Microsoft Edge Secret Whitelist Allows Facebook to Autorun Flash
Microsoft's Edge web browser comes with a hidden whitelist file designed to allow Facebook to circumvent the built-in click-to-play security policy to autorun Flash content without having to ask for user consent. [...]
https://www.bleepingcomputer.com/news/security/microsoft-edge-secret-whitelist-allows-facebook-to-autorun-flash/
Microsoft's Edge web browser comes with a hidden whitelist file designed to allow Facebook to circumvent the built-in click-to-play security policy to autorun Flash content without having to ask for user consent. [...]
https://www.bleepingcomputer.com/news/security/microsoft-edge-secret-whitelist-allows-facebook-to-autorun-flash/
BleepingComputer
Microsoft Edge Secret Whitelist Allows Facebook to Autorun Flash
Microsoft's Edge web browser comes with a hidden whitelist file designed to allow Facebook to circumvent the built-in click-to-play security policy to autorun Flash content without having to ask for user consent.
Mozilla Firefox 67 to Warn About Breached Sites Using New Add-On
Firefox Monitor is a Mozilla service that has partnered with Have I been Pwned to alert users when their email address has been discovered in a data breach. In the past, Firefox Monitor was a standalone service, but starting in Firefox 67 it will now be included as an extension. [...]
https://www.bleepingcomputer.com/news/software/mozilla-firefox-67-to-warn-about-breached-sites-using-new-add-on/
Firefox Monitor is a Mozilla service that has partnered with Have I been Pwned to alert users when their email address has been discovered in a data breach. In the past, Firefox Monitor was a standalone service, but starting in Firefox 67 it will now be included as an extension. [...]
https://www.bleepingcomputer.com/news/software/mozilla-firefox-67-to-warn-about-breached-sites-using-new-add-on/
BleepingComputer
Mozilla Firefox 67 to Warn About Breached Sites Using New Add-On
Firefox Monitor is a Mozilla service that has partnered with Have I been Pwned to alert users when their email address has been discovered in a data breach. In the past, Firefox Monitor was a standalone service, but starting in Firefox 67 it will now be includedβ¦
GandCrab Ransomware Affiliates Continue to Push Decryptable Versions
GandCrab Ransomware affiliates are doing their victims a favor by screwing up and distributing a version of the ransomware that can be decrypted for free. [...]
https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-affiliates-continue-to-push-decryptable-versions/
GandCrab Ransomware affiliates are doing their victims a favor by screwing up and distributing a version of the ransomware that can be decrypted for free. [...]
https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-affiliates-continue-to-push-decryptable-versions/
BleepingComputer
GandCrab Ransomware Affiliates Continue to Push Decryptable Versions
GandCrab Ransomware affiliates are doing their victims a favor by screwing up and distributing a version of the ransomware that can be decrypted for free.
Drupal Fixes Highly Critical Vulnerability
Administrators of websites running the Drupal content management software (CMS) are urged to take immediate action to mitigate a newly discovered a vulnerability that can lead to remote execution of PHP code under specific circumstances. [...]
https://www.bleepingcomputer.com/news/security/drupal-fixes-highly-critical-vulnerability/
Administrators of websites running the Drupal content management software (CMS) are urged to take immediate action to mitigate a newly discovered a vulnerability that can lead to remote execution of PHP code under specific circumstances. [...]
https://www.bleepingcomputer.com/news/security/drupal-fixes-highly-critical-vulnerability/
BleepingComputer
Drupal Fixes βHighly Criticalβ Vulnerability
Administrators of websites running the Drupal content management software (CMS) are urged to take immediate action to mitigate a newly discovered a vulnerability that can lead to remote execution of PHP code under specific circumstances.
