Adobe Patches Critical Information Disclosure Flaw in Reader, Again
Adobe issued a security update to address a bypass for the CVE-2019-7089 zero-day patch issued on February 12, which would lead to sensitive information disclosure in the context of the current user in vulnerable Adobe Acrobat and Reader for Windows and macOS [...]
https://www.bleepingcomputer.com/news/security/adobe-patches-critical-information-disclosure-flaw-in-reader-again/
Adobe issued a security update to address a bypass for the CVE-2019-7089 zero-day patch issued on February 12, which would lead to sensitive information disclosure in the context of the current user in vulnerable Adobe Acrobat and Reader for Windows and macOS [...]
https://www.bleepingcomputer.com/news/security/adobe-patches-critical-information-disclosure-flaw-in-reader-again/
BleepingComputer
Adobe Patches Critical Information Disclosure Flaw in Reader, Again
Adobe issued a security update to address a bypass for the CVE-2019-7089 zero-day patch issued on February 12, which would lead to sensitive information disclosure in the context of the current user in vulnerable Adobe Acrobat and Reader for Windows and macOS
Malware Campaigns Target Users of Pornhub, XVideos, Other Adult Websites
People who visit adult websites are being exposed on a daily basis to malware, phishing, and malicious spam campaigns, with premium accounts used on these websites that get stolen ending up on dark web markets. [...]
https://www.bleepingcomputer.com/news/security/malware-campaigns-target-users-of-pornhub-xvideos-other-adult-websites/
People who visit adult websites are being exposed on a daily basis to malware, phishing, and malicious spam campaigns, with premium accounts used on these websites that get stolen ending up on dark web markets. [...]
https://www.bleepingcomputer.com/news/security/malware-campaigns-target-users-of-pornhub-xvideos-other-adult-websites/
BleepingComputer
Malware Campaigns Target Users of PornHub, XVideos, Other Adult Websites
People who visit adult websites are being exposed on a daily basis to malware, phishing, and malicious spam campaigns, with premium accounts used on these websites that get stolen ending up on dark web markets.
Apple Adds Better Cross-Site Tracking Prevention in iOS 12.2 Beta and Safari 12.1
The beta releases of iOS 12.2 and Safari 12.1 on macOS High Sierra and Mojave include an updated version of the WebKit Intelligent Tracking Prevention (ITP) feature that will further decrease trackers' ability to trace user identities across websites. [...]
https://www.bleepingcomputer.com/news/security/apple-adds-better-cross-site-tracking-prevention-in-ios-122-beta-and-safari-121/
The beta releases of iOS 12.2 and Safari 12.1 on macOS High Sierra and Mojave include an updated version of the WebKit Intelligent Tracking Prevention (ITP) feature that will further decrease trackers' ability to trace user identities across websites. [...]
https://www.bleepingcomputer.com/news/security/apple-adds-better-cross-site-tracking-prevention-in-ios-122-beta-and-safari-121/
BleepingComputer
Apple Adds Better Cross-Site Tracking Prevention in iOS 12.2 Beta and Safari 12.1
The beta releases of iOS 12.2 and Safari 12.1 on macOS High Sierra and Mojave include an updated version of the WebKit Intelligent Tracking Prevention (ITP) feature that will further decrease trackers' ability to trace user identities across websites.
Cr1ptT0r Ransomware Targets Embedded Systems, Infects D-Link NAS Gear
A new ransomware called Cr1ptT0r built for embedded systems targets network attached storage (NAS) equipment exposed to the internet to encrypt data available on it. [...]
https://www.bleepingcomputer.com/news/security/cr1ptt0r-ransomware-targets-embedded-systems-infects-d-link-nas-gear/
A new ransomware called Cr1ptT0r built for embedded systems targets network attached storage (NAS) equipment exposed to the internet to encrypt data available on it. [...]
https://www.bleepingcomputer.com/news/security/cr1ptt0r-ransomware-targets-embedded-systems-infects-d-link-nas-gear/
BleepingComputer
Cr1ptT0r Ransomware Targets Embedded Systems, Infects D-Link NAS Gear
A new ransomware called Cr1ptT0r built for embedded systems targets network attached storage (NAS) equipment exposed to the internet to encrypt data available on it.
