TrickBot Banking Trojan Now Steals RDP, VNC, and PuTTY Credentials
The infamous Trickbot banking Trojan's password stealer module has been recently upgraded to grab credentials used to authenticate to remote servers using VNC, PuTTY, and Remote Desktop Protocol (RDP).. [...]
https://www.bleepingcomputer.com/news/security/trickbot-banking-trojan-now-steals-rdp-vnc-and-putty-credentials/
The infamous Trickbot banking Trojan's password stealer module has been recently upgraded to grab credentials used to authenticate to remote servers using VNC, PuTTY, and Remote Desktop Protocol (RDP).. [...]
https://www.bleepingcomputer.com/news/security/trickbot-banking-trojan-now-steals-rdp-vnc-and-putty-credentials/
BleepingComputer
TrickBot Banking Trojan Now Steals RDP, VNC, and PuTTY Credentials
The infamous Trickbot banking Trojan's password stealer module has been recently upgraded to grab credentials used to authenticate to remote servers using VNC, PuTTY, and Remote Desktop Protocol (RDP)..
Windows 10 February 2019 Cumulative Updates Released With Fixes
It's Patch Tuesday and new cumulative updates are rolling out! The focus of Windows 10's February 2019 cumulative update is on addressing the security issues and the general issues reported in the past few weeks. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-february-2019-cumulative-updates-released-with-fixes/
It's Patch Tuesday and new cumulative updates are rolling out! The focus of Windows 10's February 2019 cumulative update is on addressing the security issues and the general issues reported in the past few weeks. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-february-2019-cumulative-updates-released-with-fixes/
BleepingComputer
Windows 10 February 2019 Cumulative Updates Released With Fixes
It's Patch Tuesday and new cumulative updates are rolling out! The focus of Windows 10's February 2019 cumulative update is on addressing the security issues and the general issues reported in the past few weeks.
Microsoft Patches PrivExchange Vulnerability in February Quarterly Updates
Microsoft patched the PrivExchange privilege escalation vulnerability which affected Microsoft Exchange Server 2010 and newer installations where Exchange Web Services (EWS) and Push Notifications were enabled. [...]
https://www.bleepingcomputer.com/news/security/microsoft-patches-privexchange-vulnerability-in-february-quarterly-updates/
Microsoft patched the PrivExchange privilege escalation vulnerability which affected Microsoft Exchange Server 2010 and newer installations where Exchange Web Services (EWS) and Push Notifications were enabled. [...]
https://www.bleepingcomputer.com/news/security/microsoft-patches-privexchange-vulnerability-in-february-quarterly-updates/
BleepingComputer
Microsoft Patches PrivExchange Vulnerability in February Quarterly Updates
Microsoft patched the PrivExchange privilege escalation vulnerability which affected Microsoft Exchange Server 2010 and newer installations where Exchange Web Services (EWS) and Push Notifications were enabled.
Microsoft February 2019 Patch Tuesday Includes Fixes for 70 Vulnerabilities
Today is Microsoft's February 2019 Patch Tuesday, which means it is time to get those security updates installed. Included in this month's security updates is one for an actively exploited Internet Explorer vulnerability and another remote code execution vulnerability in DHCP. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-february-2019-patch-tuesday-includes-fixes-for-70-vulnerabilities/
Today is Microsoft's February 2019 Patch Tuesday, which means it is time to get those security updates installed. Included in this month's security updates is one for an actively exploited Internet Explorer vulnerability and another remote code execution vulnerability in DHCP. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-february-2019-patch-tuesday-includes-fixes-for-70-vulnerabilities/
BleepingComputer
Microsoft February 2019 Patch Tuesday Includes Fixes for 70 Vulnerabilities
Today is Microsoft's February 2019 Patch Tuesday, which means it is time to get those security updates installed. Included in this month's security updates is one for an actively exploited Internet Explorer vulnerability and another remote code executionβ¦
Windows 7 KB4486563 and Windows 8.1 KB4487000 Released
The February 2019 patches are also rolling out to PCs with Windows 7 and 8.1. The new monthly rollups for Windows 7 and Windows 8.1 comes with general security fixes and improvements. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-7-kb4486563-and-windows-81-kb4487000-released/
The February 2019 patches are also rolling out to PCs with Windows 7 and 8.1. The new monthly rollups for Windows 7 and Windows 8.1 comes with general security fixes and improvements. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-7-kb4486563-and-windows-81-kb4487000-released/
BleepingComputer
Windows 7 KB4486563 and Windows 8.1 KB4487000 Released
The February 2019 patches are also rolling out to PCs with Windows 7 and 8.1. The new monthly rollups for Windows 7 and Windows 8.1 comes with general security fixes and improvements.
