Magento Urges Users to Apply Security Update for RCE Bug

Magento's security team urged users to install the latest released security update to protect their stores from exploitation attempts trying to abuse a recently reported remote code execution (RCE) vulnerability. [...]

https://www.bleepingcomputer.com/news/security/magento-urges-users-to-apply-security-update-for-rce-bug/

New Update Lets Windows Users Test Extended Security Updates

Microsoft has a released an optional Windows 7 and Windows Server 2008 R2 SP1 update that let's customers who have signed up for extended security update test if their devices are ready. [...]

https://www.bleepingcomputer.com/news/microsoft/new-update-lets-windows-users-test-extended-security-updates/

YouTube BitCoin Videos Pushing Predator Info-Stealing Trojan

A new scam is underway on YouTube that uses videos to promote a tool that can allegedly generate the private key for a bitcoin address. The attackers then claim this key would then allow you to gain access to the bitcoins stored in the bitcoin address, when in reality the victims will be infected with a password stealing Trojan. [...]

https://www.bleepingcomputer.com/news/security/youtube-bitcoin-videos-pushing-predator-info-stealing-trojan/

McAfee Patches Privilege Escalation Flaw in Antivirus Software

McAfee patched a security vulnerability discovered in all editions of its Antivirus software for Windows and enabling potential attackers to escalate privileges and execute code using SYSTEM privileges. [...]

https://www.bleepingcomputer.com/news/security/mcafee-patches-privilege-escalation-flaw-in-antivirus-software/

Adobe Patches Critical Remote Code Execution Bugs in Illustrator

Adobe released security updates to address security issues that could allow attackers to execute malicious code remotely, elevate privileges, and gain unauthorized access to information on systems running unpatched Illustrator, Animate CC, Bridge CC, and Media Encoder versions. [...]

https://www.bleepingcomputer.com/news/security/adobe-patches-critical-remote-code-execution-bugs-in-illustrator/

Mexico's Pemex Oil Suffers Ransomware Attack, $4.9 Million Demanded

Mexico's state-owned oil company, Pemex, has suffered a DoppelPaymer ransomware attack that demanded $4.9 million USD in order to decrypt their files.  [...]

https://www.bleepingcomputer.com/news/security/mexicos-pemex-oil-suffers-ransomware-attack-49-million-demanded/

Telegram MTProxy Servers Used to DDoS Iranian Cloud Provider

A cloud infrastructure provider in Iran found itself at the receiving end of a distributed denial-of-service (DDoS) attack through MTProxy servers that Telegram users in the country rely on to avoid government-enforced internet restrictions. [...]

https://www.bleepingcomputer.com/news/security/telegram-mtproxy-servers-used-to-ddos-iranian-cloud-provider/

Windows 10 November 2019 Update Is Now Available

Microsoft has officially released the November 2019 Update for Windows 10 and is in the process of rolling out to users. This update will upgrade the operating system to Windows 10 1909 and is an optional feature update that will not be installed automatically for users running newer versions of Windows. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-november-2019-update-is-now-available/

Microsoft's November 2019 Patch Tuesday Fixes IE Zero-day, 74 Flaws

Today is Microsoft's November 2019 Patch Tuesday, which translates into Windows admins scrambling to patch all the systems under their care. They're having a really busy day, so don't take it personal if they seem a little grumpy! [...]

https://www.bleepingcomputer.com/news/microsoft/microsofts-november-2019-patch-tuesday-fixes-ie-zero-day-74-flaws/

Windows 10 Cumulative Update KB4524570 & KB4523205 Released

It's Patch Tuesday and Microsoft is rolling out a new cumulative update for all supported version of Windows. The cumulative update with security fixes is rolling out to PCs with November 2019 Update, May 2019 Update and October 2018 Update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-update-kb4524570-and-kb4523205-released/

Microsoft Fixes Windows 10 Update and Intel Driver Battery Drain

Microsoft finally fixed two known issues acknowledged over five months ago, causing higher than normal battery drain and update installation failure issues on Windows 10 devices. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-update-and-intel-driver-battery-drain/

Windows 10 Insider Build 19023 Released With Optional Updates Test

Microsoft has released Windows 10 Insider Preview Build 19023 (20H1) to Insiders in the Fast ring, which will test a new "optional" update experience for Windows drivers. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-19023-released-with-optional-updates-test/

Latest Intel CPUs Affected by New TSX Speculative Attack

A new speculative vulnerability called ZombieLoad 2, or TSX Asynchronous Abort, has been disclosed today that targets the Transactional Synchronization Extensions (TSX) feature in Intel processors. [...]

https://www.bleepingcomputer.com/news/security/latest-intel-cpus-affected-by-new-tsx-speculative-attack/

PureLocker Ransomware Can Lock Files on Windows, Linux, and macOS

Cybercriminals have developed ransomware that can be ported to all major operating systems and is currently used in targeted attacks against production servers. [...]

https://www.bleepingcomputer.com/news/security/purelocker-ransomware-can-lock-files-on-windows-linux-and-macos/

Microsoft Releases the November 2019 Security Updates for Office

Microsoft released the November 2019 Office security updates, bundling a total of 17 security updates and five cumulative updates for seven different products, 15 of them patching flaw allowing unauthorized access to information. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-the-november-2019-security-updates-for-office/

TPM-FAIL Security Flaws Impact Modern Devices With Intel CPUs

Researchers discovered two new vulnerabilities known as TPM-FAIL in Intel firmware-based TPM (fTPM) and STMicroelectronics' TPM chips that could be used by hackers to steal their targets' cryptographic keys. [...]

https://www.bleepingcomputer.com/news/security/tpm-fail-security-flaws-impact-modern-devices-with-intel-cpus/

Microsoft Fixes Windows 10 1809 Issue That Broke Defender ATP

Microsoft resolved a known issue causing Microsoft Defender Advanced Threat Protection (ATP) to stop running and fail to send reporting data on some Windows devices after installing the KB4520062 optional non-security update. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-1809-issue-that-broke-defender-atp/

Microsoft Auto-Updating Windows 10 1803 Devices to May 2019 Update

Windows 10, version 1803, also known as the April 2018 Update, has now reached end of service for Home, Pro, Pro Education, and Pro for Workstations editions, and will no longer receive any future quality and security updates. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-auto-updating-windows-10-1803-devices-to-may-2019-update/

Strange AnteFrigus Ransomware Only Targets Specific Drives

A new and strange ransomware called AnteFrigus is now being distributed through malvertising that redirects users to the the RIG exploit kit. Unlike other ransomware, AnteFrigus does not target the C: drive, but only other drives commonly associated with removable devices and mapped network drives. [...]

https://www.bleepingcomputer.com/news/security/strange-antefrigus-ransomware-only-targets-specific-drives/

Microsoft Issues Guidance for Intel CPU Driver Security Flaws

Microsoft issued guidance to help users protect their systems against denial of service (DoS) and information disclosure security flaws affecting Intel CPUs, disclosed during this week's Patch Tuesday. [...]

https://www.bleepingcomputer.com/news/security/microsoft-issues-guidance-for-intel-cpu-driver-security-flaws/