Windows Servers Vulnerable to IIS Resource Exhaustion DoS Attacks
Microsoft published a security advisory on its Security Response Center which discloses that Windows Server and Windows 10 servers running Internet Information Services (IIS) are vulnerable to denial of service (DOS) attacks. [...]
https://www.bleepingcomputer.com/news/security/windows-servers-vulnerable-to-iis-resource-exhaustion-dos-attacks/
Microsoft published a security advisory on its Security Response Center which discloses that Windows Server and Windows 10 servers running Internet Information Services (IIS) are vulnerable to denial of service (DOS) attacks. [...]
https://www.bleepingcomputer.com/news/security/windows-servers-vulnerable-to-iis-resource-exhaustion-dos-attacks/
BleepingComputer
Windows Servers Vulnerable to IIS Resource Exhaustion DoS Attacks
Microsoft published a security advisory on its Security Response Center which discloses that Windows Server and Windows 10 servers running Internet Information Services (IIS) are vulnerable to denial of service (DOS) attacks.
Adobe Patches Critical Information Disclosure Flaw in Reader, Again
Adobe issued a security update to address a bypass for the CVE-2019-7089 zero-day patch issued on February 12, which would lead to sensitive information disclosure in the context of the current user in vulnerable Adobe Acrobat and Reader for Windows and macOS [...]
https://www.bleepingcomputer.com/news/security/adobe-patches-critical-information-disclosure-flaw-in-reader-again/
Adobe issued a security update to address a bypass for the CVE-2019-7089 zero-day patch issued on February 12, which would lead to sensitive information disclosure in the context of the current user in vulnerable Adobe Acrobat and Reader for Windows and macOS [...]
https://www.bleepingcomputer.com/news/security/adobe-patches-critical-information-disclosure-flaw-in-reader-again/
BleepingComputer
Adobe Patches Critical Information Disclosure Flaw in Reader, Again
Adobe issued a security update to address a bypass for the CVE-2019-7089 zero-day patch issued on February 12, which would lead to sensitive information disclosure in the context of the current user in vulnerable Adobe Acrobat and Reader for Windows and macOS
Malware Campaigns Target Users of Pornhub, XVideos, Other Adult Websites
People who visit adult websites are being exposed on a daily basis to malware, phishing, and malicious spam campaigns, with premium accounts used on these websites that get stolen ending up on dark web markets. [...]
https://www.bleepingcomputer.com/news/security/malware-campaigns-target-users-of-pornhub-xvideos-other-adult-websites/
People who visit adult websites are being exposed on a daily basis to malware, phishing, and malicious spam campaigns, with premium accounts used on these websites that get stolen ending up on dark web markets. [...]
https://www.bleepingcomputer.com/news/security/malware-campaigns-target-users-of-pornhub-xvideos-other-adult-websites/
BleepingComputer
Malware Campaigns Target Users of PornHub, XVideos, Other Adult Websites
People who visit adult websites are being exposed on a daily basis to malware, phishing, and malicious spam campaigns, with premium accounts used on these websites that get stolen ending up on dark web markets.
Apple Adds Better Cross-Site Tracking Prevention in iOS 12.2 Beta and Safari 12.1
The beta releases of iOS 12.2 and Safari 12.1 on macOS High Sierra and Mojave include an updated version of the WebKit Intelligent Tracking Prevention (ITP) feature that will further decrease trackers' ability to trace user identities across websites. [...]
https://www.bleepingcomputer.com/news/security/apple-adds-better-cross-site-tracking-prevention-in-ios-122-beta-and-safari-121/
The beta releases of iOS 12.2 and Safari 12.1 on macOS High Sierra and Mojave include an updated version of the WebKit Intelligent Tracking Prevention (ITP) feature that will further decrease trackers' ability to trace user identities across websites. [...]
https://www.bleepingcomputer.com/news/security/apple-adds-better-cross-site-tracking-prevention-in-ios-122-beta-and-safari-121/
BleepingComputer
Apple Adds Better Cross-Site Tracking Prevention in iOS 12.2 Beta and Safari 12.1
The beta releases of iOS 12.2 and Safari 12.1 on macOS High Sierra and Mojave include an updated version of the WebKit Intelligent Tracking Prevention (ITP) feature that will further decrease trackers' ability to trace user identities across websites.
