Records of 114 Million US Citizen and Companies Exposed Online

A huge database containing over 114 million records of US citizens and companies has been discovered sitting online unprotected. The number of individuals impacted by the exposure is estimated to almost 83 million. [...]

https://www.bleepingcomputer.com/news/security/records-of-114-million-us-citizen-and-companies-exposed-online/

SKY Brasil Exposes 32 Million Customer Records

Data belonging to 32 million customers of SKY Brasil has been exposed online long enough to make their theft very likely, an independent security researcher discovered. [...]

https://www.bleepingcomputer.com/news/security/sky-brasil-exposes-32-million-customer-records/

Mozilla Firefox Expands DNS-over-HTTPS (DoH) Test to Release Channel

In June, Mozilla had announced that they were performing a limited Shield study for their Nightly users to monitor the performance of DNS-over-HTTPS (DoH) in Firefox. This study uses Cloudflare's DNS service to encrypt both the requests and responses to any DNS queries in order to increase a user's privacy. [...]

https://www.bleepingcomputer.com/news/software/mozilla-firefox-expands-dns-over-https-doh-test-to-release-channel/

New KingMiner Threat Shows Cryptominer Evolution

A recently discovered cryptomining operation forces access to Windows servers to use their CPU cycles for minting Monero coins. Detected six months ago, the activity went through multiple stages of evolution. [...]

https://www.bleepingcomputer.com/news/security/new-kingminer-threat-shows-cryptominer-evolution/

Marriott Data Breach Affects 500 Million Starwood Guests

Marriott announced today that the guest database from the Starwood chain of hotels was hacked in 2014 and personal information of up to 500 million guests may be compromised. [...]

https://www.bleepingcomputer.com/news/security/marriott-data-breach-affects-500-million-starwood-guests/

Making a Ransomware Payment? It May Now Violate U.S. Sanctions

Thinking about making a ransomware payment? If so, you may want to think twice before doing so as it could land you in trouble for violating U.S. government sanctions. [...]

https://www.bleepingcomputer.com/news/security/making-a-ransomware-payment-it-may-now-violate-us-sanctions/

CCleaner 5.50 Now Allows You to Disable Automatic Updates

Piriform released CCleaner 5.50 yesterday and it comes with the long awaited ability to block the program from automatically updating to a new version. [...]

https://www.bleepingcomputer.com/news/security/ccleaner-550-now-allows-you-to-disable-automatic-updates/

Moscow's New Cable Car System Infected with Ransomware the Day After it Opens

Moscow recently opened its first cable-car service and promised free rides for the first month. Unfortunately, only two days after after the service was made available, attackers reportedly hacked into the cable car systems and infected them with ransomware. [...]

https://www.bleepingcomputer.com/news/security/moscows-new-cable-car-system-infected-with-ransomware-the-day-after-it-opens/

The Week in Ransomware - November 30th 2018 - Indictments, Sanctions, & More

Been a pretty interesting week when it comes to ransomware. We had two Iranians who were indicted by the U.S. government for their involvement in the SamSam operation. We also had two bitcoin addresses used by ransomware added to the U.S. sanctions list, so they cannot be used to send payments to or you will violate U.S. sanctions. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-30th-2018-indictments-sanctions-and-more/

UK's NCSC Explains How They Handle Discovered Vulnerabilities

When the United Kingdom's National Cyber Security Center (NCSC) performs operational tasks, they may find technology vulnerabilities. When they find these vulnerabilities, they go through a decision making process called the "Equities Process" that determines what they will do with the vulnerability. [...]

https://www.bleepingcomputer.com/news/security/uks-ncsc-explains-how-they-handle-discovered-vulnerabilities/

Mozilla to Provide MSI Installers Starting with Firefox 65

In a Bugzilla report, Mozilla has revealed that they provide enterprise MSI installers starting with Firefox 65. By offering an MSI installer , system administrators can create their own transform files (MST) to easily customize the installation of Firefox in their organization. [...]

https://www.bleepingcomputer.com/news/software/mozilla-to-provide-msi-installers-starting-with-firefox-65/

Digital Oscilloscope Comes with Backdoor Accounts, Old Software Components

Some digital oscilloscopes that can communicate over the network fail to provide a minimum of security protections and allow unfettered access to unauthorized users. [...]

https://www.bleepingcomputer.com/news/security/digital-oscilloscope-comes-with-backdoor-accounts-old-software-components/

Scam iOS Fitness Apps Steal Money Through Apple Touch ID

iOS fitness apps were discovered that ask you to provide a fingerprint to continue or access your data, but instead pop up a subscription screen that automatically charges a saved credit card for over $100 USD. [...]

https://www.bleepingcomputer.com/news/security/scam-ios-fitness-apps-steal-money-through-apple-touch-id/

Mistake causes Popular Site to be Removed from Google Search Results

When your business is a web site and you rely on people finding you through search results, it can be heart attack provoking to find that your site is completely missing from Google. This is exactly what happened to a popular site who discovered their site was suddenly missing from the search results due to a mistake by Google. [...]

https://www.bleepingcomputer.com/news/google/mistake-causes-popular-site-to-be-removed-from-google-search-results/

Printeradvertising.com Spam Service Claims It Can Print Anywhere

In order to prevent this type of mischief, network enabled printers should never be connected to the Internet. Allowing them to do so only allows malicious actors to send any type of print document to your network, including pornography that could land you in trouble. [...]

https://www.bleepingcomputer.com/news/security/printeradvertisingcom-spam-service-claims-it-can-print-anywhere/

Quora Hacked - 100 Million User's Data Exposed

Quora announced tonight that one of their systems was hacked and has led to the exposure of approximately 100 million user's data to an unauthorized third-party. [...]

https://www.bleepingcomputer.com/news/security/quora-hacked-100-million-users-data-exposed/

Microsoft Replacing Edge With New Chromium-based Browser

According to reports, Microsoft is abandoning development of Microsoft Edge and instead focusing on a new Chromium-based browser under the codename Anaheim. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-replacing-edge-with-new-chromium-based-browser/

Kubernetes Updates Patch Critical Privilege Escalation Bug

A critical vulnerability in Kubernetes open-source system for handling containerized applications can enable an attacker to gain full administrator privileges on Kubernetes compute nodes. [...]

https://www.bleepingcomputer.com/news/security/kubernetes-updates-patch-critical-privilege-escalation-bug/

National Republican Congressional Committee Hacked - Emails Exposed

The National Republican Congressional Committee (NRCC) discovered this April 2018 that they were hacked and an unauthorized third-party had access to the email accounts of four senior aides. [...]

https://www.bleepingcomputer.com/news/security/national-republican-congressional-committee-hacked-emails-exposed/

Chrome 71 Released With Abusive Ad Filtering and Audio Blocking

Google has release Chrome 71 to the Stable desktop channel, which means it is now available for everyone to download. This version comes with a bunch of new features, with most of them focusing on protecting users from abusive ads, deceptive billing pages, and unwanted autoplay audio. [...]

https://www.bleepingcomputer.com/news/google/chrome-71-released-with-abusive-ad-filtering-and-audio-blocking/