19-Year Old WinRAR RCE Vulnerability Gets Micropatch Which Keeps ACE Support
A micropatch was released to fix a 19-year old arbitrary code execution vulnerability impacting 500 million users of the WinRAR compression tool and to keep ACE support after the app's devs removed it when they patched the security issue. [...]
https://www.bleepingcomputer.com/news/security/19-year-old-winrar-rce-vulnerability-gets-micropatch-which-keeps-ace-support/
A micropatch was released to fix a 19-year old arbitrary code execution vulnerability impacting 500 million users of the WinRAR compression tool and to keep ACE support after the app's devs removed it when they patched the security issue. [...]
https://www.bleepingcomputer.com/news/security/19-year-old-winrar-rce-vulnerability-gets-micropatch-which-keeps-ace-support/
BleepingComputer
19-Year Old WinRAR RCE Vulnerability Gets Micropatch Which Keeps ACE Support
A micropatch was released to fix a 19-year old arbitrary code execution vulnerability impacting 500 million users of the WinRAR compression tool and to keep ACE support after the app's devs removed it when they patched the security issue.
DDoS Attacks Ranked As Highest Threat by Enterprises
US and EMEA security professionals interviewed by the Neustar International Security Council (NISC) in January 2019 said that DDoS attacks are perceived as the highest threat to their organizations, with roughly half of their companies having been attacked in 2018. [...]
https://www.bleepingcomputer.com/news/security/ddos-attacks-ranked-as-highest-threat-by-enterprises/
US and EMEA security professionals interviewed by the Neustar International Security Council (NISC) in January 2019 said that DDoS attacks are perceived as the highest threat to their organizations, with roughly half of their companies having been attacked in 2018. [...]
https://www.bleepingcomputer.com/news/security/ddos-attacks-ranked-as-highest-threat-by-enterprises/
BleepingComputer
DDoS Attacks Ranked As Highest Threat by Enterprises
US and EMEA security professionals interviewed by the Neustar International Security Council (NISC) in January 2019 said that DDoS attacks are perceived as the highest threat to their organizations, with roughly half of their companies having been attackedβ¦
Windows 10 20H1 Build 18841 Released to Skip Ahead Insiders
Windows 10 20H1 Build 18841 is out for Insiders part of the Skip Ahead and it comes with normal bug fixes as Microsoft isn't ready to test new features yet. This build is from the 20H1 development branch. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-20h1-build-18841-released-to-skip-ahead-insiders/
Windows 10 20H1 Build 18841 is out for Insiders part of the Skip Ahead and it comes with normal bug fixes as Microsoft isn't ready to test new features yet. This build is from the 20H1 development branch. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-20h1-build-18841-released-to-skip-ahead-insiders/
BleepingComputer
Windows 10 20H1 Build 18841 Released to Skip Ahead Insiders
Windows 10 20H1 Build 18841 is out for Insiders part of the Skip Ahead and it comes with normal bug fixes as Microsoft isn't ready to test new features yet. This build is from the 20H1 development branch.
Office 365 Phishing Page Comes with Live Chat Support
Scammers handling a phishing website for Office 365 credentials added live support to add to the illusion of legitimacy necessary to trick victims. [...]
https://www.bleepingcomputer.com/news/security/office-365-phishing-page-comes-with-live-chat-support/
Scammers handling a phishing website for Office 365 credentials added live support to add to the illusion of legitimacy necessary to trick victims. [...]
https://www.bleepingcomputer.com/news/security/office-365-phishing-page-comes-with-live-chat-support/
BleepingComputer
Office 365 Phishing Page Comes with Live Chat Support
Scammers handling a phishing website for Office 365 credentials added live support to add to the illusion of legitimacy necessary to trick victims.