Cr1ptT0r Ransomware Targets Embedded Systems, Infects D-Link NAS Gear
A new ransomware called Cr1ptT0r built for embedded systems targets network attached storage (NAS) equipment exposed to the internet to encrypt data available on it. [...]
https://www.bleepingcomputer.com/news/security/cr1ptt0r-ransomware-targets-embedded-systems-infects-d-link-nas-gear/
A new ransomware called Cr1ptT0r built for embedded systems targets network attached storage (NAS) equipment exposed to the internet to encrypt data available on it. [...]
https://www.bleepingcomputer.com/news/security/cr1ptt0r-ransomware-targets-embedded-systems-infects-d-link-nas-gear/
BleepingComputer
Cr1ptT0r Ransomware Targets Embedded Systems, Infects D-Link NAS Gear
A new ransomware called Cr1ptT0r built for embedded systems targets network attached storage (NAS) equipment exposed to the internet to encrypt data available on it.
19-Year Old WinRAR RCE Vulnerability Gets Micropatch Which Keeps ACE Support
A micropatch was released to fix a 19-year old arbitrary code execution vulnerability impacting 500 million users of the WinRAR compression tool and to keep ACE support after the app's devs removed it when they patched the security issue. [...]
https://www.bleepingcomputer.com/news/security/19-year-old-winrar-rce-vulnerability-gets-micropatch-which-keeps-ace-support/
A micropatch was released to fix a 19-year old arbitrary code execution vulnerability impacting 500 million users of the WinRAR compression tool and to keep ACE support after the app's devs removed it when they patched the security issue. [...]
https://www.bleepingcomputer.com/news/security/19-year-old-winrar-rce-vulnerability-gets-micropatch-which-keeps-ace-support/
BleepingComputer
19-Year Old WinRAR RCE Vulnerability Gets Micropatch Which Keeps ACE Support
A micropatch was released to fix a 19-year old arbitrary code execution vulnerability impacting 500 million users of the WinRAR compression tool and to keep ACE support after the app's devs removed it when they patched the security issue.
DDoS Attacks Ranked As Highest Threat by Enterprises
US and EMEA security professionals interviewed by the Neustar International Security Council (NISC) in January 2019 said that DDoS attacks are perceived as the highest threat to their organizations, with roughly half of their companies having been attacked in 2018. [...]
https://www.bleepingcomputer.com/news/security/ddos-attacks-ranked-as-highest-threat-by-enterprises/
US and EMEA security professionals interviewed by the Neustar International Security Council (NISC) in January 2019 said that DDoS attacks are perceived as the highest threat to their organizations, with roughly half of their companies having been attacked in 2018. [...]
https://www.bleepingcomputer.com/news/security/ddos-attacks-ranked-as-highest-threat-by-enterprises/
BleepingComputer
DDoS Attacks Ranked As Highest Threat by Enterprises
US and EMEA security professionals interviewed by the Neustar International Security Council (NISC) in January 2019 said that DDoS attacks are perceived as the highest threat to their organizations, with roughly half of their companies having been attackedβ¦
Windows 10 20H1 Build 18841 Released to Skip Ahead Insiders
Windows 10 20H1 Build 18841 is out for Insiders part of the Skip Ahead and it comes with normal bug fixes as Microsoft isn't ready to test new features yet. This build is from the 20H1 development branch. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-20h1-build-18841-released-to-skip-ahead-insiders/
Windows 10 20H1 Build 18841 is out for Insiders part of the Skip Ahead and it comes with normal bug fixes as Microsoft isn't ready to test new features yet. This build is from the 20H1 development branch. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-20h1-build-18841-released-to-skip-ahead-insiders/
BleepingComputer
Windows 10 20H1 Build 18841 Released to Skip Ahead Insiders
Windows 10 20H1 Build 18841 is out for Insiders part of the Skip Ahead and it comes with normal bug fixes as Microsoft isn't ready to test new features yet. This build is from the 20H1 development branch.
