Windows 10 Build 18990 Insider Released With UWP App Autostart

Microsoft has released Windows 10 Insider Preview Build 18990 (20H1) to Insiders in the Fast ring, which allows you to enable UWP apps to restart on sign-in and WSL improvements. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-build-18990-insider-released-with-uwp-app-autostart/

Hackers Exploit Unpatched Bug in Rich Reviews WordPress Plugin

Site administrators still using the Rich Reviews plugin for WordPress are easy targets as hackers are currently exploiting an unpatched vulnerability for malvertising campaigns. [...]

https://www.bleepingcomputer.com/news/security/hackers-exploit-unpatched-bug-in-rich-reviews-wordpress-plugin/

Adobe Fixes Critical Security Vulnerabilities in Coldfusion

Adobe released security updates for three vulnerabilities in ColdFusion. Two of these vulnerabilities are rated as Critical as they allow code execution and can bypass access controls. The other is an labeled critical as it allows information disclosure. [...]

https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-security-vulnerabilities-in-coldfusion/

vBulletin Zero-Day Exploited for Years, Gets Unofficial Patch

A zero-day exploit for the vBulletin forum platform was publicly disclosed and quickly used to attack affected versions of the forum software. It turns out, though, that this exploit has been known, utilized, and sold by researchers and attackers for years. [...]

https://www.bleepingcomputer.com/news/security/vbulletin-zero-day-exploited-for-years-gets-unofficial-patch/

CloudFlare's WARP Secures iOS and Android Web Traffic for Free

Cloudflare's WARP mobile app for iOS or Android designed to secure all the Internet traffic on one's mobile devices is now available for everyone. [...]

https://www.bleepingcomputer.com/news/security/cloudflares-warp-secures-ios-and-android-web-traffic-for-free/

Hackers Replace Windows Narrator to Get SYSTEM Level Access

Chinese hackers are replacing the legitimate Narrator app on targeted Windows systems with a trojanized version that gives them remote access with privileges of the most powerful account on the operating system. [...]

https://www.bleepingcomputer.com/news/security/hackers-replace-windows-narrator-to-get-system-level-access/

Microsoft Phishing Attack Uses Google Redirects to Evade Detection

A new phishing campaign uses Google search query redirects to send potential victims to a phishing landing page designed to collect Microsoft Office 365 credentials via encoded URLs. [...]

https://www.bleepingcomputer.com/news/security/microsoft-phishing-attack-uses-google-redirects-to-evade-detection/

Ransomware Decryptors Released for Yatron, WannaCryFake, & FortuneCrypt

Security vendors released decryptors for three ransomware infections today that allow victims to recover their files for free. These decryptors are for the WannaCryFake, Yatron, and FortuneCrypt Ransomware infections. [...]

https://www.bleepingcomputer.com/news/security/ransomware-decryptors-released-for-yatron-wannacryfake-and-fortunecrypt/

Buggy Google Chrome Update Behind Recent Unbootable Macs

A wave of reported Macs being no longer able to boot was caused by a recent Google Chrome update that was corrupting a necessary operating system folder. Once the update was installed, affected users found they were no longer able to boot into macOS. [...]

https://www.bleepingcomputer.com/news/security/buggy-google-chrome-update-behind-recent-unbootable-macs/

Microsoft to Extend Office 365 ATP Safe Links to Office Online

Microsoft is currently working on extending the Office 365 Advanced Threat Protection (ATP) Safe Links protection to Office Online apps, with the new feature to be released in October. [...]

https://www.bleepingcomputer.com/news/security/microsoft-to-extend-office-365-atp-safe-links-to-office-online/

Botnet Uses Recent vBulletin Exploit to Block Other Hackers

A botnet has been detected utilizing the recently disclosed vBulletin exploit to secure vulnerable servers so that they cannot be used by other attackers. This allows the botnet to grow their army of compromised servers without fear that other attackers will utilize the same server. [...]

https://www.bleepingcomputer.com/news/security/botnet-uses-recent-vbulletin-exploit-to-block-other-hackers/

Vodafone's Mobile App Briefly Exposed Customer Information

For a brief period on Wednesday morning, Vodafone customers in New Zealand using the mobile carrier's app could see details for other customers. [...]

https://www.bleepingcomputer.com/news/security/vodafones-mobile-app-briefly-exposed-customer-information/

Outlook on the Web to Block File Extensions for PowerShell, Python, and More

Microsoft will soon be blocking an additional 38 file extension from being downloaded as attachments in Outlook on the Web in order to protect users from malicious files. These additional extensions includes files used by Java, PowerShell, Python, and various vulnerabilities. [...]

https://www.bleepingcomputer.com/news/microsoft/outlook-on-the-web-to-block-file-extensions-for-powershell-python-and-more/

Microsoft Enables Tracking Prevention by Default in New Edge Beta

Microsoft released the first update to the Microsoft Edge Beta channel that brings the web browser to the 78.0.276.8 build, enables the tracking prevention feature by default, and adds new sign-in and sync features. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-enables-tracking-prevention-by-default-in-new-edge-beta/

Cisco Fixes Critical IOx Flaw Allowing Root Access to Guest OS

Cisco has released security updates to address a critical vulnerability in the IOx application environment for Cisco IOS Software that could enable authenticated remote attackers to access the Guest Operating System (Guest OS) as the root user. [...]

https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-iox-flaw-allowing-root-access-to-guest-os/

REvil (Sodinokibi) Ransomware Targets Chinese Users with DHL Spam

A new spam campaign is underway that is targeting Chinese recipients to trick them into installing the REvil (Sodinokibi) Ransomware. [...]

https://www.bleepingcomputer.com/news/security/revil-sodinokibi-ransomware-targets-chinese-users-with-dhl-spam/

Microsoft Spots Nodersok Malware Campaign That Zombifies PCs

A new fileless malicious campaign, dubbed Nodersok by Microsoft Defender ATP Research Team researchers who discovered it, drops its own LOLBins to infect Windows computers with a Node.js-based malware that will turn the devices into proxies. [...]

https://www.bleepingcomputer.com/news/security/microsoft-spots-nodersok-malware-campaign-that-zombifies-pcs/

Microsoft Explains Why Signed PowerShell Cmdlets May Run Slow

Microsoft issued an advisory that signed PowerShell cmdlets may run slower then unsigned cmdlets if Windows is having network connectivity problems. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-explains-why-signed-powershell-cmdlets-may-run-slow/

DoorDash Data Breach Exposes Info of Roughly 5 Million Users

DoorDash has announced a data breach where an unauthorized user was able to gain access to the personal information of 4.9 million consumers, Dashers, and merchants. [...]

https://www.bleepingcomputer.com/news/security/doordash-data-breach-exposes-info-of-roughly-5-million-users/

Windows 10 1903 Cumulative Update KB4517211 Fixes Game Audio Issues

Microsoft has released the KB4517211 cumulative update for Windows 10 1903 (May 2019 Update) that introduces a variety of quality improvements and bug fixes. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-1903-cumulative-update-kb4517211-fixes-game-audio-issues/