Australian Govt Warns of Active Emotet and BlueKeep Threats

The Australian Signals Directorate's Australian Cyber Security Centre (ACSC) together with state and territory partners warns businesses and people of Emotet and BlueKeep threats being active in the wild. [...]

https://www.bleepingcomputer.com/news/security/australian-govt-warns-of-active-emotet-and-bluekeep-threats/

Microsoft Warns of More Harmful Windows BlueKeep Attacks, Patch Now

The Microsoft Defender ATP Research Team says that the BlueKeep attacks detected on November 2 are connected with a coin mining campaign from September that used the same command-and-control (C2) infrastructure. [...]

https://www.bleepingcomputer.com/news/security/microsoft-warns-of-more-harmful-windows-bluekeep-attacks-patch-now/

BugCrowd Paid Over $500K in Bug Bounties in One Week

Crowdsourced security company Bugcrowd announced today that it paid over $500K to whitehat hackers in a single week for the first time since launching its bug bounty platform. [...]

https://www.bleepingcomputer.com/news/security/bugcrowd-paid-over-500k-in-bug-bounties-in-one-week/

Clever WebEx Spam Use Cisco Redirect to Deliver RAT Malware

A clever spam campaign is underway that pretends to be a WebEx meeting invite and uses a Cisco open redirect that pushes a Remote Access Trojan to the recipient.  Using open redirects add legitimacy to spam URLs and increases the chances that victims will click on an URL. [...]

https://www.bleepingcomputer.com/news/security/clever-webex-spam-use-cisco-redirect-to-deliver-rat-malware/

New Stealthy Backdoor Used by Platinum APT in Recent Attacks

The advanced persistent threat (APT) group tracked by Microsoft as Platinum is using a new stealthy backdoor malware dubbed Titanium to infiltrate and take control of their targets' systems. [...]

https://www.bleepingcomputer.com/news/security/new-stealthy-backdoor-used-by-platinum-apt-in-recent-attacks/

QuikSilver and Billabong Affected by Ransomware Attack

Action sports giant Boardriders was hit by a ransomware attack that affected some of its subsidiaries, including QuikSilver and Billabong, and forced the company to shut down computing systems all over the world. [...]

https://www.bleepingcomputer.com/news/security/quiksilver-and-billabong-affected-by-ransomware-attack/

The Week in Ransomware - November 8th 2019 - Now Targeting Passwords

It has been an busy week in terms of ransomware between a new variant of MegaCortex that performs something a bit different and MSP attacks against Everis in Spain. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-8th-2019-now-targeting-passwords/

US Govt Asks Users to Be Wary of Holiday Scams and Malware

US consumers are encouraged by the Department of Homeland Security (DHS) to be wary of malicious campaigns and scams that usually start targeting during each year's holiday season. [...]

https://www.bleepingcomputer.com/news/security/us-govt-asks-users-to-be-wary-of-holiday-scams-and-malware/

Malware Meets Politics With Trump and Clinton Themed Infections

Just as people express their political views through art, malware developers express their political ideologies, hopes, and frustrations through the computer infections they create. [...]

https://www.bleepingcomputer.com/news/security/malware-meets-politics-with-trump-and-clinton-themed-infections/

Windows 10 Insider Program: What You Need to Get Started

The Microsoft Windows Insider Program allows interested Windows fans, enthusiasts, professionals, developers and even Enterprise users to test the upcoming features and updates of Windows 10 before they are released. Here is what you need to know to get started. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-program-what-you-need-to-get-started/

checkra1n iOS Jailbreak Gets Public Beta Update With Fixes

A public early beta preview of the semi-tethered checkra1n iOS jailbreak based on the iOS Checkm8 exploit developed by security researcher Axi0mX in September was released over the weekend. [...]

https://www.bleepingcomputer.com/news/apple/checkra1n-ios-jailbreak-gets-public-beta-update-with-fixes/

Sodinokibi Ransomware Targeting Asia via the RIG Exploit Kit

A new malvertising campaign being used on low quality web games and blogs is redirecting Asian victims to the RIG exploit kit, which is then quietly installing the Sodinokibi Ransomware. [...]

https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-targeting-asia-via-the-rig-exploit-kit/

Windows 10 Bug Causes USB Drives to Show the Wrong Icon

A new bug in Windows 10 1903 is causing USB drives to use the wrong icon in File Explorer even though the drives are clearly being detected properly. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-bug-causes-usb-drives-to-show-the-wrong-icon/

TrickBot Malware Uses Fake Sexual Harassment Complaints as Bait

Fake sexual harassment complaints appearing to come from the U.S. Equal Employment Opportunity Commission are the latest baits used by attackers to disseminate TrickBot banking Trojan payloads onto computers of unsuspecting employees of large companies. [...]

https://www.bleepingcomputer.com/news/security/trickbot-malware-uses-fake-sexual-harassment-complaints-as-bait/

Microsoft Fixes Windows 10 Missing Deferred Update Settings Bug

Microsoft has finally fixed a bug that caused the Windows 10 1903 settings to disappear that allowed you to defer Windows updates to a later date. This was quietly fixed in the optional KB4522355 cumulative update and will hopefully make it into tomorrow's Patch Tuesday updates. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-missing-deferred-update-settings-bug/

Free Cybersecurity Training Now Available for U.S. Veterans

A new and free cybersecurity training and certification program called Second Watch has been launched today by Palo Alto Networks to help U.S. veterans find new careers in cybersecurity after their military service is over. [...]

https://www.bleepingcomputer.com/news/security/free-cybersecurity-training-now-available-for-us-veterans/

No, YouTube Won't Cancel Accounts That Don't Generate Revenue

A new update to the YouTube Terms of Service has users concerned that Google will cancel their account if they are deemed to be not "commercially viable". Google says this is not true and that this section of the agreement only applies towards Google services and not user accounts. [...]

https://www.bleepingcomputer.com/news/google/no-youtube-wont-cancel-accounts-that-dont-generate-revenue/

Magento Urges Users to Apply Security Update for RCE Bug

Magento's security team urged users to install the latest released security update to protect their stores from exploitation attempts trying to abuse a recently reported remote code execution (RCE) vulnerability. [...]

https://www.bleepingcomputer.com/news/security/magento-urges-users-to-apply-security-update-for-rce-bug/

New Update Lets Windows Users Test Extended Security Updates

Microsoft has a released an optional Windows 7 and Windows Server 2008 R2 SP1 update that let's customers who have signed up for extended security update test if their devices are ready. [...]

https://www.bleepingcomputer.com/news/microsoft/new-update-lets-windows-users-test-extended-security-updates/

YouTube BitCoin Videos Pushing Predator Info-Stealing Trojan

A new scam is underway on YouTube that uses videos to promote a tool that can allegedly generate the private key for a bitcoin address. The attackers then claim this key would then allow you to gain access to the bitcoins stored in the bitcoin address, when in reality the victims will be infected with a password stealing Trojan. [...]

https://www.bleepingcomputer.com/news/security/youtube-bitcoin-videos-pushing-predator-info-stealing-trojan/