Weird Phishing Campaign Uses Links With Almost 1,000 Characters
A targeted phishing campaign is underway that states your email has been blacklisted and then asks you to confirm it by entering your credentials. For some reason, this campaign is using phishing links that can contain almost 1,000 characters, which is enough to make anyone suspicious. [...]
https://www.bleepingcomputer.com/news/security/weird-phishing-campaign-uses-links-with-almost-1-000-characters/
A targeted phishing campaign is underway that states your email has been blacklisted and then asks you to confirm it by entering your credentials. For some reason, this campaign is using phishing links that can contain almost 1,000 characters, which is enough to make anyone suspicious. [...]
https://www.bleepingcomputer.com/news/security/weird-phishing-campaign-uses-links-with-almost-1-000-characters/
BleepingComputer
Weird Phishing Campaign Uses Links With Almost 1,000 Characters
A targeted phishing campaign is underway that states your email has been blacklisted and then asks you to confirm it by entering your credentials. For some reason, this campaign is using phishing links that can contain almost 1,000 characters, which is enoughβ¦
Microsoft Releases the February 2019 Updates for Office
Microsoft released the February 2019 Office Update containing a list of 19 security updates and 28 non-security updates, while also updating the Click-To-Run Office 2013 version to 15.0.5111.1001 in the process. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-the-february-2019-updates-for-office/
Microsoft released the February 2019 Office Update containing a list of 19 security updates and 28 non-security updates, while also updating the Click-To-Run Office 2013 version to 15.0.5111.1001 in the process. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-the-february-2019-updates-for-office/
BleepingComputer
Microsoft Releases the February 2019 Updates for Office
Microsoft released the February 2019 Office Update containing a list of 19 security updates and 28 non-security updates, while also updating the Click-To-Run Office 2013 version to 15.0.5111.1001 in the process.
The Scarlet Widow Gang Entraps Victims Using Romance Scams
We often hear about sextortion, business email compromise (BEC), and inheritance scams, but the often overlooked "Romance Scams" could be the most insidious of them all. Not only do victims lose money, but the emotional entanglement ultimately leads to heartbreak. [...]
https://www.bleepingcomputer.com/news/security/the-scarlet-widow-gang-entraps-victims-using-romance-scams/
We often hear about sextortion, business email compromise (BEC), and inheritance scams, but the often overlooked "Romance Scams" could be the most insidious of them all. Not only do victims lose money, but the emotional entanglement ultimately leads to heartbreak. [...]
https://www.bleepingcomputer.com/news/security/the-scarlet-widow-gang-entraps-victims-using-romance-scams/
BleepingComputer
The Scarlet Widow Gang Entraps Victims Using Romance Scams
We often hear about sextortion, business email compromise (BEC), and inheritance scams, but the often overlooked "Romance Scams" could be the most insidious of them all. Not only do victims lose money, but the emotional entanglement ultimately leads to heartbreak.
