Hacker Group Exposes Iranian APT Operations and Members

Hackers have revealed details about the inner workings of a cyber-espionage group mostly known in the security community as OilRig, APT34, and HelixKitten, linked to the Iranian government. [...]

https://www.bleepingcomputer.com/news/security/hacker-group-exposes-iranian-apt-operations-and-members/

RevengeRAT Distributed via Bit.ly, BlogSpot, and Pastebin C2 Infrastructure

A malicious campaign targeting entities from North America, Europe, Asia, and the Middle East during March used a combination of pages hosted on Bit.ly, BlogSpot, and Pastebin to create a command-and-control (C2) infrastructure designed to avoid getting blocked by security solutions. [...]

https://www.bleepingcomputer.com/news/security/revengerat-distributed-via-bitly-blogspot-and-pastebin-c2-infrastructure/

Windows 10 Application Guard Added to the New Microsoft Edge

Microsoft's Windows Defender Application Guard has been added to the upcoming Chromium-based Microsoft Edge.  This security feature allows you to securely browse the web without fear of becoming infected by malicious sites. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-application-guard-added-to-the-new-microsoft-edge/

Ride-Hailing Company Exposes Sensitive Info of Iranian Drivers

A ride-hailing company operating in Iran left open and publicly available a database containing sensitive information about its drivers. In total, the MongoDB instance stored over 6.7 million records. [...]

https://www.bleepingcomputer.com/news/security/ride-hailing-company-exposes-sensitive-info-of-iranian-drivers/

Unsecured Databases Leak 60 Million Records of Scraped LinkedIn Data

Eight unsecured databases were found leaking approximately 60 million records of LinkedIn user information. While most of the information is publicly available, the databases contain the email addresses of the LinkedIn users. [...]

https://www.bleepingcomputer.com/news/security/unsecured-databases-leak-60-million-records-of-scraped-linkedin-data/

Get Assassin's Creed: Unity for Free in Honor of Notre-Dame

French video game developer Ubisoft is giving away Assassins Creed: Unity for free in honor of the Notre-Dame, which was recently damaged due to a fire. [...]

https://www.bleepingcomputer.com/news/gaming/get-assassins-creed-unity-for-free-in-honor-of-notre-dame/

Cyber Attack Forces The Weather Channel Off the Air

The Weather Channel stopped its live broadcasting this morning due to a security incident that lasted for at least 90 minutes. [...]

https://www.bleepingcomputer.com/news/security/cyber-attack-forces-the-weather-channel-off-the-air/

The HotList is The Latest Instagram Phishing Scam Attack

A phishing scam called The HotList is the latest scam currently making its way through Instagram. This scam pretends to be a list of pictures ranked on how "Hot" they are, but just leads to a fake Instagram login page that is used to steal account logins and passwords. [...]

https://www.bleepingcomputer.com/news/security/the-hotlist-is-the-latest-instagram-phishing-scam-attack/

Google to Block Logins from Embedded Browser Frameworks

To increase protection against man-in-the-middle (MitM) attacks, Google in June will block sign-ins from embedded browser frameworks, which are used with some forms of phishing. [...]

https://www.bleepingcomputer.com/news/security/google-to-block-logins-from-embedded-browser-frameworks/

The New Microsoft Edge Sometimes Impersonates Other Browsers

The new Chromium-based Microsoft Edge will impersonate other browsers depending on the site being visited. This is may be done for compatibility reasons, like properly rendering pages or how video will be streamed and played back. [...]

https://www.bleepingcomputer.com/news/microsoft/the-new-microsoft-edge-sometimes-impersonates-other-browsers/

The Week in Ransomware - April 19th 2019 - RobbinHood, Samba, and More

This week introduced a new ransomware player that is targeting companies called RobbinHood. This ransomware recently took down the City of Greenville's computer systems and offers two different ransom payments; a price per computer or one for the entire network. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-19th-2019-robbinhood-samba-and-more/

Mozilla Firefox to Enable Hyperlink Ping Tracking By Default

Mozilla has told BleepingComputer that they will be enabling the tracking feature called hyperlink auditing, or Pings, by default in Firefox.  There is no timeline for when this feature will be enabled, but it will be done when their implementation is complete. [...]

https://www.bleepingcomputer.com/news/software/mozilla-firefox-to-enable-hyperlink-ping-tracking-by-default/

New INPIVX Service May Change the Ransomware Game

A new service called Inpivx pushes ransomware business to a new evolution stage, making it easy to set up shop for those that lack the technical skills to develop the malware from scratch and build a management panel. [...]

https://www.bleepingcomputer.com/news/security/new-inpivx-service-may-change-the-ransomware-game/

Nintendo Super Mario Bros. Now Playable on Commodore 64

After seven years of development, Super Mario Bros. has been ported from the Nintendo Entertainment System (NES) to the Commodore 64. [...]

https://www.bleepingcomputer.com/news/gaming/nintendo-super-mario-bros-now-playable-on-commodore-64/

Windows 10 Start Menu Gets Its Own Process in Build 1903

Next month Microsoft will be releasing the Windows 10 May 2019 Update, also known as build 1903, and with it the Windows Start Menu will now be running under its own process called "Start". This is being done to increase performance and to make it easier to recover from hangs in the Start Menu. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-start-menu-gets-its-own-process-in-build-1903/

Security Researcher Pleads Guilty To Malware Writing Charges

Security researcher Marcus Hutchins pled guilty on Wednesday to writing malware and aiding with its distribution with the help of a partner. [...]

https://www.bleepingcomputer.com/news/security/security-researcher-pleads-guilty-to-malware-writing-charges/

Google Chrome is Testing a New Extensions Menu

In order to provide better access to extensions and a less cluttered interface, Google is testing a new Google Chrome extension menu that is accessible from the toolbar. This menu will contain a drop down list of all installed extensions, which can be utilized by selecting their icon. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-is-testing-a-new-extensions-menu/

Microsoft Discontinues Windows 10 Sets Tabbed Window Feature

The much anticipated Windows 10 tabbed window feature called Sets has been discontinued according to a tweet from a Microsoft senior project manager. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-discontinues-windows-10-sets-tabbed-window-feature/

Office 365 Custom Rules to Block Azure Blob Storage Phishing Attacks

Phishing attacks which use Microsoft's Azure Blob Storage for hosting their landing pages to take advantage of windows.net subdomains' valid Microsoft SSL certificates can easily be blocked using custom Office 365 rules. [...]

https://www.bleepingcomputer.com/news/security/office-365-custom-rules-to-block-azure-blob-storage-phishing-attacks/

Medical Information of Almost 150K Rehab Patients Exposed

Over 4.91 million documents containing personally identifiable information (PII) of addiction rehab patients were exposed by a misconfigured ElasticSearch database publicly accessible for more than two years, from mid 2016 to late 2018. [...]

https://www.bleepingcomputer.com/news/security/medical-information-of-almost-150k-rehab-patients-exposed/