Office 365 Phishing Page Comes with Live Chat Support
Scammers handling a phishing website for Office 365 credentials added live support to add to the illusion of legitimacy necessary to trick victims. [...]
https://www.bleepingcomputer.com/news/security/office-365-phishing-page-comes-with-live-chat-support/
Scammers handling a phishing website for Office 365 credentials added live support to add to the illusion of legitimacy necessary to trick victims. [...]
https://www.bleepingcomputer.com/news/security/office-365-phishing-page-comes-with-live-chat-support/
BleepingComputer
Office 365 Phishing Page Comes with Live Chat Support
Scammers handling a phishing website for Office 365 credentials added live support to add to the illusion of legitimacy necessary to trick victims.
Windows 10 Build 18343 Released to Insiders with Windows Sandbox Improvements
Windows 10 19H1 Build 18343 is now rolling out to the Windows Insiders in the Fast Ring with improvements for Windows Sandbox and general bug fixes. Windows 10 Build 18343 comes from the 19H1 development and changes in this release will be shipped to the public with Windows 10 April 2019 Update. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-build-18343-released-to-insiders-with-windows-sandbox-improvements/
Windows 10 19H1 Build 18343 is now rolling out to the Windows Insiders in the Fast Ring with improvements for Windows Sandbox and general bug fixes. Windows 10 Build 18343 comes from the 19H1 development and changes in this release will be shipped to the public with Windows 10 April 2019 Update. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-build-18343-released-to-insiders-with-windows-sandbox-improvements/
BleepingComputer
Windows 10 Build 18343 Released to Insiders with Windows Sandbox Improvements
Windows 10 19H1 Build 18343 is now rolling out to the Windows Insiders in the Fast Ring with improvements for Windows Sandbox and general bug fixes. Windows 10 Build 18343 comes from the 19H1 development and changes in this release will be shipped to theβ¦
Tax Returns Exposed in TurboTax Credential Stuffing Attacks
Financial software company Intuit discovered that tax return info was accessed by an unauthorized party after an undisclosed number of TurboTax tax preparation software accounts were breached in a credential stuffing attack. [...]
https://www.bleepingcomputer.com/news/security/tax-returns-exposed-in-turbotax-credential-stuffing-attacks/
Financial software company Intuit discovered that tax return info was accessed by an unauthorized party after an undisclosed number of TurboTax tax preparation software accounts were breached in a credential stuffing attack. [...]
https://www.bleepingcomputer.com/news/security/tax-returns-exposed-in-turbotax-credential-stuffing-attacks/
BleepingComputer
Tax Returns Exposed in TurboTax Credential Stuffing Attacks
Financial software company Intuit discovered that tax return info was accessed by an unauthorized party after an undisclosed number of TurboTax tax preparation software accounts were breached in a credential stuffing attack.
NY Governor Cuomo Calls For Investigation on Facebook Health Data Collection
New York Governor Andrew M. Cuomo stated that a number of state agencies including the Department of State and the Department of Financial Services will investigate Facebook health data acquisition practices exposed by The Wall Street Journal. [...]
https://www.bleepingcomputer.com/news/technology/ny-governor-cuomo-calls-for-investigation-on-facebook-health-data-collection/
New York Governor Andrew M. Cuomo stated that a number of state agencies including the Department of State and the Department of Financial Services will investigate Facebook health data acquisition practices exposed by The Wall Street Journal. [...]
https://www.bleepingcomputer.com/news/technology/ny-governor-cuomo-calls-for-investigation-on-facebook-health-data-collection/
BleepingComputer
NY Governor Cuomo Calls For Investigation on Facebook Health Data Collection
New York Governor Andrew M. Cuomo stated that a number of state agencies including the Department of State and the Department of Financial Services will investigate Facebook health data acquisition practices exposed by The Wall Street Journal.
