your-site/

Google Chrome Adds Protection for NSA's Windows CryptoAPI Flaw

Google just released Chrome 79.0.3945.130, which will now detect certificates that attempt to exploit the NSA discovered CVE-2020-0601 CryptoAPI Windows vulnerability. [...]

https://www.bleepingcomputer.com/news/security/google-chrome-adds-protection-for-nsas-windows-cryptoapi-flaw/

FBI to Warn State Officials of Election Infrastructure Cyber Threats

The Federal Bureau of Investigation (FBI) today announced a change in policy requiring the timely notification of state officials of potential cyber threats to election infrastructure. [...]

https://www.bleepingcomputer.com/news/security/fbi-to-warn-state-officials-of-election-infrastructure-cyber-threats/

Windows 10 Insider Build 19546 Adds Graphing Mode to Calculator

Microsoft has released Windows 10 Insider Preview Build 19546 to Insiders in the Fast ring, which has added a new Graphing Mode to the Windows Calculator and fixed bugs in Timeline, Outlook search, and more. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-19546-adds-graphing-mode-to-calculator/

Dutch Govt Suggests Turning Off Citrix ADC Devices, Mitigations May Fail

Mitigation recommendations for CVE-2019-19781, a currently unpatched critical flaw affecting Citrix Application Delivery Controller (ADC) and Citrix Gateway, do not have the expected effect on all product versions. [...]

https://www.bleepingcomputer.com/news/security/dutch-govt-suggests-turning-off-citrix-adc-devices-mitigations-may-fail/