Firefox 74 Released: Security Fixes, Improvements, and Fixes

Mozilla has released Firefox 74 today, March 10th, 2020, to the Stable desktop channel for Windows, macOS, and Linux with bug fixes, new features, and security fixes. [...]

https://www.bleepingcomputer.com/news/software/firefox-74-released-security-fixes-improvements-and-fixes/

Entercom Radio Giant Says Data Breach Exposed User Credentials

US radio giant Entercom reported a data breach that took place in August 2019 after an unauthorized party was able to access database backup files stored third-party cloud hosting services and containing Radio.com user credentials. [...]

https://www.bleepingcomputer.com/news/security/entercom-radio-giant-says-data-breach-exposed-user-credentials/

Microsoft Leaks Info on Wormable Windows SMBv3 CVE-2020-0796 Flaw

Microsoft leaked info on a security update for a 'wormable' pre-auth remote code execution vulnerability found in the Server Message Block 3.0 (SMBv3) network communication protocol that reportedly should have been disclosed as part of this month's Patch Tuesday. [...]

https://www.bleepingcomputer.com/news/security/microsoft-leaks-info-on-wormable-windows-smbv3-cve-2020-0796-flaw/

Microsoft March 2020 Patch Tuesday Fixes 115 Vulnerabilities

Today is Microsoft's March 2020 Patch Tuesday and is always stressful for your Windows administrators, so be especially nice to them today. [...]

https://www.bleepingcomputer.com/news/security/microsoft-march-2020-patch-tuesday-fixes-115-vulnerabilities/

Nasty Phishing Scam Pretends to Be Your HIV Test Results

A new phishing scam is pretending to be your HIV test results to make you more likely to open up a malicious Excel document and become infected. [...]

https://www.bleepingcomputer.com/news/security/nasty-phishing-scam-pretends-to-be-your-hiv-test-results/

Microsoft Releases the March 2020 Security Updates for Office

Microsoft released the March 2020 Office security updates on March 10, 2020, with a total of 13 security updates and 5 cumulative updates for 6 different products, with 12 of them patching bugs allowing attackers to execute arbitrary code remotely after exploitation. [...]

https://www.bleepingcomputer.com/news/security/microsoft-releases-the-march-2020-security-updates-for-office/

Intel Patches High Severity Flaws in Windows Graphics Drivers

Intel released security updates to address 27 vulnerabilities as part of March 2020 Patch Tuesday, with ten of them being high severity security flaws impacting Intel's Graphics Drivers for Windows and the Smart Sound Technology integrated audio DSP in Intel Core and Intel Atom CPUs. [...]

https://www.bleepingcomputer.com/news/security/intel-patches-high-severity-flaws-in-windows-graphics-drivers/

DDR4 Memory Still At Rowhammer Risk, New Method Bypasses Fixes

Academic researchers testing modern memory modules from Samsung, Micron, and Hynix discovered that current protections against Rowhammer attacks are insufficient. [...]

https://www.bleepingcomputer.com/news/security/ddr4-memory-still-at-rowhammer-risk-new-method-bypasses-fixes/

Windows Registry Helps Find Malicious Docs Behind Infections

If a Windows computer becomes infected and you are trying to find its source, a good place to check is for malicious Microsoft Office documents that have been allowed to run on the computer. [...]

https://www.bleepingcomputer.com/news/security/windows-registry-helps-find-malicious-docs-behind-infections/

Google Chrome Gets 'Default to Guest' Mode for Stateless Browsing

Google announced today that a 'Default to Guest mode' feature is now available for Windows, Linux, and macOS power users of the Chrome web browser. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-gets-default-to-guest-mode-for-stateless-browsing/

Advanced Russian Hackers Use New Malware in Watering Hole Operation

Two previously undocumented pieces of malware, a downloader and a backdoor, were used in a watering hole operation attributed to the Russian-based threat group Turla. [...]

