Mozilla to Disable Flash Plugin by Default in Firefox 69

Starting in Firefox 69, Mozilla will be disabling support for the Adobe Flash plugin by default. This is being done as part of the roadmap set forth by Mozilla on how they will be ultimately disable all support for Flash in Firefox. [...]

https://www.bleepingcomputer.com/news/software/mozilla-to-disable-flash-plugin-by-default-in-firefox-69/

Windows 7 KMS Activation Issues Caused by Microsoft Mistake, Not an Update

On January 8th, 2019, Windows 7 machines that were activated through Key Management Service started receiving a "Windows is not genuine" error indicating that the license is not valid. It turns out this this problem was not related to a January Patch Tuesday update, but rather caused by a problem on Microsoft's activation server. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-7-kms-activation-issues-caused-by-microsoft-mistake-not-an-update/

Godaddy Injecting JavaScript That May Break Customer Sites

Domain registrar GoDaddy is injecting JavaScript into US customer websites that could impact the overall performance of the website or even render it inoperable. [...]

https://www.bleepingcomputer.com/news/technology/godaddy-injecting-javascript-that-may-break-customer-sites/

Escaping Containers to Execute Commands on Play with Docker Servers

Improperly secured privileged containers on the Play with Docker testing platform offered security researchers a way to escape Linux containers and run arbitrary code on the host system. [...]

https://www.bleepingcomputer.com/news/security/escaping-containers-to-execute-commands-on-play-with-docker-servers/

Hundreds of Cybersecurity Risks Still Affecting the Pentagon

Although the vast majority of open cybersecurity issues are from 2018, there are a handful of cybersecurity gaps left open for about a decade, with two recommendations unaddressed since 2008 [...]

https://www.bleepingcomputer.com/news/security/hundreds-of-cybersecurity-risks-still-affecting-the-pentagon/

Microsoft Awarded Five-Year $1.76 Billion IDIQ Contract by DoD

[...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-awarded-five-year-176-billion-idiq-contract-by-dod/

Massachusetts Amends Law Protecting Consumers From Security Breaches

Massachusetts Governor Charlie Baker signed a new law on January 10 that amends the state's data breach law removing the fees imposed by credit reporting agencies for security disclosures and freezes of consumer credit reports [...]

https://www.bleepingcomputer.com/news/security/massachusetts-amends-law-protecting-consumers-from-security-breaches/

First Windows 10 Build for Microsoft’s Foldable Devices Appears Online

BuildFeed, a site that keeps track of the latest Windows 10 and Window Insider builds, has found a new build that may indicate that Microsoft is internally testing builds for foldable Windows 10 devices. This new build has a version of 18313.1004 on Microsoft's servers and comes from the Windows 10 19H1 development. [...]

https://www.bleepingcomputer.com/news/microsoft/first-windows-10-build-for-microsoft-s-foldable-devices-appears-online/

Hope You're Using Protection as Love Letter MalSpam has Nasty Surprises

It is almost February and love is in the air, but that doesn't mean you should open every love letter you receive. A large malspam campaign has been discovered that uses romantic and endearing email subjects to trick recipients into getting infected with ransomware, miners, and more. [...]

https://www.bleepingcomputer.com/news/security/hope-youre-using-protection-as-love-letter-malspam-has-nasty-surprises/

New Ransomware Bundles PayPal Phishing Into Its Ransom Note

A new in-development ransomware has been discovered that not only encrypts your files, but also tries to steal your PayPal credentials with an included phishing page. [...]

https://www.bleepingcomputer.com/news/security/new-ransomware-bundles-paypal-phishing-into-its-ransom-note/

Flaws in a Card Access Control System May Allow Hackers to Bypass Security

Vulnerabilities discovered in the PremiSys IDentity access system could render the building entrance security it provides useless. The vendor was warned about the flaws but still hasn't released the necessary patches. [...]

https://www.bleepingcomputer.com/news/security/flaws-in-a-card-access-control-system-may-allow-hackers-to-bypass-security/

Windows Security Patch Breaks PowerShell Remoting

Windows PowerShell and PowerShell Core 6 (PSCore6) WinRM based remoting have been broken for a specific PowerShell remoting scenario by Microsoft's CVE-2019-0543 security patch released on January 8 [...]

https://www.bleepingcomputer.com/news/security/windows-security-patch-breaks-powershell-remoting/

Microsoft and Walgreens Boots Alliance Establish Health Care Partnership

Microsoft announced a new joint partnership with health care giant Walgreens Boots Alliance aiming to combine the latter's customer reach and experience in health care services with the former's cloud and AI platform. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-and-walgreens-boots-alliance-establish-health-care-partnership/

BEC Scammers Go After Employee Paychecks

A change has been noticed in the evolution of business email compromise (BEC) scams, with fraudsters tricking human resource departments into changing an employee's direct deposit information to divert paychecks into an account they control. [...]

https://www.bleepingcomputer.com/news/security/bec-scammers-go-after-employee-paychecks/

New York Privacy Bill Forces Businesses to Disclose Consumer Data Use

A bill known as the "Right to know act of 2019" was proposed by New York State Senator Brad Madison Hoylman on January 9 to amend the general business law so that consumers have the right to request personal information that has been collected by a company and is being disclosed to third-parties. [...]

https://www.bleepingcomputer.com/news/legal/new-york-privacy-bill-forces-businesses-to-disclose-consumer-data-use/

Microsoft Says Outlook Mobile Now Ready For Pentagon Use

Outlook for iOS and Android can now be used by Department of Defense and Office 365 US Government Community Cloud High customers after their architecture was updated to use native Microsoft sync technology with direct connections to the already compliant Exchange Online backend services [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-says-outlook-mobile-now-ready-for-pentagon-use/

Windows 10 Version 1803 Cumulative Update Build 17134.556 Released

Microsoft says that 17134.556 for Windows 10 April 2018 Update includes quality improvements and no new features are being introduced in this update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-version-1803-cumulative-update-build-17134556-released/

Zero-Day Vulnerabilities Leave Smart Buildings Open to Cyber Attacks

A team of researchers discovered six zero-day vulnerabilities in protocols and individual components used in smart buildings. The flaws could be used to steal sensitive information, access or delete critical files, or perform malicious actions. [...]

https://www.bleepingcomputer.com/news/security/zero-day-vulnerabilities-leave-smart-buildings-open-to-cyber-attacks/

Google Docs, Sheets, Slides, and Sites Get Material Design

Google announced the adoption of Material Design in its Docs, Sheets, Slides, and Sites G Suite applications on the web, a new product look and feel which will be turned on by default for all end users [...]

https://www.bleepingcomputer.com/news/google/google-docs-sheets-slides-and-sites-get-material-design/

Djvu Ransomware Spreading New .TRO Variant Through Cracks & Adware Bundles

In December 2018, a new ransomware called Djvu, which could be a variant of STOP,  was released that has been heavily promoted through crack downloads & adware bundles. Originally, this ransomware would append a variation of the .djvu string as an extension to encrypted files, but a recent variant has switched to the .tro extension. [...]

https://www.bleepingcomputer.com/news/security/djvu-ransomware-spreading-new-tro-variant-through-cracks-and-adware-bundles/