Facebook Discloses Privacy Breach Caused by Groups API Bug

Facebook said that private group member information such as names and profile pictures might have been accessed by approximately 100 developers of primarily video streaming and social media management apps. [...]

https://www.bleepingcomputer.com/news/security/facebook-discloses-privacy-breach-caused-by-groups-api-bug/

Google Allies With Security Companies to Boost Play Store Safety

Google announced that it will join efforts with ESET, Lookout, and Zimperium to improve malicious Android app detection on submission before they get published on the Play Store are available for download. [...]

https://www.bleepingcomputer.com/news/security/google-allies-with-security-companies-to-boost-play-store-safety/

NVIDIA Fixes Security Flaws in GPU Driver, GeForce Experience

NVIDIA released security updates to fix 12 high and medium severity vulnerabilities in the Windows GPU display driver and the NVIDIA GeForce Experience (GFE) software. [...]

https://www.bleepingcomputer.com/news/security/nvidia-fixes-security-flaws-in-gpu-driver-geforce-experience/

Specially Crafted ZIP Files Used to Bypass Secure Email Gateways

Attackers are always looking for new tricks to distribute malware without them being detected by antivirus scanners and secure email gateways. This was illustrated in a new phishing campaign that utilized a specially crafted ZIP file that was designed to bypass secure email gateways to distribute the NanoCore RAT. [...]

https://www.bleepingcomputer.com/news/security/specially-crafted-zip-files-used-to-bypass-secure-email-gateways/

Legitimate TDS Platform Abused to Push Malware via Exploit Kits

Threat actors abused the legitimate Keitaro Traffic Direction System (TDS) to drive traffic to malware pushing RIG and Fallout exploit kits as part of both malvertising and malspam campaigns. [...]

https://www.bleepingcomputer.com/news/security/legitimate-tds-platform-abused-to-push-malware-via-exploit-kits/

Microsoft to Remove Downloads Folder from Disk Cleanup

Microsoft has decided to roll back its decision to add the Downloads folder to the Windows 10 Disk Cleanup program after receiving negative feedback from users. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-to-remove-downloads-folder-from-disk-cleanup/

QNAP Warns Users to Secure Devices Against QSnatch Malware

Network-attached storage (NAS) maker QNAP urges customers to secure their NAS devices against an ongoing malicious campaign that infects them with QSnatch malware capable of stealing user credentials. [...]

https://www.bleepingcomputer.com/news/security/qnap-warns-users-to-secure-devices-against-qsnatch-malware/

Australian Govt Warns of Active Emotet and BlueKeep Threats

The Australian Signals Directorate's Australian Cyber Security Centre (ACSC) together with state and territory partners warns businesses and people of Emotet and BlueKeep threats being active in the wild. [...]

https://www.bleepingcomputer.com/news/security/australian-govt-warns-of-active-emotet-and-bluekeep-threats/

Microsoft Warns of More Harmful Windows BlueKeep Attacks, Patch Now

The Microsoft Defender ATP Research Team says that the BlueKeep attacks detected on November 2 are connected with a coin mining campaign from September that used the same command-and-control (C2) infrastructure. [...]

https://www.bleepingcomputer.com/news/security/microsoft-warns-of-more-harmful-windows-bluekeep-attacks-patch-now/

BugCrowd Paid Over $500K in Bug Bounties in One Week

Crowdsourced security company Bugcrowd announced today that it paid over $500K to whitehat hackers in a single week for the first time since launching its bug bounty platform. [...]

https://www.bleepingcomputer.com/news/security/bugcrowd-paid-over-500k-in-bug-bounties-in-one-week/

Clever WebEx Spam Use Cisco Redirect to Deliver RAT Malware

A clever spam campaign is underway that pretends to be a WebEx meeting invite and uses a Cisco open redirect that pushes a Remote Access Trojan to the recipient.  Using open redirects add legitimacy to spam URLs and increases the chances that victims will click on an URL. [...]

https://www.bleepingcomputer.com/news/security/clever-webex-spam-use-cisco-redirect-to-deliver-rat-malware/

New Stealthy Backdoor Used by Platinum APT in Recent Attacks

The advanced persistent threat (APT) group tracked by Microsoft as Platinum is using a new stealthy backdoor malware dubbed Titanium to infiltrate and take control of their targets' systems. [...]

https://www.bleepingcomputer.com/news/security/new-stealthy-backdoor-used-by-platinum-apt-in-recent-attacks/

QuikSilver and Billabong Affected by Ransomware Attack

Action sports giant Boardriders was hit by a ransomware attack that affected some of its subsidiaries, including QuikSilver and Billabong, and forced the company to shut down computing systems all over the world. [...]

https://www.bleepingcomputer.com/news/security/quiksilver-and-billabong-affected-by-ransomware-attack/

The Week in Ransomware - November 8th 2019 - Now Targeting Passwords

It has been an busy week in terms of ransomware between a new variant of MegaCortex that performs something a bit different and MSP attacks against Everis in Spain. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-8th-2019-now-targeting-passwords/

US Govt Asks Users to Be Wary of Holiday Scams and Malware

US consumers are encouraged by the Department of Homeland Security (DHS) to be wary of malicious campaigns and scams that usually start targeting during each year's holiday season. [...]

https://www.bleepingcomputer.com/news/security/us-govt-asks-users-to-be-wary-of-holiday-scams-and-malware/

Malware Meets Politics With Trump and Clinton Themed Infections

Just as people express their political views through art, malware developers express their political ideologies, hopes, and frustrations through the computer infections they create. [...]

https://www.bleepingcomputer.com/news/security/malware-meets-politics-with-trump-and-clinton-themed-infections/

Windows 10 Insider Program: What You Need to Get Started

The Microsoft Windows Insider Program allows interested Windows fans, enthusiasts, professionals, developers and even Enterprise users to test the upcoming features and updates of Windows 10 before they are released. Here is what you need to know to get started. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-program-what-you-need-to-get-started/

checkra1n iOS Jailbreak Gets Public Beta Update With Fixes

A public early beta preview of the semi-tethered checkra1n iOS jailbreak based on the iOS Checkm8 exploit developed by security researcher Axi0mX in September was released over the weekend. [...]

https://www.bleepingcomputer.com/news/apple/checkra1n-ios-jailbreak-gets-public-beta-update-with-fixes/

Sodinokibi Ransomware Targeting Asia via the RIG Exploit Kit

A new malvertising campaign being used on low quality web games and blogs is redirecting Asian victims to the RIG exploit kit, which is then quietly installing the Sodinokibi Ransomware. [...]

https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-targeting-asia-via-the-rig-exploit-kit/

Windows 10 Bug Causes USB Drives to Show the Wrong Icon

A new bug in Windows 10 1903 is causing USB drives to use the wrong icon in File Explorer even though the drives are clearly being detected properly. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-bug-causes-usb-drives-to-show-the-wrong-icon/