Office 365 Custom Rules to Block Azure Blob Storage Phishing Attacks

Phishing attacks which use Microsoft's Azure Blob Storage for hosting their landing pages to take advantage of windows.net subdomains' valid Microsoft SSL certificates can easily be blocked using custom Office 365 rules. [...]

https://www.bleepingcomputer.com/news/security/office-365-custom-rules-to-block-azure-blob-storage-phishing-attacks/

Medical Information of Almost 150K Rehab Patients Exposed

Over 4.91 million documents containing personally identifiable information (PII) of addiction rehab patients were exposed by a misconfigured ElasticSearch database publicly accessible for more than two years, from mid 2016 to late 2018. [...]

https://www.bleepingcomputer.com/news/security/medical-information-of-almost-150k-rehab-patients-exposed/

Bodybuilding.com Security Breach, All Customer Passwords Reset

Bodybuilding.com fitness and bodybuilding fan website notified its customers of a security breach detected during February 2019 which was the direct result of a phishing email received back in July 2018. [...]

https://www.bleepingcomputer.com/news/security/bodybuildingcom-security-breach-all-customer-passwords-reset/

Windows 7 Now Showing End of Support Warnings

Microsoft has started to display alerts in Windows 7 stating that the operating system will reach end of support on January 14, 2020. This alert links to a page that then recommends users upgrade to Windows 10. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-7-now-showing-end-of-support-warnings/

Microsoft Windows Defender ATP APIs Now Generally Available

Microsoft announced the general availability of the Windows Defender Advanced Threat Protection (ATP) programmatic application programming interface (API) which allows customers to create their custom apps using Microsoft Defender ATP's capabilities. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-defender-atp-apis-now-generally-available/

Windows April Updates Also Have Problems with Mcafee Software

With the release of the Microsoft April 2019 Patch Tuesday updates, some Windows users began to discover that Windows 7 and 8.1 was suddenly booting slower or would freeze. It was determined that this was due to conflicts with antivirus software such as Sophos, Avast, AVG, and now McAfee. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-april-updates-also-have-problems-with-mcafee-software/

ShadowHammer Targets Multiple Companies, ASUS Just One of Them

ASUS was not the only company targeted by supply-chain attacks during the ShadowHammer hacking operation as discovered by Kaspersky, with at least six other organizations having been infiltrated by the attackers. [...]

https://www.bleepingcomputer.com/news/security/shadowhammer-targets-multiple-companies-asus-just-one-of-them/

Source Code for Carbanak Backdoor Shared with Larger Infosec Community

For the past two years, the source code for the Carbanak banking malware has been sitting on VirusTotal scanning platform, available for any researcher that recognized it. [...]

https://www.bleepingcomputer.com/news/security/source-code-for-carbanak-backdoor-shared-with-larger-infosec-community/

Malware Hosted in Google Sites Sends Data to MySQL Server

Security researchers found malware hosted on the Google Sites platform for building websites. The threat is a dropper for an information stealer that sends data to a MySQL server controlled by the attacker. [...]

https://www.bleepingcomputer.com/news/security/malware-hosted-in-google-sites-sends-data-to-mysql-server/

Cybercrime's Total Earnings Skyrocketed to $2.7 Billion Says the FBI

FBI's Internet Crime Complaint Center (IC3) published its 2018 Internet Crime Report which shows that cybercrime was behind $2,7 billion in total losses during 2018 as shown by 351,936 complaints received during the last year. [...]

https://www.bleepingcomputer.com/news/security/cybercrimes-total-earnings-skyrocketed-to-27-billion-says-the-fbi/

Microsoft Not Giving Up on Classic Windows Paint Yet

Microsoft Paint fans around the world can breathe a sigh of relief as Microsoft has decided to give it a stay of execution for at least the upcoming Windows 10 version 1903. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-not-giving-up-on-classic-windows-paint-yet/

DNSpionage Drops New Karkoff Malware, Cherry-Picks Its Victims

The DNSpionage malware campaign has added a new reconnaissance stage showing that the attackers have become more picky with their targets, as well as a new .NET-based malware dubbed Karkoff and designed to allow them to execute code remotely on compromised hosts. [...]

https://www.bleepingcomputer.com/news/security/dnspionage-drops-new-karkoff-malware-cherry-picks-its-victims/

Windows 10 May 2019 Update to Be Blocked If Using USB Drives

Microsoft will block upgrades to the Windows 10 May 2019 Update if external media such as a USB device or SD card is attached to the computer. This is being done as USB devices can have their drive letters reassigned during the upgrade. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-may-2019-update-to-be-blocked-if-using-usb-drives/

Chrome 74 Released with 39 Security Fixes and New Features

Google has released Chrome 74 to the Stable desktop channel, which makes it available now for everyone to download. This version fixes numerous security vulnerabilities and adds new features such as support for reduced motion preferences and feature policy updates. [...]

https://www.bleepingcomputer.com/news/google/chrome-74-released-with-39-security-fixes-and-new-features/

Oops. 228K Danish Passports Have Swapped Fingerprint Data

In a big oops, over 200,000 Danish passports were printed with the user's fingerprint's mistakenly swapped between the left and right hand. [...]

https://www.bleepingcomputer.com/news/security/oops-228k-danish-passports-have-swapped-fingerprint-data/

Qbot Malware Dropped via Context-Aware Phishing Campaign

A phishing campaign dropping the Qbot banking Trojan with the help of delivery emails camouflaging as parts of previous conversations was spotted during late March 2019 by the JASK Special Operations team. [...]

https://www.bleepingcomputer.com/news/security/qbot-malware-dropped-via-context-aware-phishing-campaign/

Windows 10 1903 Gets Rid of Password Expiration Policies

Microsoft announced the configuration baseline settings draft release for Windows 10 version 1903 (19H1) and for Windows Server version 1903, as well as the intention to drop password expiration policies starting with the Windows 10 May 2019 Update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-1903-gets-rid-of-password-expiration-policies/

Apple Updates XProtect to Block 'Windows' Malware on Macs

Apple's XProtect security software has been silently updated to include signatures that detect Windows PE files and Windows executables that can run on Macs by utilizing the Mono .NET framework. [...]

https://www.bleepingcomputer.com/news/security/apple-updates-xprotect-to-block-windows-malware-on-macs/

GitHub Service Abused by Attackers to Host Phishing Kits

Malicious actors hosted phishing kits on the web-based GitHub code hosting platform by abusing the service's free repositories to deliver them to their targets via github.io domains. [...]

https://www.bleepingcomputer.com/news/security/github-service-abused-by-attackers-to-host-phishing-kits/

French Users of Microsoft Games and Sites Hit With Scam Ads

French users of Microsoft games and services are being shown ads that redirect them to scam surveys, polls, or other unwanted promotions. Some of these ads are also able to escape Microsoft games to load the scam ads in the default browser used by Windows. [...]

https://www.bleepingcomputer.com/news/microsoft/french-users-of-microsoft-games-and-sites-hit-with-scam-ads/