Cloudflare Deploys Firewall Rule to Block New Drupal Exploits

Exploitation attempts of a highly critical vulnerability discovered in the Drupal content management software (CMS) on February 20 were blocked by Cloudfare using Web Application Firewall (WAF) rules designed to protect its customers' websites from being compromised. [...]

https://www.bleepingcomputer.com/news/security/cloudflare-deploys-firewall-rule-to-block-new-drupal-exploits/

Adware Apps in Google Play Simulate Uninstall for Persistence

Three adware apps discovered in Google Play use a special trick to ensure they stay on the victim device for a longer time. They pose as camera-related utilities and have recorded over 700,000 installations, combined. [...]

https://www.bleepingcomputer.com/news/security/adware-apps-in-google-play-simulate-uninstall-for-persistence/

Hackers Revive Microsoft Office Equation Editor Exploit

Hackers used specially-crafted Microsoft Word documents during the last few months to abuse an Integer Overflow bug that helped them bypass sandbox and anti-malware solutions and exploit the Microsoft Office Equation Editor vulnerability patched 15 months ago. [...]

https://www.bleepingcomputer.com/news/security/hackers-revive-microsoft-office-equation-editor-exploit/

NSA's Ghidra Reverse Engineering Framework Stirs Up Malware Researchers

The National Security Agency released a free, public version of Ghidra, a set of tools developed internally for software reverse engineering. The agency will also release Ghidra's source code, allowing users to improve the framework's feature set and turn it into a more effective tool. [...]

https://www.bleepingcomputer.com/news/security/nsas-ghidra-reverse-engineering-framework-stirs-up-malware-researchers/

Google Chrome Update Patches Zero-Day Actively Exploited in the Wild

Google updated the release announcement for the Chrome web browser version 72.0.3626.121 with a warning that the 0day patched in the release is being actively exploited in the wild. [...]

https://www.bleepingcomputer.com/news/security/google-chrome-update-patches-zero-day-actively-exploited-in-the-wild/

Microsoft Open Sources the Windows 10 Calculator on GitHub

Have you ever wanted to know exactly how the Windows 10 Calculator works or want to extend its functionality? Now you can, as Microsoft has open-sourced their Windows Calculator so that anyone can play with it. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-open-sources-the-windows-10-calculator-on-github/

Microsoft Releases Windows 10 Build 18850 (20H1) to Skip Ahead Users

Microsoft has released Windows 10 Insider Preview Build 18850 for Insiders in the Skip Ahead ring. This 20H1 build includes a new version of Snip and Sketch (v10.1901.10521.0) and various bug fixes  [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-build-18850-20h1-to-skip-ahead-users/

StealthWorker Malware Uses Windows, Linux Bots to Hack Websites

Hackers are running a new campaign which drops the StealthWorker brute-force malware on Windows and Linux machines that end up being used to brute force other computers in a series of distributed brute force attacks. [...]

https://www.bleepingcomputer.com/news/security/stealthworker-malware-uses-windows-linux-bots-to-hack-websites/

Unpatched UPnP-Enabled Devices Left Exposed to Attacks

Outdated software on UPnP-enabled devices exposes them to attacks designed to exploit a wide range of vulnerabilities found in UPnP libraries used by various daemons and servers reachable over the Internet. [...]

https://www.bleepingcomputer.com/news/security/unpatched-upnp-enabled-devices-left-exposed-to-attacks/

12,449 Data Breaches Confirmed in 2018, a 424% Increase Over the Previous Year

The number of confirmed data breaches during 2018 reached 12,449, a 424% increase when compared with 2017, 47% of all compromised identity records having been exposed in breaches experienced by organizations from the United States and China. [...]

https://www.bleepingcomputer.com/news/security/12-449-data-breaches-confirmed-in-2018-a-424-percent-increase-over-the-previous-year/

#Opfail: Phisher Attaches Powershell Exec Instead of Malware

The security community has seen its share of mistakes made by cybercriminals, and quickly took advantage of them to stop the threat. But some of them have reached blooper level. [...]

https://www.bleepingcomputer.com/news/security/opfail-phisher-attaches-powershell-exec-instead-of-malware/

FTC Issue PSA on Social Security Number Scams

Scammers pretending to be employees of the Social Security Administrations (SSA) have caused last year losses of at least $16.6 million. [...]

https://www.bleepingcomputer.com/news/security/ftc-issue-psa-on-social-security-number-scams/

Windows 10 KB4482887 Cumulative Update Causing Major Stuttering in Games

The February KB4482887 Cumulative Update for Windows 10 Version 1809 is causing major graphics performance issues in multiple games, from FPS drops and mouse input lag to severe stuttering and lag spikes according to numerous user reports. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4482887-cumulative-update-causing-major-stuttering-in-games/

New SLUB Backdoor Uses Slack, GitHub as Communication Channels

A new backdoor was observed while using the Github Gist service and the Slack messaging system as communication channels with its masters, as well as targeting a very specific type of victim using a watering hole attack. [...]

https://www.bleepingcomputer.com/news/security/new-slub-backdoor-uses-slack-github-as-communication-channels/

Notepad++ No Longer Code Signed, Dev Won't Support Overpriced Cert Industry

The developer of the highly popular open source Notepad++ text and source code editor for Windows announced that the program will drop code signing support starting with the 7.6.4 release. [...]

https://www.bleepingcomputer.com/news/software/notepad-no-longer-code-signed-dev-wont-support-overpriced-cert-industry/

Facebook Removes Campaigns Used to Sow Discord in UK and Romania

Facebook stated that they have discovered and removed content related to two coordinated campaigns used to sow political discord in the UK and Romania. Facebook is categorizing these campaigns as inauthentic behavior as they misrepresented themselves and are being used to mislead visitors. [...]

https://www.bleepingcomputer.com/news/security/facebook-removes-campaigns-used-to-sow-discord-in-uk-and-romania/

Russia Passes Bill That Outlaws Disrespecting Russian Officials Online

The Russian State Duma passed a new and controversial bill which allows the authorities to jail people who disrespect the government and state officials online. [...]

https://www.bleepingcomputer.com/news/security/russia-passes-bill-that-outlaws-disrespecting-russian-officials-online/

What We Know About Microsoft’s Chromium-Based Edge Browser

Screenshots for the Chromium-based Microsoft Edge browser were leaked online this week. With these screenshots, others found more information that was not previously confirmed by Microsoft. [...]

https://www.bleepingcomputer.com/news/microsoft/what-we-know-about-microsoft-s-chromium-based-edge-browser/

Google Advises Upgrade to Windows 10 to Fix Windows 7 Zero-Day Bug

Google recommends users of Windows 7 to give it up and move to Microsoft's latest operating system if they want to keep systems safe from a zero-day vulnerability exploited in the wild. [...]

https://www.bleepingcomputer.com/news/security/google-advises-upgrade-to-windows-10-to-fix-windows-7-zero-day-bug/

Insecure Database Leads to Over 800 Million Records Data Breach

An unprotected 140+ GB MongoDB database led to the discovery of a huge collection of 808,539,939 email records, with many of them also containing detailed personally identifiable information (PII). [...]

https://www.bleepingcomputer.com/news/security/insecure-database-leads-to-over-800-million-records-data-breach/