Database with 11 Million Email Records Exposed

A huge customer database containing 11 million records that include personal details, has been discovered on Monday sitting online, unprotected. [...]

https://www.bleepingcomputer.com/news/security/database-with-11-million-email-records-exposed/

Cloudflare Makes DNSSEC Activation Easy

A boost is expected in the near future in the adoption of the DNSSEC technology that establishes trust in the Domain Name System (DNS) - the mechanism responsible for translating website names into machine-intelligible data. [...]

https://www.bleepingcomputer.com/news/security/cloudflare-makes-dnssec-activation-easy/

Critical Peekaboo Bug in NVR Allows RCE, PoC Available

A critical vulnerability in software from a global vendor of video surveillance equipment puts at risk the security of video feeds from over 100 camera brands and more than 2,500 camera models. [...]

https://www.bleepingcomputer.com/news/security/critical-peekaboo-bug-in-nvr-allows-rce-poc-available/

Twitter Now Offers a Purely Chronological Timeline

Due to customer feedback, Twitter announced today that they are giving users more control over what tweets are displayed in their timeline by changing the functionality of the "Show the best Tweets first" setting. [...]

https://www.bleepingcomputer.com/news/technology/twitter-now-offers-a-purely-chronological-timeline/

Windows 10 Build 17763 Released As Microsoft Continues to Squash Bugs

Microsoft is rolling out Windows 10 Preview Build 17763 (RS5) for Insiders in the Fast Ring. Like the previous build, this release focuses entirely on fixing bugs and does not come with any new features or improvements. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-build-17763-released-as-microsoft-continues-to-squash-bugs/

Google's Removing the file:// Scheme from Chrome's Address Bar

According to a Chrome Gerrit entry, Google plans to do away with the file:// URI scheme in the address when opening local files. This is because Chrome 70 will include a new File notification that performs a similar purpose. [...]

https://www.bleepingcomputer.com/news/google/googles-removing-the-file-scheme-from-chromes-address-bar/

Xbash Malware Deletes Databases on Linux, Mines for Coins on Windows

What may very well be considered a cybercriminal's dream tool is now real and it is hunting Windows and Linux servers: a botnet with self-spreading capabilities that combines cryptomining and ransomware functions. [...]

https://www.bleepingcomputer.com/news/security/xbash-malware-deletes-databases-on-linux-mines-for-coins-on-windows/

NSO Group Rejects Citizen Lab's Findings on Pegasus Operations

A report released today about the activity of Pegasus spyware presents evidence of the tool's use outside the ethical boundaries publicized by its maker. [...]

https://www.bleepingcomputer.com/news/security/nso-group-rejects-citizen-labs-findings-on-pegasus-operations/

Windows 10 Build 18242 (19H1) Released With Bug Fixes

Today Microsoft released Windows 10 Insider Preview Build 18242 (19H1) to the Insiders on the Skip Ahead ring. This build is predominantly a bug fix release that resolves known issues in the 19H1 branch. 19H1 is the next feature update to be released after the October 2018 Update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-build-18242-19h1-released-with-bug-fixes/

Credential Stuffing Attacks Generate Billions of Login Attempts

Credential stuffing attacks are a growing problem, particularly in the financial sector, where botnets can initiate so many fraudulent login attempts that the wave has the effect of a distributed denial-of-service (DDoS) attack. [...]

https://www.bleepingcomputer.com/news/security/credential-stuffing-attacks-generate-billions-of-login-attempts/

My Cloud NAS Devices Vulnerable to Auth Bypass for over a Year

[...]

https://www.bleepingcomputer.com/news/security/my-cloud-nas-devices-vulnerable-to-auth-bypass-for-over-a-year/

Newegg Credit Card Info Stolen For a Month by Injected MageCart Script

The malicious credit card stealing MageCart script behind the British Airlines and Feedify breaches have struck again, but this time against the Newegg online technology retailer. [...]

https://www.bleepingcomputer.com/news/security/newegg-credit-card-info-stolen-for-a-month-by-injected-magecart-script/

Critical Security Update Released for Adobe Reader and Acrobat

Last week Adobe released fixed 6 critical updates in their September 2018 monthly Patch Tuesday. It looks like they missed one, as Adobe released today an out-of-band security update for a critical vulnerability in Adobe Acrobat and Adobe Reader. [...]

https://www.bleepingcomputer.com/news/security/critical-security-update-released-for-adobe-reader-and-acrobat/

Cloudflare Ends CAPTCHAs for TOR Users While Blocking Bad Actors

Cloudflare announces today its own Onion Service, which should make anonymous access easier to websites in its network, and reduce the malicious traffic aimed at them. [...]

https://www.bleepingcomputer.com/news/security/cloudflare-ends-captchas-for-tor-users-while-blocking-bad-actors/

NSS Labs Sues CrowdStrike, Symantec, ESET, AMTSO for Alleged Testing Conspiracy

NSS Labs has filed an anti-trust law suit against CrowdStrike, Symantec, ESET, and the Anti-Malware Testing Standards Organization (AMTSO) over an alleged conspiracy to prevent independent testing companies from performing unbiased reviews of security software. [...]

https://www.bleepingcomputer.com/news/security/nss-labs-sues-crowdstrike-symantec-eset-amtso-for-alleged-testing-conspiracy/

Microsoft Announces Cumulative Updates for .NET Framework for Windows 10

In a blog post, Microsoft yesterday announced that starting with Windows 10 October Update the company plans to deliver new updates for .NET Framework via Cumulative Updates channel. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-cumulative-updates-for-net-framework-for-windows-10/

Windows 10 Cumulative Updates KB4458469 and KB4457136 Released

Today is not Patch Tuesday but Microsoft is rolling out a new batch of cumulative updates for Windows 10. The software giant is rolling out cumulative updates with a long list of fixes for Windows 10 April 2018 Update (version 1803) and Windows 10 Fall Creators Update (version 1709). [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-updates-kb4458469-and-kb4457136-released/

DMARC Policies for Whitehouse.gov Make Spoofing Emails Easier

Federal executive branch departments and agencies have until October 16 to adopt on their domains a policy-based email validation system configured with the strongest setting. Most already comply with the mandatory requirement but whitehouse.gov is not among them, yet. [...]

https://www.bleepingcomputer.com/news/security/dmarc-policies-for-whitehousegov-make-spoofing-emails-easier/

Google Testing Removal of WWW Subdomain from Search Results

Google really wants to get rid of the WWW subdomain. First we had Google removing WWW in the Chrome 69 address bar and now there is some test underway to remove it from search results as well. [...]

https://www.bleepingcomputer.com/news/google/google-testing-removal-of-www-subdomain-from-search-results/

Unwiped Drives and Servers from NCIX Retailer for Sale on Craigslist

[...]

https://www.bleepingcomputer.com/news/security/unwiped-drives-and-servers-from-ncix-retailer-for-sale-on-craigslist/