Leafly Cannabis Website Leaked User Info via Exposed Database

Cannabis information platform Leafly sent notification emails to some of its customers letting them know that some of their information was exposed in a data leak incident. [...]

https://www.bleepingcomputer.com/news/security/leafly-cannabis-website-leaked-user-info-via-exposed-database/

Windows 10 Update Assistant Vulnerability Needs Manual Fix, Here's How

Microsoft has released a new version of the Windows 10 Update Assistant in order to fix a local privilege escalation vulnerability. While there is no imminent threat, the only way to fix this vulnerability is to uninstall the program or download the latest version. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-update-assistant-vulnerability-needs-manual-fix-heres-how/

Windows 10 1909 is Getting "Ready for Release", Named November 2019 Update

Microsoft has officially announced that Windows 10 version 1909 (19H2) is being called the November 2019 Update. This latest feature update is expected to be released at the end of October or in the beginning of November. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-1909-is-getting-ready-for-release-named-november-2019-update/

Nemty 1.6 Ransomware Released and Pushed via RIG Exploit Kit

The RIG exploit kit is now pushing a cocktail of malware that includes a new variant of the Nemty Ransomware.  [...]

https://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/

FIN7 Hackers Load New RAT Malware Into ATM Maker's Software

The FIN7 hacking group has added new tools to its malicious toolkit, a malware loader that will deliver payloads straight into memory and a module that hooks into the legitimate remote administration software of ATM maker NCR Corporation. [...]

https://www.bleepingcomputer.com/news/security/fin7-hackers-load-new-rat-malware-into-atm-makers-software/

Windows 10 KB4517389 Update May Cause Start Menu and Edge Issues

Windows 10 1903 users continue to complain that Start Menu is giving a critical error message and that Edge now will not launch after installing the latest KB4517389 cumulative update. For some, uninstalling the recent cumulative update has fixed these issues, but for others the Start Menu problem persists. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4517389-update-may-cause-start-menu-and-edge-issues/

The Week in Ransomware - October 11th 2019 - Decryptors Released!

We had some interesting news this week, such as the HildaCrypt ransomware releasing their keys, RobbinHood Ransomware bragging about their past exploits, a Muhstik Ransomware victim hacking back and stealing the decryption keys, and a Nemty decryptor being released. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-11th-2019-decryptors-released/

Attackers Create Elaborate Crypto Trading Scheme to Install Malware

Attackers have created an elaborate scheme to distribute a cryptocurrency trading program that installs a backdoor on a victim's Mac or Windows PC. [...]

https://www.bleepingcomputer.com/news/security/attackers-create-elaborate-crypto-trading-scheme-to-install-malware/

Nitro PDF Pro to Get Micropatches for 7 Potential RCE Bugs

The current version of Nitro PDF Pro has at least one vulnerability that could be used to attempt remote code execution on the victim host. A fix from a third party is on its way.. [...]

https://www.bleepingcomputer.com/news/security/nitro-pdf-pro-to-get-micropatches-for-7-potential-rce-bugs/

Creating Custom Windows Sandbox Configurations in Windows 10

This article will teach you how to use configuration files to modify the behavior of the Windows Sandbox feature in Windows 10. [...]

https://www.bleepingcomputer.com/news/microsoft/creating-custom-windows-sandbox-configurations-in-windows-10/

How to Make Windows 10 Pause Updates for a Period of Time

Pausing Windows 10 update makes sense, especially when you really don't want the update. Fortunately, Microsoft lets you pause or delay Windows Updates, and here's how. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-make-windows-10-pause-updates-for-a-period-of-time/

Sodinokibi Ransomware: Following the Affiliate Money Trail

After a Sodinokibi ransomware affiliate posted partial transaction IDs for ransomware payments, researchers were able to use that information to follow the money trail for affiliates and in some cases, how they spend their illicit earnings. [...]

https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-following-the-affiliate-money-trail/

Iranian Hackers Create Credible Phishing to Steal Library Access

The Silent Librarian threat group is constantly updating its tactics and techniques, to the point of using on its login phishing pages info and alerts that is accurate and relevant to potential victims. [...]

https://www.bleepingcomputer.com/news/security/iranian-hackers-create-credible-phishing-to-steal-library-access/

Microsoft Now Enables Windows 10 Tamper Protection By Default

Microsoft has announced today that the Windows 10 Tamper Protection security feature is now officially generally available for the Enterprise and consumers. Along with this announcement, Microsoft will be enabling this security feature on all Windows 10 devices by default. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-now-enables-windows-10-tamper-protection-by-default/

Winnti Group Uses New PortReuse Malware Against Asian Manufacturer

Winnti Group hackers have updated their arsenal with a new modular Windows backdoor that they used to infect the servers of a high-profile Asian mobile hardware and software manufacturer. [...]

https://www.bleepingcomputer.com/news/security/winnti-group-uses-new-portreuse-malware-against-asian-manufacturer/

Microsoft Office 2010 to Reach End of Support in One Year

Microsoft announced today that extended support for Office 2010 will end on October 13, 2020, at the same time recommending organizations to migrate to Office 365 ProPlus or Office 2019. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-office-2010-to-reach-end-of-support-in-one-year/

Facebook Users Being Locked Out After Reporting Fake Accounts

Numerous people are reporting that for the past nine days users are being locked out of Facebook after reporting fake user profiles to the social site. [...]

https://www.bleepingcomputer.com/news/technology/facebook-users-being-locked-out-after-reporting-fake-accounts/

Global Shipping Firm Pitney Bowes Affected by Ransomware Attack

Global shipping and mailing services company Pitney Bowes announced today that it was the victim of a ransomware attack that encrypted some of its systems, leading to a partial system outage that impacted customer access to some services. [...]

https://www.bleepingcomputer.com/news/security/global-shipping-firm-pitney-bowes-affected-by-ransomware-attack/

Mozilla Rolls Out Code Injection Attack Protection in Firefox

Mozilla rolled out protection measures to block code injection attacks in the Firefox web browser, with the attack surface being reduced by removing eval()-like functions and inline scripts occurrences. [...]

https://www.bleepingcomputer.com/news/security/mozilla-rolls-out-code-injection-attack-protection-in-firefox/

Linux SUDO Bug Lets You Run Commands as Root, Most are Unaffected

A vulnerability has been discovered in the Linux sudo command that could allow unprivileged users to execute commands as root. Thankfully, this vulnerability only works in non-standard configurations and most Linux servers are unaffected. [...]

https://www.bleepingcomputer.com/news/linux/linux-sudo-bug-lets-you-run-commands-as-root-most-are-unaffected/