Windows 10 Build 18343 Released to Insiders with Windows Sandbox Improvements
Windows 10 19H1 Build 18343 is now rolling out to the Windows Insiders in the Fast Ring with improvements for Windows Sandbox and general bug fixes. Windows 10 Build 18343 comes from the 19H1 development and changes in this release will be shipped to the public with Windows 10 April 2019 Update. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-build-18343-released-to-insiders-with-windows-sandbox-improvements/
Windows 10 19H1 Build 18343 is now rolling out to the Windows Insiders in the Fast Ring with improvements for Windows Sandbox and general bug fixes. Windows 10 Build 18343 comes from the 19H1 development and changes in this release will be shipped to the public with Windows 10 April 2019 Update. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-build-18343-released-to-insiders-with-windows-sandbox-improvements/
BleepingComputer
Windows 10 Build 18343 Released to Insiders with Windows Sandbox Improvements
Windows 10 19H1 Build 18343 is now rolling out to the Windows Insiders in the Fast Ring with improvements for Windows Sandbox and general bug fixes. Windows 10 Build 18343 comes from the 19H1 development and changes in this release will be shipped to theβ¦
Tax Returns Exposed in TurboTax Credential Stuffing Attacks
Financial software company Intuit discovered that tax return info was accessed by an unauthorized party after an undisclosed number of TurboTax tax preparation software accounts were breached in a credential stuffing attack. [...]
https://www.bleepingcomputer.com/news/security/tax-returns-exposed-in-turbotax-credential-stuffing-attacks/
Financial software company Intuit discovered that tax return info was accessed by an unauthorized party after an undisclosed number of TurboTax tax preparation software accounts were breached in a credential stuffing attack. [...]
https://www.bleepingcomputer.com/news/security/tax-returns-exposed-in-turbotax-credential-stuffing-attacks/
BleepingComputer
Tax Returns Exposed in TurboTax Credential Stuffing Attacks
Financial software company Intuit discovered that tax return info was accessed by an unauthorized party after an undisclosed number of TurboTax tax preparation software accounts were breached in a credential stuffing attack.
NY Governor Cuomo Calls For Investigation on Facebook Health Data Collection
New York Governor Andrew M. Cuomo stated that a number of state agencies including the Department of State and the Department of Financial Services will investigate Facebook health data acquisition practices exposed by The Wall Street Journal. [...]
https://www.bleepingcomputer.com/news/technology/ny-governor-cuomo-calls-for-investigation-on-facebook-health-data-collection/
New York Governor Andrew M. Cuomo stated that a number of state agencies including the Department of State and the Department of Financial Services will investigate Facebook health data acquisition practices exposed by The Wall Street Journal. [...]
https://www.bleepingcomputer.com/news/technology/ny-governor-cuomo-calls-for-investigation-on-facebook-health-data-collection/
BleepingComputer
NY Governor Cuomo Calls For Investigation on Facebook Health Data Collection
New York Governor Andrew M. Cuomo stated that a number of state agencies including the Department of State and the Department of Financial Services will investigate Facebook health data acquisition practices exposed by The Wall Street Journal.
LinkedIn Messaging Abused to Target US Companies With Backdoors
A series of malware campaigns that push the More_eggs backdoor via fake jobs offers are targeting employees of US companies which use shopping portals and similar online payment systems. [...]
https://www.bleepingcomputer.com/news/security/linkedin-messaging-abused-to-target-us-companies-with-backdoors/
A series of malware campaigns that push the More_eggs backdoor via fake jobs offers are targeting employees of US companies which use shopping portals and similar online payment systems. [...]
https://www.bleepingcomputer.com/news/security/linkedin-messaging-abused-to-target-us-companies-with-backdoors/
BleepingComputer
LinkedIn Messaging Abused to Target US Companies With Backdoors
A series of malware campaigns that push the More_eggs backdoor via fake jobs offers are targeting employees of US companies which use shopping portals and similar online payment systems.