Canonical Snapd Vulnerability Gives Root Access in Linux
A researcher has discovered a new vulnerability called "Dirty_Sock" in the REST API for Canonical's snapd daemon that can allow attackers to gain root access on Linux machines. To illustrate how these vulnerabilities can be exploited, the researcher has released to PoCs that use different methods to elevate privileges. [...]
https://www.bleepingcomputer.com/news/security/canonical-snapd-vulnerability-gives-root-access-in-linux/
A researcher has discovered a new vulnerability called "Dirty_Sock" in the REST API for Canonical's snapd daemon that can allow attackers to gain root access on Linux machines. To illustrate how these vulnerabilities can be exploited, the researcher has released to PoCs that use different methods to elevate privileges. [...]
https://www.bleepingcomputer.com/news/security/canonical-snapd-vulnerability-gives-root-access-in-linux/
BleepingComputer
Canonical Snapd Vulnerability Gives Root Access in Linux
A researcher has discovered a new vulnerability called "Dirty_Sock" in the REST API for Canonical's snapd daemon that can allow attackers to gain root access on Linux machines. To illustrate how these vulnerabilities can be exploited, the researcher has releasedβ¦
New Astaroth Trojan Variant Exploits Anti-Malware Software to Steal Info
A new Astaroth Trojan campaign targeting Brazil and European countries is currently exploiting the Avast antivirus and security software developed by GAS Tecnologia to steal information and load malicious modules. [...]
https://www.bleepingcomputer.com/news/security/new-astaroth-trojan-variant-exploits-anti-malware-software-to-steal-info/
A new Astaroth Trojan campaign targeting Brazil and European countries is currently exploiting the Avast antivirus and security software developed by GAS Tecnologia to steal information and load malicious modules. [...]
https://www.bleepingcomputer.com/news/security/new-astaroth-trojan-variant-exploits-anti-malware-software-to-steal-info/
BleepingComputer
New Astaroth Trojan Variant Exploits Anti-Malware Software to Steal Info
A new Astaroth Trojan campaign targeting Brazil and European countries is currently exploiting the Avast antivirus and security software developed by GAS Tecnologia to steal information and load malicious modules.
Cisco Network Assurance Engine Bug Allows Login with Old Passwords
Cisco has issue a security advisory for Cisco Network Assurance Engine (NAE) Release 3.0(1) for a bug that causes password changes done via NAE to not be synchronized to the CLI of the associated device. This would allow a user to be able to gain access to a device via its CLI using the previous password. [...]
https://www.bleepingcomputer.com/news/security/cisco-network-assurance-engine-bug-allows-login-with-old-passwords/
Cisco has issue a security advisory for Cisco Network Assurance Engine (NAE) Release 3.0(1) for a bug that causes password changes done via NAE to not be synchronized to the CLI of the associated device. This would allow a user to be able to gain access to a device via its CLI using the previous password. [...]
https://www.bleepingcomputer.com/news/security/cisco-network-assurance-engine-bug-allows-login-with-old-passwords/
BleepingComputer
Cisco Network Assurance Engine Bug Allows Login with Old Passwords
Cisco has issue a security advisory for Cisco Network Assurance Engine (NAE) Release 3.0(1) for a bug that causes password changes done via NAE to not be synchronized to the CLI of the associated device. This would allow a user to be able to gain access toβ¦
OpenOffice Zero-Day Code Execution Flaw Gets Free Micropatch
A micropatch is now available for a zero-day OpenOffice code execution vulnerability which can be triggered via automated macro execution following a mouseover event when viewing a maliciously crafted ODT document. [...]
https://www.bleepingcomputer.com/news/security/openoffice-zero-day-code-execution-flaw-gets-free-micropatch/
A micropatch is now available for a zero-day OpenOffice code execution vulnerability which can be triggered via automated macro execution following a mouseover event when viewing a maliciously crafted ODT document. [...]
https://www.bleepingcomputer.com/news/security/openoffice-zero-day-code-execution-flaw-gets-free-micropatch/
BleepingComputer
OpenOffice Zero-Day Code Execution Flaw Gets Free Micropatch
A micropatch is now available for a zero-day OpenOffice code execution vulnerability which can be triggered via automated macro execution following a mouseover event when viewing a maliciously crafted ODT document.
