Malware Spread as Nude Extortion Pics of Friend's Girlfriend

Attackers have recently warped sextortion scams into baits used to infect their targets with Raccoon information stealer malware designed to help steal credentials, credit card information, desktop cryptocurrency wallets, and more.  [...]

https://www.bleepingcomputer.com/news/security/malware-spread-as-nude-extortion-pics-of-friends-girlfriend/

NSA Warns About Microsoft Exchange Flaw as Attacks Start

The U.S. National Security Agency (NSA) warned about a post-auth remote code execution vulnerability in all supported Microsoft Exchange Server servers via a tweet published on the agency's Twitter account. [...]

https://www.bleepingcomputer.com/news/security/nsa-warns-about-microsoft-exchange-flaw-as-attacks-start/

Intricate Phishing Scam Uses Support Chatbot to ‘Assist’ Victims

An intricate phishing scam is utilizing a "customer service" chatbot that walks its victims through filling out the various forms so that the attackers can steal their information, credit card numbers, and bank account information. [...]

https://www.bleepingcomputer.com/news/security/intricate-phishing-scam-uses-support-chatbot-to-assist-victims/

Google Play Protect Miserably Fails Android Protection Tests

Google's Play Protect Android mobile threat protection system failed German antivirus testing lab AV-Test real-world tests, scoring zero out of a maximum of six points after very weak malware detection performance. [...]

https://www.bleepingcomputer.com/news/security/google-play-protect-miserably-fails-android-protection-tests/

Malware Unfazed by Google Chrome's New Password, Cookie Encryption

Google's addition of the AES-256 algorithm to encrypt cookies and passwords in the Chrome browser had a minor impact on infostealers. [...]

https://www.bleepingcomputer.com/news/security/malware-unfazed-by-google-chromes-new-password-cookie-encryption/

New LVI Intel CPU Data Theft Vulnerability Requires Hardware Fix

A novel class of attack techniques against modern Intel processors can allow threat actors to inject malicious data into applications via transient-execution attacks and steal sensitive data according to researchers. [...]

https://www.bleepingcomputer.com/news/security/new-lvi-intel-cpu-data-theft-vulnerability-requires-hardware-fix/

Paradise Ransomware Distributed via Uncommon Spam Attachment

Attackers have started to send Excel Web Query attachments in phishing campaigns to download and install the Paradise Ransomware on unsuspecting victims. [...]

https://www.bleepingcomputer.com/news/security/paradise-ransomware-distributed-via-uncommon-spam-attachment/

Microsoft Takes Control of Necurs U.S.-Based Infrastructure

Microsoft announced today that it took over the U.S.-based infrastructure used by the Necurs spam botnet for distributing malware payloads and infecting millions of computers. [...]

https://www.bleepingcomputer.com/news/security/microsoft-takes-control-of-necurs-us-based-infrastructure/

Windows 10 Cumulative Update KB4540673 & KB4538461 Released

It's March 2020 and today is Patch Tuesday and Microsoft is rolling out a new cumulative update for all supported version of Windows. The cumulative update with security fixes is rolling out to PCs with November 2019 Update, May 2019 Update and October 2018 Update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-update-kb4540673-and-kb4538461-released/

Firefox 74 Released: Security Fixes, Improvements, and Fixes

Mozilla has released Firefox 74 today, March 10th, 2020, to the Stable desktop channel for Windows, macOS, and Linux with bug fixes, new features, and security fixes. [...]

https://www.bleepingcomputer.com/news/software/firefox-74-released-security-fixes-improvements-and-fixes/

Entercom Radio Giant Says Data Breach Exposed User Credentials

US radio giant Entercom reported a data breach that took place in August 2019 after an unauthorized party was able to access database backup files stored third-party cloud hosting services and containing Radio.com user credentials. [...]

https://www.bleepingcomputer.com/news/security/entercom-radio-giant-says-data-breach-exposed-user-credentials/

Microsoft Leaks Info on Wormable Windows SMBv3 CVE-2020-0796 Flaw

Microsoft leaked info on a security update for a 'wormable' pre-auth remote code execution vulnerability found in the Server Message Block 3.0 (SMBv3) network communication protocol that reportedly should have been disclosed as part of this month's Patch Tuesday. [...]

https://www.bleepingcomputer.com/news/security/microsoft-leaks-info-on-wormable-windows-smbv3-cve-2020-0796-flaw/

Microsoft March 2020 Patch Tuesday Fixes 115 Vulnerabilities

Today is Microsoft's March 2020 Patch Tuesday and is always stressful for your Windows administrators, so be especially nice to them today. [...]

https://www.bleepingcomputer.com/news/security/microsoft-march-2020-patch-tuesday-fixes-115-vulnerabilities/

Nasty Phishing Scam Pretends to Be Your HIV Test Results

A new phishing scam is pretending to be your HIV test results to make you more likely to open up a malicious Excel document and become infected. [...]

https://www.bleepingcomputer.com/news/security/nasty-phishing-scam-pretends-to-be-your-hiv-test-results/

Microsoft Releases the March 2020 Security Updates for Office

Microsoft released the March 2020 Office security updates on March 10, 2020, with a total of 13 security updates and 5 cumulative updates for 6 different products, with 12 of them patching bugs allowing attackers to execute arbitrary code remotely after exploitation. [...]

https://www.bleepingcomputer.com/news/security/microsoft-releases-the-march-2020-security-updates-for-office/

Intel Patches High Severity Flaws in Windows Graphics Drivers

Intel released security updates to address 27 vulnerabilities as part of March 2020 Patch Tuesday, with ten of them being high severity security flaws impacting Intel's Graphics Drivers for Windows and the Smart Sound Technology integrated audio DSP in Intel Core and Intel Atom CPUs. [...]

https://www.bleepingcomputer.com/news/security/intel-patches-high-severity-flaws-in-windows-graphics-drivers/

DDR4 Memory Still At Rowhammer Risk, New Method Bypasses Fixes

Academic researchers testing modern memory modules from Samsung, Micron, and Hynix discovered that current protections against Rowhammer attacks are insufficient. [...]

https://www.bleepingcomputer.com/news/security/ddr4-memory-still-at-rowhammer-risk-new-method-bypasses-fixes/

Windows Registry Helps Find Malicious Docs Behind Infections

If a Windows computer becomes infected and you are trying to find its source, a good place to check is for malicious Microsoft Office documents that have been allowed to run on the computer. [...]

https://www.bleepingcomputer.com/news/security/windows-registry-helps-find-malicious-docs-behind-infections/

Google Chrome Gets 'Default to Guest' Mode for Stateless Browsing

Google announced today that a 'Default to Guest mode' feature is now available for Windows, Linux, and macOS power users of the Chrome web browser. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-gets-default-to-guest-mode-for-stateless-browsing/

Advanced Russian Hackers Use New Malware in Watering Hole Operation

Two previously undocumented pieces of malware, a downloader and a backdoor, were used in a watering hole operation attributed to the Russian-based threat group Turla. [...]

https://www.bleepingcomputer.com/news/security/advanced-russian-hackers-use-new-malware-in-watering-hole-operation/

48K Windows Hosts Vulnerable to SMBGhost CVE-2020-0796 RCE Attacks

After an Internet-wide scan, researchers at cybersecurity firm Kryptos Logic discovered roughly 48,000 Windows 10 hosts vulnerable to attacks targeting the pre-auth remote code execution CVE-2020-0796 vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3). [...]

https://www.bleepingcomputer.com/news/security/48k-windows-hosts-vulnerable-to-smbghost-cve-2020-0796-rce-attacks/