B0r0nt0K Ransomware Wants $75,000 Ransom, Infects Linux Servers
A new ransomware called B0r0nt0K is encrypting victim's web sites and demanding a 20 bitcoin, or approximately $75,000, ransom. This ransomware is known to infect Linux servers, but may also be able to encrypt users running Windows. [...]
https://www.bleepingcomputer.com/news/security/b0r0nt0k-ransomware-wants-75-000-ransom-infects-linux-servers/
A new ransomware called B0r0nt0K is encrypting victim's web sites and demanding a 20 bitcoin, or approximately $75,000, ransom. This ransomware is known to infect Linux servers, but may also be able to encrypt users running Windows. [...]
https://www.bleepingcomputer.com/news/security/b0r0nt0k-ransomware-wants-75-000-ransom-infects-linux-servers/
BleepingComputer
B0r0nt0K Ransomware Wants $75,000 Ransom, Infects Linux Servers
A new ransomware called B0r0nt0K is encrypting victim's web sites and demanding a 20 bitcoin, or approximately $75,000, ransom. This ransomware is known to infect Linux servers, but may also be able to encrypt users running Windows.
CyberSecurity Firm Darkmatter Request to be Trusted Root CA Raises Concerns
A United Arab Emirates based cybersecurity company named DarkMatter wants to become a trusted root certificate authority in Firefox and security professionals around the world are concerned. [...]
https://www.bleepingcomputer.com/news/security/cybersecurity-firm-darkmatter-request-to-be-trusted-root-ca-raises-concerns/
A United Arab Emirates based cybersecurity company named DarkMatter wants to become a trusted root certificate authority in Firefox and security professionals around the world are concerned. [...]
https://www.bleepingcomputer.com/news/security/cybersecurity-firm-darkmatter-request-to-be-trusted-root-ca-raises-concerns/
BleepingComputer
CyberSecurity Firm Darkmatter Request to be Trusted Root CA Raises Concerns
A United Arab Emirates based cybersecurity company named DarkMatter wants to become a trusted root certificate authority in Firefox and security professionals around the world are concerned.
NVIDIA Patches Security Issues in GPU Display Driver for Windows, Linux
NVIDIA released a security update for the NVIDIA GPU Display Driver software designed to patch eight security issues that could lead to code execution, escalation of privileges, denial of service, or information disclosure on both Windows and Linux machines. [...]
https://www.bleepingcomputer.com/news/security/nvidia-patches-security-issues-in-gpu-display-driver-for-windows-linux/
NVIDIA released a security update for the NVIDIA GPU Display Driver software designed to patch eight security issues that could lead to code execution, escalation of privileges, denial of service, or information disclosure on both Windows and Linux machines. [...]
https://www.bleepingcomputer.com/news/security/nvidia-patches-security-issues-in-gpu-display-driver-for-windows-linux/
BleepingComputer
NVIDIA Patches Security Issues in GPU Display Driver for Windows, Linux
NVIDIA released a security update for the NVIDIA GPU Display Driver software designed to patch eight security issues that could lead to code execution, escalation of privileges, denial of service, or information disclosure on both Windows and Linux machines.
Smart Homes at Risk Due to Unpatched Vulnerabilities, Weak Credentials
40.8% of smart homes have at least one device vulnerable to remote attacks, a third of them being vulnerable because of outdated software with unpatched security issues, while more than two-thirds are exposed by weak credentials. [...]
https://www.bleepingcomputer.com/news/security/smart-homes-at-risk-due-to-unpatched-vulnerabilities-weak-credentials/
40.8% of smart homes have at least one device vulnerable to remote attacks, a third of them being vulnerable because of outdated software with unpatched security issues, while more than two-thirds are exposed by weak credentials. [...]
https://www.bleepingcomputer.com/news/security/smart-homes-at-risk-due-to-unpatched-vulnerabilities-weak-credentials/
BleepingComputer
Smart Homes at Risk Due to Unpatched Vulnerabilities, Weak Credentials
40.8% of smart homes have at least one device vulnerable to remote attacks, a third of them being vulnerable because of outdated software with unpatched security issues, while more than two-thirds are exposed by weak credentials.
