Global Shipping Firm Pitney Bowes Affected by Ransomware Attack

Global shipping and mailing services company Pitney Bowes announced today that it was the victim of a ransomware attack that encrypted some of its systems, leading to a partial system outage that impacted customer access to some services. [...]

https://www.bleepingcomputer.com/news/security/global-shipping-firm-pitney-bowes-affected-by-ransomware-attack/

Mozilla Rolls Out Code Injection Attack Protection in Firefox

Mozilla rolled out protection measures to block code injection attacks in the Firefox web browser, with the attack surface being reduced by removing eval()-like functions and inline scripts occurrences. [...]

https://www.bleepingcomputer.com/news/security/mozilla-rolls-out-code-injection-attack-protection-in-firefox/

Linux SUDO Bug Lets You Run Commands as Root, Most are Unaffected

A vulnerability has been discovered in the Linux sudo command that could allow unprivileged users to execute commands as root. Thankfully, this vulnerability only works in non-standard configurations and most Linux servers are unaffected. [...]

https://www.bleepingcomputer.com/news/linux/linux-sudo-bug-lets-you-run-commands-as-root-most-are-unaffected/

Samsung Galaxy S10 Fingerprint Reader Defeated by Silicon Case

A couple in the UK experienced a weird bug on their Samsung Galaxy S10 that allows bypassing the fingerprint reader to unlock the phone regardless of the biometric data registered in the device. [...]

https://www.bleepingcomputer.com/news/security/samsung-galaxy-s10-fingerprint-reader-defeated-by-silicon-case/

Chinese Hackers Use New Cryptojacking Tactics to Evade Detection

Chinese-speaking cybercrime group Rocke, known for operating multiple large-scale malicious crypto-mining campaigns, has now switched to new Tactics, Techniques, and Procedures (TTPs), including new C2 infrastructure and updated malware to evade detection. [...]

https://www.bleepingcomputer.com/news/security/chinese-hackers-use-new-cryptojacking-tactics-to-evade-detection/

Your Personal Information's Worth to Cybercriminals

Cybercriminals have multiple markets to sell or trade illicit goods and prices on underground forums are mostly influenced by supply and demand, just like in the legal economy. [...]

https://www.bleepingcomputer.com/news/security/your-personal-informations-worth-to-cybercriminals/

Adobe Fixes 45 Critical Vulnerabilities in Acrobat and Reader

Adobe has released security updates to resolve vulnerabilities that could allow attackers to gain unauthorized access, execute commands on vulnerable computers, or elevate their privileges. [...]

https://www.bleepingcomputer.com/news/security/adobe-fixes-45-critical-vulnerabilities-in-acrobat-and-reader/

Scammers Use Fake Checkra1n iOS Jailbreak in Click Fraud Campaign

Scammers have already been spotted baiting Apple users using a recently developed iOS jailbreak dubbed checkra1n as the lure in a campaign designed to help the crooks earn money via click-fraud and boost App Store rankings for several apps. [...]

https://www.bleepingcomputer.com/news/security/scammers-use-fake-checkra1n-ios-jailbreak-in-click-fraud-campaign/

Windows 10 1809 Update KB4520062 Fixes a Startup Black Screen Issue

Microsoft released this month's optional Windows 10 cumulative updates with KB4520062 being the most noteworthy as it fixes an issue leading to a black screen being displayed at startup during the first sign in after installing an update.  [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-1809-update-kb4520062-fixes-a-startup-black-screen-issue/

Symantec Fixes Bad IPS Definitions That Cause a Windows BSOD

Symantec fixed an issue causing Blue Screens Of Death (BSOD) for customers running the company's Endpoint Protection Client software on Windows versions ranging from Windows 7 to Windows 10 per reports. [...]

https://www.bleepingcomputer.com/news/security/symantec-fixes-bad-ips-definitions-that-cause-a-windows-bsod/

OnionShare Lets Anyone Host Anonymous Sites on the Dark Web

A new version of the OnionShare program now allows you to easily create basic anonymous dark web sites on Tor so that they cannot be censored. This is particularly useful for those who wish to publish information anonymously, but do not want to deal with the mechanics of setting up their own dark web server. [...]

https://www.bleepingcomputer.com/news/software/onionshare-lets-anyone-host-anonymous-sites-on-the-dark-web/

Facebook Encourages Bug Hunting in Third-Party Services

Facebook updated the terms of its bug bounty program for third-party services integrating with the platform to increase the rewards received by researchers. [...]

https://www.bleepingcomputer.com/news/security/facebook-encourages-bug-hunting-in-third-party-services/

Domain Typosquatters Target the 2020 Presidential Election

With a large playing field of candidates for the upcoming 2020 United States presidential election, political campaigns and scammers are capitalizing on searchers mistypeing a candidate's name in order to bring them to sites they weren't expecting. [...]

https://www.bleepingcomputer.com/news/security/domain-typosquatters-target-the-2020-presidential-election/

New SDBot Remote Access Trojan Used in TA505 Malspam Campaigns

Researchers discovered two new malware strains distributed via phishing campaigns carried out by the TA505 hacking group during the last two months, a new downloader dubbed Get2 and an undocumented remote access Trojan (RAT) named SDBbot. [...]

https://www.bleepingcomputer.com/news/security/new-sdbot-remote-access-trojan-used-in-ta505-malspam-campaigns/

Malware Uses Your PC to Send 30K Sextortion Emails Per Hour

Sextortion emails stating that your computer was hacked and video was created of you on porn sites have become so common that they are treated simply as another spam. That does not mean, though, that they are not profitable as a new report shows attackers are generating revenue by utilizing infected PCs to do their dirty work. [...]

https://www.bleepingcomputer.com/news/security/malware-uses-your-pc-to-send-30k-sextortion-emails-per-hour/

Unsecured Docker Hosts Attacked by New Graboid Cryptojacking Worm

A new cryptojacking campaign was discovered using Docker images to deliver a worm that follows a seemingly erratic plan where the miner is active for about four minutes at a time on an infected host. [...]

https://www.bleepingcomputer.com/news/security/unsecured-docker-hosts-attacked-by-new-graboid-cryptojacking-worm/

Security Health Analytics Helps Secure Google Cloud, Hits Beta

Google announced today the beta release of Security Health Analytics, a product designed to help Google Cloud Platform (GCP) admins take action after identifying security misconfigurations or compliance violations. [...]

https://www.bleepingcomputer.com/news/google/security-health-analytics-helps-secure-google-cloud-hits-beta/

Attackers Hide Backdoors and Cryptominers in WAV Audio Files

Attackers behind a new malicious campaign are using WAV audio files to hide and drop backdoors and Monero cryptominers on their targets' systems as BlackBerry Cylance threat researchers discovered. [...]

https://www.bleepingcomputer.com/news/security/attackers-hide-backdoors-and-cryptominers-in-wav-audio-files/

Google News Is Experiencing Indexing Issues With New Content

Google News is broken for users as several websites including BleepingComputer, CNN and others are not showing up in Google News search results with date filters. [...]

https://www.bleepingcomputer.com/news/google/google-news-is-experiencing-indexing-issues-with-new-content/

Windows 10 1909 Is Almost Ready, What Developers Need to Know

The Windows Developer Team detailed in a blog post published today the new additions developers should be aware of with the imminent release of Windows 10, version 1909 (19H2), now known as November 2019 Update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-1909-is-almost-ready-what-developers-need-to-know/