https://www.bleepingcomputer.com/news/security/advanced-russian-hackers-use-new-malware-in-watering-hole-operation/

48K Windows Hosts Vulnerable to SMBGhost CVE-2020-0796 RCE Attacks

After an Internet-wide scan, researchers at cybersecurity firm Kryptos Logic discovered roughly 48,000 Windows 10 hosts vulnerable to attacks targeting the pre-auth remote code execution CVE-2020-0796 vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3). [...]

https://www.bleepingcomputer.com/news/security/48k-windows-hosts-vulnerable-to-smbghost-cve-2020-0796-rce-attacks/

Hackers Get $1.6 Million for Card Data from Breached Online Shops

Hackers have collected $1.6 million from selling more than 239,000 payment card records on the dark web. The batch was assembled from thousands of online shops running last year a tainted version of Volusion e-commerce software. [...]

https://www.bleepingcomputer.com/news/security/hackers-get-16-million-for-card-data-from-breached-online-shops/

Microsoft Releases KB4551762 Security Update for SMBv3 Vulnerability

Microsoft released a Windows 10 security update to patch the pre-auth RCE vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3)​​​​​​​, two days after details regarding the flaw were leaked as part of the March 2020 Patch Tuesday. [...]

https://www.bleepingcomputer.com/news/security/microsoft-releases-kb4551762-security-update-for-smbv3-vulnerability/

New CoronaVirus Ransomware Acts as Cover for Kpot Infostealer

A new ransomware called CoronaVirus is has been distributed through a fake web site pretending to promote the system optimization software and utilities from WiseCleaner. [...]

https://www.bleepingcomputer.com/news/security/new-coronavirus-ransomware-acts-as-cover-for-kpot-infostealer/

Office 365 ATP To Block Email Domains That Fail Authentication

Microsoft is working on including a new Office 365 Advanced Threat Protection (ATP) feature that would block email sender domains automatically if they fail DMARC authentication as part of an effort to make Office 365 ATP secure by default. [...]

https://www.bleepingcomputer.com/news/security/office-365-atp-to-block-email-domains-that-fail-authentication/

Discord Offers Enhanced Go Live Streaming Due to Coronavirus

Discord has increased the number of people who can join a Go Live streaming session at the same time to aid those affected by the Coronavirus (COVID-19) outbreak. [...]

https://www.bleepingcomputer.com/news/technology/discord-offers-enhanced-go-live-streaming-due-to-coronavirus/

Open Exchange Rates Data Breach Affects Users of Well-Known Orgs

Open Exchange Rates has announced a data breach that exposed the personal information and salted and hashed passwords for customers of its API service. [...]

https://www.bleepingcomputer.com/news/security/open-exchange-rates-data-breach-affects-users-of-well-known-orgs/

WordPress Plugin Bug Allows Malicious Code Injection on 100K Sites

Vulnerabilities in the Popup Builder WordPress plugin could allow unauthenticated attackers to inject malicious JavaScript code into popups displayed on tens of thousands of websites, to steal information, and to potentially fully take over targeted sites. [...]

https://www.bleepingcomputer.com/news/security/wordpress-plugin-bug-allows-malicious-code-injection-on-100k-sites/

PornHub Helps Italians Stay Indoors with Free Premium Access

To help ease the boredom and isolation caused by a country-wide coronavirus lockdown in Italy, PorbHub is offering a helping hand by providing Italians free access to their premium service. [...]

https://www.bleepingcomputer.com/news/technology/pornhub-helps-italians-stay-indoors-with-free-premium-access/

VMWare Releases Fix for Critical Guest-to-Host Vulnerability

A security update has been released that fixes a Critical vulnerability in VMware Workstation Pro that could allow an application running in a guest environment to execute a command on the host. [...]

https://www.bleepingcomputer.com/news/security/vmware-releases-fix-for-critical-guest-to-host-vulnerability/