LinkedIn Messaging Abused to Target US Companies With Backdoors
A series of malware campaigns that push the More_eggs backdoor via fake jobs offers are targeting employees of US companies which use shopping portals and similar online payment systems. [...]
https://www.bleepingcomputer.com/news/security/linkedin-messaging-abused-to-target-us-companies-with-backdoors/
A series of malware campaigns that push the More_eggs backdoor via fake jobs offers are targeting employees of US companies which use shopping portals and similar online payment systems. [...]
https://www.bleepingcomputer.com/news/security/linkedin-messaging-abused-to-target-us-companies-with-backdoors/
BleepingComputer
LinkedIn Messaging Abused to Target US Companies With Backdoors
A series of malware campaigns that push the More_eggs backdoor via fake jobs offers are targeting employees of US companies which use shopping portals and similar online payment systems.
B0r0nt0K Ransomware Wants $75,000 Ransom, Infects Linux Servers
A new ransomware called B0r0nt0K is encrypting victim's web sites and demanding a 20 bitcoin, or approximately $75,000, ransom. This ransomware is known to infect Linux servers, but may also be able to encrypt users running Windows. [...]
https://www.bleepingcomputer.com/news/security/b0r0nt0k-ransomware-wants-75-000-ransom-infects-linux-servers/
A new ransomware called B0r0nt0K is encrypting victim's web sites and demanding a 20 bitcoin, or approximately $75,000, ransom. This ransomware is known to infect Linux servers, but may also be able to encrypt users running Windows. [...]
https://www.bleepingcomputer.com/news/security/b0r0nt0k-ransomware-wants-75-000-ransom-infects-linux-servers/
BleepingComputer
B0r0nt0K Ransomware Wants $75,000 Ransom, Infects Linux Servers
A new ransomware called B0r0nt0K is encrypting victim's web sites and demanding a 20 bitcoin, or approximately $75,000, ransom. This ransomware is known to infect Linux servers, but may also be able to encrypt users running Windows.
CyberSecurity Firm Darkmatter Request to be Trusted Root CA Raises Concerns
A United Arab Emirates based cybersecurity company named DarkMatter wants to become a trusted root certificate authority in Firefox and security professionals around the world are concerned. [...]
https://www.bleepingcomputer.com/news/security/cybersecurity-firm-darkmatter-request-to-be-trusted-root-ca-raises-concerns/
A United Arab Emirates based cybersecurity company named DarkMatter wants to become a trusted root certificate authority in Firefox and security professionals around the world are concerned. [...]
https://www.bleepingcomputer.com/news/security/cybersecurity-firm-darkmatter-request-to-be-trusted-root-ca-raises-concerns/
BleepingComputer
CyberSecurity Firm Darkmatter Request to be Trusted Root CA Raises Concerns
A United Arab Emirates based cybersecurity company named DarkMatter wants to become a trusted root certificate authority in Firefox and security professionals around the world are concerned.
NVIDIA Patches Security Issues in GPU Display Driver for Windows, Linux
NVIDIA released a security update for the NVIDIA GPU Display Driver software designed to patch eight security issues that could lead to code execution, escalation of privileges, denial of service, or information disclosure on both Windows and Linux machines. [...]
https://www.bleepingcomputer.com/news/security/nvidia-patches-security-issues-in-gpu-display-driver-for-windows-linux/
NVIDIA released a security update for the NVIDIA GPU Display Driver software designed to patch eight security issues that could lead to code execution, escalation of privileges, denial of service, or information disclosure on both Windows and Linux machines. [...]
https://www.bleepingcomputer.com/news/security/nvidia-patches-security-issues-in-gpu-display-driver-for-windows-linux/
BleepingComputer
NVIDIA Patches Security Issues in GPU Display Driver for Windows, Linux
NVIDIA released a security update for the NVIDIA GPU Display Driver software designed to patch eight security issues that could lead to code execution, escalation of privileges, denial of service, or information disclosure on both Windows and Linux machines.