Shlayer Malware Disables macOS Gatekeeper to Run Unsigned Payloads
A new variant of the multi-stage Shlayer malware known to target macOS users has been observed in the wild, now being capable to escalate privileges using a two-year-old technique and to disable the Gatekeeper protection mechanism to run unsigned second stage payloads. [...]
https://www.bleepingcomputer.com/news/security/shlayer-malware-disables-macos-gatekeeper-to-run-unsigned-payloads/
A new variant of the multi-stage Shlayer malware known to target macOS users has been observed in the wild, now being capable to escalate privileges using a two-year-old technique and to disable the Gatekeeper protection mechanism to run unsigned second stage payloads. [...]
https://www.bleepingcomputer.com/news/security/shlayer-malware-disables-macos-gatekeeper-to-run-unsigned-payloads/
BleepingComputer
Shlayer Malware Disables macOS Gatekeeper to Run Unsigned Payloads
A new variant of the multi-stage Shlayer malware known to target macOS users has been observed in the wild, now being capable to escalate privileges using a two-year-old technique and to disable the Gatekeeper protection mechanism to run unsigned second stageβ¦
South Korea is Censoring the Internet by Snooping on SNI Traffic
South Korea has been blocking HTTP websites that are on their censor list for a while now and they have recently started using SNI filtering to block their counterparts served over HTTPS. [...]
https://www.bleepingcomputer.com/news/security/south-korea-is-censoring-the-internet-by-snooping-on-sni-traffic/
South Korea has been blocking HTTP websites that are on their censor list for a while now and they have recently started using SNI filtering to block their counterparts served over HTTPS. [...]
https://www.bleepingcomputer.com/news/security/south-korea-is-censoring-the-internet-by-snooping-on-sni-traffic/
BleepingComputer
South Korea is Censoring the Internet by Snooping on SNI Traffic
South Korea has been blocking HTTP websites that are on their censor list for a while now and they have recently started using SNI filtering to block their counterparts served over HTTPS.
Mozilla Adds Persistent Private Browsing to Firefox for iOS
Mozilla announced the addition of persistent private browsing in the Firefox web browser for iOS which will allow users to stay in Private Browsing mode at all times, even between browsing sessions. [...]
https://www.bleepingcomputer.com/news/security/mozilla-adds-persistent-private-browsing-to-firefox-for-ios/
Mozilla announced the addition of persistent private browsing in the Firefox web browser for iOS which will allow users to stay in Private Browsing mode at all times, even between browsing sessions. [...]
https://www.bleepingcomputer.com/news/security/mozilla-adds-persistent-private-browsing-to-firefox-for-ios/
BleepingComputer
Mozilla Adds Persistent Private Browsing to Firefox for iOS
Mozilla announced the addition of persistent private browsing in the Firefox web browser for iOS which will allow users to stay in Private Browsing mode at all times, even between browsing sessions.
Ransomware Attacks Target MSPs to Mass-Infect Customers
Ransomware distributors have started to target managed service providers (MSPs) in order to mass-infect all of their clients in a single attack. Recent reports indicate that multiple MSPs have been hacked recently, which has led to hundreds, if not thousands, of clients being infected with the GandCrab Ransomware. [...]
https://www.bleepingcomputer.com/news/security/ransomware-attacks-target-msps-to-mass-infect-customers/
Ransomware distributors have started to target managed service providers (MSPs) in order to mass-infect all of their clients in a single attack. Recent reports indicate that multiple MSPs have been hacked recently, which has led to hundreds, if not thousands, of clients being infected with the GandCrab Ransomware. [...]
