Microsoft 365 To Get Tenant-Wide Idle Session Timeout Feature

Microsoft is working on including a new tenant-wide idle session timeout feature for Microsoft 365 web apps to prevent information exposure that might stem from unauthorized access to systems left unattended. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-365-to-get-tenant-wide-idle-session-timeout-feature/

FBI Warns U.S. Organizations About High Impact Ransomware

The U.S. Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) issued a public service announcement today regarding the increasing number of high-impact ransomware attacks against public and private U.S. organizations.   [...]

https://www.bleepingcomputer.com/news/security/fbi-warns-us-organizations-about-high-impact-ransomware/

FTCode PowerShell Ransomware Resurfaces in Spam Campaign

An old PowerShell ransomware has resurfaced with a vengeance in a spam distribution aimed at Italian recipients. This ransomware is called FTCode and is completely PowerShell based, which means it can encrypt the computer without downloading any additional components. [...]

https://www.bleepingcomputer.com/news/security/ftcode-powershell-ransomware-resurfaces-in-spam-campaign/

Police Seize Bot Farm Behind Potentially Fatal Scam Messages

The cyber division of the Ukrainian police took to pieces an operation that made money by registering accounts used to send spam through various services, including email and social networks. [...]

https://www.bleepingcomputer.com/news/security/police-seize-bot-farm-behind-potentially-fatal-scam-messages/

Windows Activator Bundles Banker with C2 in YouTube Description

In their effort to hide the command and control (C2) server addresses, operators of a banking trojan placed them in fake websites and in descriptions for YouTube videos. [...]

https://www.bleepingcomputer.com/news/security/windows-activator-bundles-banker-with-c2-in-youtube-description/

Cyber-Spy Group Active Since 2013 Now Tied to Chinese State Actor

Multiple cyber-espionage campaigns that remained unattributed over the years have now been linked to a single threat actor that researchers named PKPLUG, attacking targets across Asia. [...]

https://www.bleepingcomputer.com/news/security/cyber-spy-group-active-since-2013-now-tied-to-chinese-state-actor/

Office 365 Admins Can Now Block Malicious Microsoft Query IQY Files

Microsoft has silently added new group policies to allow Office 365 admins to block Excel users from opening untrusted Microsoft Query files with IQY, OQY, DQY, and RQY extensions. [...]

https://www.bleepingcomputer.com/news/microsoft/office-365-admins-can-now-block-malicious-microsoft-query-iqy-files/

Microsoft Releases Windows Security Updates to Fix Printing Issue

Microsoft today released out of band security updates, cumulative updates, and monthly rollup updates to address a printing issue plaguing all Windows client and server versions acknowledged on September 30. [...]

https://www.bleepingcomputer.com/news/security/microsoft-releases-windows-security-updates-to-fix-printing-issue/

Windows 10 Insider Build 18995 Adds PIN Sign-ins to Safe Mode

Microsoft has released Windows 10 Insider Preview Build 18995 (20H1) to Insiders in the Fast ring, which now allows you to sign into Windows using your Windows Hello Pin even when in Safe Mode. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-18995-adds-pin-sign-ins-to-safe-mode/

Google Chrome to Gradually Start Blocking Mixed Content by Default

Google announced that the Chrome web browser will gradually start blocking HTTPS pages from loading insecure resources to improve the users' privacy and security while browsing the web. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-to-gradually-start-blocking-mixed-content-by-default/

'Lost Files' Data Wiper Poses as a Windows Security Scanner

A Windows Security Scanner that states it encrypted your files is being distributed by spam, but whether by bug or design, it instead corrupts binary data in a victim's files.  [...]

https://www.bleepingcomputer.com/news/security/lost-files-data-wiper-poses-as-a-windows-security-scanner/

Four U.S. Food Chains Disclose Payment Card Theft via PoS Malware

Hackers caused havoc at four restaurant chains in the U.S. over the summer after compromising their payment systems with malware that stole customers' payment card information. [...]

https://www.bleepingcomputer.com/news/security/four-us-food-chains-disclose-payment-card-theft-via-pos-malware/

Australian Govt Issues Android and iOS Security Hardening Guides

The Australian Signals Directorate (ASD)'s Australian Cyber Security Centre (ACSC) has published a set of two guides designed to help Australian government, commercial organizations, and enterprises harden the security of iOS and Android devices in their fleets. [...]

https://www.bleepingcomputer.com/news/security/australian-govt-issues-android-and-ios-security-hardening-guides/

Details of 92 Million Brazilians Auctioned on Underground Forums

Someone is offering to auction on underground forums a database containing personal information of 92 million Brazilian citizens. They claim that every record is real and unique. [...]

https://www.bleepingcomputer.com/news/security/details-of-92-million-brazilians-auctioned-on-underground-forums/

Novter Trojan Sets its Sights on Microsoft Windows Defender

The Novter Trojan, also known as Nodersok or Divergent, is the latest Trojan to actively target Microsoft's Windows Defender by attempting to disable it. [...]

https://www.bleepingcomputer.com/news/security/novter-trojan-sets-its-sights-on-microsoft-windows-defender/

Magecart Impacts Hundreds of Thousands of Websites, Still Growing

With over two million detections to date, compromising shopping sites' resources to steal customer payment card info is a global phenomenon unlikely to end soon. [...]

https://www.bleepingcomputer.com/news/security/magecart-impacts-hundreds-of-thousands-of-websites-still-growing/

Actively Exploited Android Zero-Day Impacts Google, Samsung Devices

Google's Threat Analysis Group (TAG) says that a new Android zero-day is actively being exploited in the wild in attacks targeting vulnerable Google Pixel, Huawei, Xiaomi, Samsung, Oppo, and Moto devices. [...]

https://www.bleepingcomputer.com/news/security/actively-exploited-android-zero-day-impacts-google-samsung-devices/

Windows 10 KB4524147 Cumulative Update Breaks the Start Menu

The KB4524147 Cumulative Update for Windows 10, version 1903 is causing the Windows start menu to crash with a critical error according to numerous user reports. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4524147-cumulative-update-breaks-the-start-menu/

Microsoft Discovers Iranian Hacking Campaign Targeting U.S. Politics

Microsoft says that a state-sponsored Iranian cyber-espionage group tracked as Phosphorus by the Microsoft Threat Intelligence Center (MSTIC) attempted to get account info on over 2,700 of its customers, attack 241 of them, and compromised four accounts between August and September. [...]

https://www.bleepingcomputer.com/news/security/microsoft-discovers-iranian-hacking-campaign-targeting-us-politics/

UAB Medicine Data Breach Exposes Patient Info in Phishing Attack

UAB Medical is the victim of a phishing attack that targeted the medical center's payroll department. This allowed the attackers to gain access to numerous employee emails that contained the health information for 19,557 patients. [...]

https://www.bleepingcomputer.com/news/security/uab-medicine-data-breach-exposes-patient-info-in-phishing-attack/