Escaping Containers to Execute Commands on Play with Docker Servers

Improperly secured privileged containers on the Play with Docker testing platform offered security researchers a way to escape Linux containers and run arbitrary code on the host system. [...]

https://www.bleepingcomputer.com/news/security/escaping-containers-to-execute-commands-on-play-with-docker-servers/

Hundreds of Cybersecurity Risks Still Affecting the Pentagon

Although the vast majority of open cybersecurity issues are from 2018, there are a handful of cybersecurity gaps left open for about a decade, with two recommendations unaddressed since 2008 [...]

https://www.bleepingcomputer.com/news/security/hundreds-of-cybersecurity-risks-still-affecting-the-pentagon/

Microsoft Awarded Five-Year $1.76 Billion IDIQ Contract by DoD

[...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-awarded-five-year-176-billion-idiq-contract-by-dod/

Massachusetts Amends Law Protecting Consumers From Security Breaches

Massachusetts Governor Charlie Baker signed a new law on January 10 that amends the state's data breach law removing the fees imposed by credit reporting agencies for security disclosures and freezes of consumer credit reports [...]

https://www.bleepingcomputer.com/news/security/massachusetts-amends-law-protecting-consumers-from-security-breaches/

First Windows 10 Build for Microsoft’s Foldable Devices Appears Online

BuildFeed, a site that keeps track of the latest Windows 10 and Window Insider builds, has found a new build that may indicate that Microsoft is internally testing builds for foldable Windows 10 devices. This new build has a version of 18313.1004 on Microsoft's servers and comes from the Windows 10 19H1 development. [...]

https://www.bleepingcomputer.com/news/microsoft/first-windows-10-build-for-microsoft-s-foldable-devices-appears-online/

Hope You're Using Protection as Love Letter MalSpam has Nasty Surprises

It is almost February and love is in the air, but that doesn't mean you should open every love letter you receive. A large malspam campaign has been discovered that uses romantic and endearing email subjects to trick recipients into getting infected with ransomware, miners, and more. [...]

https://www.bleepingcomputer.com/news/security/hope-youre-using-protection-as-love-letter-malspam-has-nasty-surprises/

New Ransomware Bundles PayPal Phishing Into Its Ransom Note

A new in-development ransomware has been discovered that not only encrypts your files, but also tries to steal your PayPal credentials with an included phishing page. [...]

https://www.bleepingcomputer.com/news/security/new-ransomware-bundles-paypal-phishing-into-its-ransom-note/

Flaws in a Card Access Control System May Allow Hackers to Bypass Security

Vulnerabilities discovered in the PremiSys IDentity access system could render the building entrance security it provides useless. The vendor was warned about the flaws but still hasn't released the necessary patches. [...]

https://www.bleepingcomputer.com/news/security/flaws-in-a-card-access-control-system-may-allow-hackers-to-bypass-security/

Windows Security Patch Breaks PowerShell Remoting

Windows PowerShell and PowerShell Core 6 (PSCore6) WinRM based remoting have been broken for a specific PowerShell remoting scenario by Microsoft's CVE-2019-0543 security patch released on January 8 [...]

https://www.bleepingcomputer.com/news/security/windows-security-patch-breaks-powershell-remoting/

Microsoft and Walgreens Boots Alliance Establish Health Care Partnership

Microsoft announced a new joint partnership with health care giant Walgreens Boots Alliance aiming to combine the latter's customer reach and experience in health care services with the former's cloud and AI platform. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-and-walgreens-boots-alliance-establish-health-care-partnership/

BEC Scammers Go After Employee Paychecks

A change has been noticed in the evolution of business email compromise (BEC) scams, with fraudsters tricking human resource departments into changing an employee's direct deposit information to divert paychecks into an account they control. [...]

https://www.bleepingcomputer.com/news/security/bec-scammers-go-after-employee-paychecks/

New York Privacy Bill Forces Businesses to Disclose Consumer Data Use

A bill known as the "Right to know act of 2019" was proposed by New York State Senator Brad Madison Hoylman on January 9 to amend the general business law so that consumers have the right to request personal information that has been collected by a company and is being disclosed to third-parties. [...]

https://www.bleepingcomputer.com/news/legal/new-york-privacy-bill-forces-businesses-to-disclose-consumer-data-use/

Microsoft Says Outlook Mobile Now Ready For Pentagon Use

Outlook for iOS and Android can now be used by Department of Defense and Office 365 US Government Community Cloud High customers after their architecture was updated to use native Microsoft sync technology with direct connections to the already compliant Exchange Online backend services [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-says-outlook-mobile-now-ready-for-pentagon-use/

Windows 10 Version 1803 Cumulative Update Build 17134.556 Released

Microsoft says that 17134.556 for Windows 10 April 2018 Update includes quality improvements and no new features are being introduced in this update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-version-1803-cumulative-update-build-17134556-released/

Zero-Day Vulnerabilities Leave Smart Buildings Open to Cyber Attacks

A team of researchers discovered six zero-day vulnerabilities in protocols and individual components used in smart buildings. The flaws could be used to steal sensitive information, access or delete critical files, or perform malicious actions. [...]

https://www.bleepingcomputer.com/news/security/zero-day-vulnerabilities-leave-smart-buildings-open-to-cyber-attacks/

Google Docs, Sheets, Slides, and Sites Get Material Design

Google announced the adoption of Material Design in its Docs, Sheets, Slides, and Sites G Suite applications on the web, a new product look and feel which will be turned on by default for all end users [...]

https://www.bleepingcomputer.com/news/google/google-docs-sheets-slides-and-sites-get-material-design/

Djvu Ransomware Spreading New .TRO Variant Through Cracks & Adware Bundles

In December 2018, a new ransomware called Djvu, which could be a variant of STOP,  was released that has been heavily promoted through crack downloads & adware bundles. Originally, this ransomware would append a variation of the .djvu string as an extension to encrypted files, but a recent variant has switched to the .tro extension. [...]

https://www.bleepingcomputer.com/news/security/djvu-ransomware-spreading-new-tro-variant-through-cracks-and-adware-bundles/

Emotet Returns from the Holidays With New Tricks

Following a short period of low activity, Emotet operators are back at distributing through malicious email campaigns a new strain of their payload that carries new tricks. [...]

https://www.bleepingcomputer.com/news/security/emotet-returns-from-the-holidays-with-new-tricks/

Firefox 66 Lets You Configure Keyboard Shortcuts for Extensions

Firefox lets developers create keyboard shortcuts for their extension's functions, which are hard coded or possibly configurable depending on the extension. In Firefox 66, Mozila is making extension keyboard shortcuts configurable by a user directly from the about:addons page.  [...]

https://www.bleepingcomputer.com/news/software/firefox-66-lets-you-configure-keyboard-shortcuts-for-extensions/

Bug in Fortnite Authentication Left Accounts Open to Take Over

Weaknesses in Epic Games' authentication process for the highly popular Fortnite left gamers' accounts exposed to take over risks. An attacker could have stolen login tokens by just tricking the victim into clicking a link. [...]

https://www.bleepingcomputer.com/news/security/bug-in-fortnite-authentication-left-accounts-open-to-take-over/