WhatsApp, Telegram Group Invite Links Leaked in Public Searches

Invite links for WhatsApp and Telegram groups that may not be intended for public access are available through simple lookups on popular web search engines. [...]

https://www.bleepingcomputer.com/news/security/whatsapp-telegram-group-invite-links-leaked-in-public-searches/

New Mozart Malware Gets Commands, Hides Traffic Using DNS

A new backdoor malware called Mozart is using the DNS protocol to communicate with remote attackers to evade detection by security software and intrusion detection systems. [...]

https://www.bleepingcomputer.com/news/security/new-mozart-malware-gets-commands-hides-traffic-using-dns/

PayPal Users Hit With Fraudulent Target Charges via Google Pay

Hackers are using an unknown method to make fraudulent charges on PayPal accounts linked via GooglePay. These transactions are being charged through Target stores or Starbucks in the United States even though the account holders are in Germany. [...]

https://www.bleepingcomputer.com/news/security/paypal-users-hit-with-fraudulent-target-charges-via-google-pay/

DoppelPaymer Ransomware Launches Site to Post Victim's Data

The operators of the DoppelPaymer Ransomware have launched a site that they will use to shame victims who do not pay a ransom and to publish any files that were stolen before computers were encrypted. [...]

https://www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-launches-site-to-post-victims-data/

Credit Card Skimmer Running on 13 Sites, Despite Notification

The tally of shopping websites infected by MageCart Group 12 with JavaScript that steals payment card info is seeing a sharp increase. Nearly 40 new victims have been discovered. [...]

https://www.bleepingcomputer.com/news/security/credit-card-skimmer-running-on-13-sites-despite-notification/

New Critical RCE Bug in OpenBSD SMTP Server Threatens Linux Distros

Security researchers have discovered a new critical vulnerability in the OpenSMTPD email server. An attacker could exploit it remotely to run shell commands as root on the underlying operating system. [...]

https://www.bleepingcomputer.com/news/security/new-critical-rce-bug-in-openbsd-smtp-server-threatens-linux-distros/

Mozilla Enables DNS-over-HTTPS by Default for All USA Users

Starting today, Mozilla has begun to enable DNS-over-HTTPS (DoH) by default for users in the USA to provide encrypted DNS resolution and increased privacy. [...]

https://www.bleepingcomputer.com/news/software/mozilla-enables-dns-over-https-by-default-for-all-usa-users/

uBlock Origin 1.25 Now Blocks Cloaked First-Party Scripts, Firefox Only

uBlock Origin 1.2.5 has been released with a new feature that blocks first-party tracking scripts that use DNS CNAME records to load tracking scripts from a third-party domain and bypass filters. [...]

https://www.bleepingcomputer.com/news/security/ublock-origin-125-now-blocks-cloaked-first-party-scripts-firefox-only/

Microsoft Wants to do Away with Windows 10 Local Accounts

As time goes on, it is becoming increasingly clear that Microsoft is trying to make local accounts a thing of the past and push all new Windows 10 users to a Microsoft account [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-wants-to-do-away-with-windows-10-local-accounts/

Multiple WordPress Plugin Vulnerabilities Actively Being Attacked

Cybercriminals are taking advantage of the recent security flaws reported recently in popular WordPress plugins and are targeting websites that still run vulnerable versions. [...]

https://www.bleepingcomputer.com/news/security/multiple-wordpress-plugin-vulnerabilities-actively-being-attacked/

18 Sniffers Steal Payment Card Data from Print Store Customers

For the past 30 months, an online printing platform with a cover store for well-known magazines has been constantly infected with malicious scripts that steal customer payment card data. [...]

https://www.bleepingcomputer.com/news/security/18-sniffers-steal-payment-card-data-from-print-store-customers/

Brave Browser Integrates Wayback Machine to View Deleted Web Pages

Brave Browser has now integrated the Wayback Machine to display web pages that have been removed from a web site or not available due to a web site issue. [...]

https://www.bleepingcomputer.com/news/software/brave-browser-integrates-wayback-machine-to-view-deleted-web-pages/

Kr00k Bug in Broadcom, Cypress WiFi Chips Leaks Sensitive Info

A vulnerability in some popular WiFi chips present in client devices, routers, and access points, can be leveraged to partially decrypt user communication and expose data in wireless network packets. [...]

https://www.bleepingcomputer.com/news/security/kr00k-bug-in-broadcom-cypress-wifi-chips-leaks-sensitive-info/

Microsoft Rolls Out the New Edge Browser to Windows 10 Users

Microsoft has begun the rollout of its new Chromium-based Microsoft Edge to Windows 10 systems via Windows Update. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-the-new-edge-browser-to-windows-10-users/

DoppelPaymer Hacked Bretagne Télécom Using the Citrix ADC Flaw

Cloud services provider Bretagne Télécom was hacked by the threat actors behind the DoppelPaymer Ransomware using an exploit that targeted servers unpatched against the CVE-2019-19781 vulnerability. [...]

https://www.bleepingcomputer.com/news/security/doppelpaymer-hacked-bretagne-t-l-com-using-the-citrix-adc-flaw/

Hackers Scanning for Vulnerable Microsoft Exchange Servers, Patch Now!

Attackers are actively scanning the Internet for Microsoft Exchange Servers vulnerable to the CVE-2020-0688 remote code execution vulnerability patched by Microsoft two weeks ago. [...]

https://www.bleepingcomputer.com/news/security/hackers-scanning-for-vulnerable-microsoft-exchange-servers-patch-now/

Credit Card Skimmer Uses Fake CDNs To Evade Detection

Threat actors have been spotted cloaking their credit card skimmers using fake content delivery network domains as part of an effort to hide them and their exfil traffic in plain sight. [...]

https://www.bleepingcomputer.com/news/security/credit-card-skimmer-uses-fake-cdns-to-evade-detection/

Browser War 2020: Google and Microsoft Fight For Market Share

Welcome to the 2020 browser wars where both Google and Microsoft take shots at their competitors as they fight for your market share. [...]

https://www.bleepingcomputer.com/news/microsoft/browser-war-2020-google-and-microsoft-fight-for-market-share/

Sodinokibi Ransomware May Tip NASDAQ on Attacks to Hurt Stock Prices

The operators of the Sodinokibi Ransomware (REvil) have started urging affiliates to copy their victim's data before encrypting computers so it can be used as leverage on a new data leak site that is being launched soon. [...]

https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-may-tip-nasdaq-on-attacks-to-hurt-stock-prices/

SQL Dump from BGR India Shared on Hacker Forum

Hackers are currently sharing SQL databases from unsecured Amazon S3 buckets, one dump belonging to the BGR tech news site in India. [...]

https://www.bleepingcomputer.com/news/security/sql-dump-from-bgr-india-shared-on-hacker-forum/

Norton LifeLock Phishing Scam Installs Remote Access Trojan

Cybercriminals behind a recently observed phishing campaign used a clever ruse in the form of a bogus NortonLifelock document to fool victims into installing a remote access tool (RAT) that is typically used for legitimate purposes. [...]

https://www.bleepingcomputer.com/news/security/norton-lifelock-phishing-scam-installs-remote-access-trojan/