https://www.bleepingcomputer.com/news/security/ransomware-attacks-target-msps-to-mass-infect-customers/
BleepingComputer
Ransomware Attacks Target MSPs to Mass-Infect Customers
Ransomware distributors have started to target managed service providers (MSPs) in order to mass-infect all of their clients in a single attack. Recent reports indicate that multiple MSPs have been hacked recently, which has led to hundreds, if not thousandsβ¦
Microsoft Releases First Windows 10 20H1 Build 18836 To Skip Ahead Users
Microsoft has released the Windows 10 Insider Preview Build 18836, which is the first insider build in the 20H1 development branch. This build is available to Insiders in the Skip Ahead ring and is just a general bug fix without any new features. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-first-windows-10-20h1-build-18836-to-skip-ahead-users/
Microsoft has released the Windows 10 Insider Preview Build 18836, which is the first insider build in the 20H1 development branch. This build is available to Insiders in the Skip Ahead ring and is just a general bug fix without any new features. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-first-windows-10-20h1-build-18836-to-skip-ahead-users/
BleepingComputer
Microsoft Releases First Windows 10 20H1 Build 18836 To Skip Ahead Users
Microsoft has released the Windows 10 Insider Preview Build 18836, which is the first insider build in the 20H1 development branch. This build is available to Insiders in the Skip Ahead ring and is just a general bug fix without any new features.
Emotet Uses Camouflaged Malicious Macros to Avoid Antivirus Detection
A new Emotet Trojan variant has been observed in the wild with the added ability to hide from anti-malware software by embedding malicious macros used to drop the main payload inside XML files disguised as Word documents. [...]
https://www.bleepingcomputer.com/news/security/emotet-uses-camouflaged-malicious-macros-to-avoid-antivirus-detection/
A new Emotet Trojan variant has been observed in the wild with the added ability to hide from anti-malware software by embedding malicious macros used to drop the main payload inside XML files disguised as Word documents. [...]
https://www.bleepingcomputer.com/news/security/emotet-uses-camouflaged-malicious-macros-to-avoid-antivirus-detection/
BleepingComputer
Emotet Uses Camouflaged Malicious Macros to Avoid Antivirus Detection
A new Emotet Trojan variant has been observed in the wild with the added ability to hide from anti-malware software by embedding malicious macros used to drop the main payload inside XML files disguised as Word documents.
Coffee Meets Bagel Dating App Discloses Data Breach on Valentine's Day
As a Valentine's Day gift to all its users, online dating app Coffee Meets Bagel disclosed a data breach that contained user's email addresses and names. This data breach was discovered as part of a compilation of leaked credentials that was being sold on criminal marketplaces. [...]
https://www.bleepingcomputer.com/news/security/coffee-meets-bagel-dating-app-discloses-data-breach-on-valentines-day/
As a Valentine's Day gift to all its users, online dating app Coffee Meets Bagel disclosed a data breach that contained user's email addresses and names. This data breach was discovered as part of a compilation of leaked credentials that was being sold on criminal marketplaces. [...]
https://www.bleepingcomputer.com/news/security/coffee-meets-bagel-dating-app-discloses-data-breach-on-valentines-day/
BleepingComputer
Coffee Meets Bagel Dating App Discloses Data Breach on Valentine's Day
As a Valentine's Day gift to all its users, online dating app Coffee Meets Bagel disclosed a data breach that contained user's email addresses and names. This data breach was discovered as part of a compilation of leaked credentials that was being sold onβ¦
Google Rejected Roughly 55% More Android Apps in 2018, Still Not Enough
As revealed by Google in its 2018 Google Play Store yearly review, the company has rejected 55% more Android applications than it did in 2017, and also increased the app suspension rate by approximately 66 percent year-over-year. [...]
https://www.bleepingcomputer.com/news/google/google-rejected-roughly-55-percent-more-android-apps-in-2018-still-not-enough/
As revealed by Google in its 2018 Google Play Store yearly review, the company has rejected 55% more Android applications than it did in 2017, and also increased the app suspension rate by approximately 66 percent year-over-year. [...]
https://www.bleepingcomputer.com/news/google/google-rejected-roughly-55-percent-more-android-apps-in-2018-still-not-enough/
BleepingComputer
Google Rejected Roughly 55% More Android Apps in 2018, Still Not Enough
As revealed by Google in its 2018 Google Play Store yearly review, the company has rejected 55% more Android applications than it did in 2017, and also increased the app suspension rate by approximately 66 percent year-over-year.