Malspam Exploits WinRAR ACE Vulnerability to Install a Backdoor
Researchers have discovered a malspam campaign that is distributing a a malicious RAR archive that may be the first one to exploit the newly discovered WinRAR ACE vulnerability to install malware on a computer. [...]
https://www.bleepingcomputer.com/news/security/malspam-exploits-winrar-ace-vulnerability-to-install-a-backdoor/
Researchers have discovered a malspam campaign that is distributing a a malicious RAR archive that may be the first one to exploit the newly discovered WinRAR ACE vulnerability to install malware on a computer. [...]
https://www.bleepingcomputer.com/news/security/malspam-exploits-winrar-ace-vulnerability-to-install-a-backdoor/
BleepingComputer
Malspam Exploits WinRAR ACE Vulnerability to Install a Backdoor
Researchers have discovered a malspam campaign that is distributing a a malicious RAR archive that may be the first one to exploit the newly discovered WinRAR ACE vulnerability to install malware on a computer.
Apex Legends Fans Targeted with Malware and Scam Campaigns
Apex Legends fans who want to play the game on mobile devices are being actively targeted by scam and malware campaigns which promise to deliver a playable version of the game ready to install on iOS and Android devices. [...]
https://www.bleepingcomputer.com/news/security/apex-legends-fans-targeted-with-malware-and-scam-campaigns/
Apex Legends fans who want to play the game on mobile devices are being actively targeted by scam and malware campaigns which promise to deliver a playable version of the game ready to install on iOS and Android devices. [...]
https://www.bleepingcomputer.com/news/security/apex-legends-fans-targeted-with-malware-and-scam-campaigns/
BleepingComputer
Apex Legends Fans Targeted with Malware and Scam Campaigns
Apex Legends fans who want to play the game on mobile devices are being actively targeted by scam and malware campaigns which promise to deliver a playable version of the game ready to install on iOS and Android devices.
Hackers Backdoor Cloud Servers to Attack Future Customers
A new vulnerability dubbed Cloudborne can allow attackers to implant backdoor implants in the firmware or BMC of bare metal servers that survive client reassignment in bare metal and general cloud services, leading to a variety of attack scenarios. [...]
https://www.bleepingcomputer.com/news/security/hackers-backdoor-cloud-servers-to-attack-future-customers/
A new vulnerability dubbed Cloudborne can allow attackers to implant backdoor implants in the firmware or BMC of bare metal servers that survive client reassignment in bare metal and general cloud services, leading to a variety of attack scenarios. [...]
https://www.bleepingcomputer.com/news/security/hackers-backdoor-cloud-servers-to-attack-future-customers/
BleepingComputer
Hackers Backdoor Cloud Servers to Attack Future Customers
A new vulnerability dubbed Cloudborne can allow attackers to implant backdoor implants in the firmware or BMC of bare metal servers that survive client reassignment in bare metal and general cloud services, leading to a variety of attack scenarios.
Malvertising Attack Sneaks JavaScript Payload in Polyglot Images
A new malvertising attack observed in the wild relies on a less used technique to hide the malicious payload. The authors turned to polyglot images to add the JavaScript code that redirects to a page offering a fake reward. [...]
https://www.bleepingcomputer.com/news/security/malvertising-attack-sneaks-javascript-payload-in-polyglot-images/
A new malvertising attack observed in the wild relies on a less used technique to hide the malicious payload. The authors turned to polyglot images to add the JavaScript code that redirects to a page offering a fake reward. [...]
https://www.bleepingcomputer.com/news/security/malvertising-attack-sneaks-javascript-payload-in-polyglot-images/
BleepingComputer
Malvertising Attack Sneaks JavaScript Payload in Polyglot Images
A new malvertising attack observed in the wild relies on a less used technique to hide the malicious payload. The authors turned to polyglot images to add the JavaScript code that redirects to a page offering a fake reward.