TPM-FAIL Security Flaws Impact Modern Devices With Intel CPUs

Researchers discovered two new vulnerabilities known as TPM-FAIL in Intel firmware-based TPM (fTPM) and STMicroelectronics' TPM chips that could be used by hackers to steal their targets' cryptographic keys. [...]

https://www.bleepingcomputer.com/news/security/tpm-fail-security-flaws-impact-modern-devices-with-intel-cpus/

Microsoft Fixes Windows 10 1809 Issue That Broke Defender ATP

Microsoft resolved a known issue causing Microsoft Defender Advanced Threat Protection (ATP) to stop running and fail to send reporting data on some Windows devices after installing the KB4520062 optional non-security update. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-1809-issue-that-broke-defender-atp/

Microsoft Auto-Updating Windows 10 1803 Devices to May 2019 Update

Windows 10, version 1803, also known as the April 2018 Update, has now reached end of service for Home, Pro, Pro Education, and Pro for Workstations editions, and will no longer receive any future quality and security updates. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-auto-updating-windows-10-1803-devices-to-may-2019-update/

Strange AnteFrigus Ransomware Only Targets Specific Drives

A new and strange ransomware called AnteFrigus is now being distributed through malvertising that redirects users to the the RIG exploit kit. Unlike other ransomware, AnteFrigus does not target the C: drive, but only other drives commonly associated with removable devices and mapped network drives. [...]

https://www.bleepingcomputer.com/news/security/strange-antefrigus-ransomware-only-targets-specific-drives/

Microsoft Issues Guidance for Intel CPU Driver Security Flaws

Microsoft issued guidance to help users protect their systems against denial of service (DoS) and information disclosure security flaws affecting Intel CPUs, disclosed during this week's Patch Tuesday. [...]

https://www.bleepingcomputer.com/news/security/microsoft-issues-guidance-for-intel-cpu-driver-security-flaws/

Carding Bots Testing Payment Info Ahead of Big Shopping Events

As the main events of this year's holiday shopping season are closing in, cybercriminals are also getting ready for the plunder by validating their stolen card details with low-value purchases on retailer's websites. [...]

https://www.bleepingcomputer.com/news/security/carding-bots-testing-payment-info-ahead-of-big-shopping-events/

New Threat Actor Impersonates Govt Agencies to Deliver Malware

A new threat actor is using email to impersonate government agencies in the United States, Germany, and Italy to deliver ransomware, backdoors, and banking Trojans through malicious attachments. [...]

https://www.bleepingcomputer.com/news/security/new-threat-actor-impersonates-govt-agencies-to-deliver-malware/

Symantec Fixes Privilege Escalation Flaw in Endpoint Protection

Symantec fixed a local privilege escalation security flaw affecting all Symantec Endpoint Protection software versions prior to 14.2 RU2, and allowing attackers to escalate privileges on compromised devices and execute malicious code using SYSTEM privileges. [...]

https://www.bleepingcomputer.com/news/security/symantec-fixes-privilege-escalation-flaw-in-endpoint-protection/

Qualcomm Bug Exposes Critical Data on Samsung, LG Phones

Researchers stressing the code related to Qualcomm's implementation of the secure execution area on mobile devices found a new vulnerability that could allow access to critical data. [...]

https://www.bleepingcomputer.com/news/security/qualcomm-bug-exposes-critical-data-on-samsung-lg-phones/

Brave Urges Congress to Require Ad Blocking Browsers for Govt Employees

In a letter to the U.S. Congress, Brave urged Homeland Security Committee members to make it mandatory for all federal employees to use a browser that blocks advertising by default.  [...]

https://www.bleepingcomputer.com/news/software/brave-urges-congress-to-require-ad-blocking-browsers-for-govt-employees/

US Health Network, Supplier Expose PII, PHI Data in Breaches

Select Health Network and Solara Medical Supplies disclosed data incidents caused by breaches of their employees' email accounts that lead to exposure of both personally identifiable information (PII) and protected health information (PHI). [...]

https://www.bleepingcomputer.com/news/security/us-health-network-supplier-expose-pii-phi-data-in-breaches/

ProtonMail Thanks Paid Accounts by Giving 5GB Extra Storage

As thanks for helping grow the ProtonMail platform, the encrypted email platform is giving their existing paid subscribers 5GB of extra storage space for free. [...]

https://www.bleepingcomputer.com/news/software/protonmail-thanks-paid-accounts-by-giving-5gb-extra-storage/

Intel Patched 77 Vulnerabilities in November 2019 Platform Update

Intel addressed 77 vulnerabilities during the November 2019 Patch Tuesday, with more than two dozen of them being high severity and critical security flaws impacting Windows and Linux. [...]

https://www.bleepingcomputer.com/news/security/intel-patched-77-vulnerabilities-in-november-2019-platform-update/

Two Charged Over Crypto Theft via SIM Swapping, Death Threats

Two men from Massachusetts were arrested and charged by the Boston U.S. District Court with stealing high-value social media accounts and hundreds of thousands worth of cryptocurrency from at least ten victims by using SIM swapping, death threats, and hacking. [...]

https://www.bleepingcomputer.com/news/security/two-charged-over-crypto-theft-via-sim-swapping-death-threats/

Silly Phishing Scam Warns That Your Password Will be Changed

A silly phishing campaign is underway where the attackers state that your password will expire and be changed unless you login and confirm that you want to keep it the same. [...]

https://www.bleepingcomputer.com/news/security/silly-phishing-scam-warns-that-your-password-will-be-changed/

Google Fixes White Screen Problem in Chrome, Admins Furious

Google has rolled back an experimental WebContent Occlusion feature that caused major disruption for enterprise users using Chrome in a multi-user terminal server environment. While the issue is now fixed, enterprise admins are furious that this feature was enabled in the first place without their knowledge or permission. [...]

https://www.bleepingcomputer.com/news/software/google-fixes-white-screen-problem-in-chrome-admins-furious/

DDoS-for-Hire Services Owner Sentenced to 13 Months in Prison

Sergiy P. Usatyuk, the owner and admin of several DDoS-for-hire services also known as booters or stressers, was sentenced to 13 months in prison, to be followed by three years of supervised release.​​​​​​​ [...]

https://www.bleepingcomputer.com/news/security/ddos-for-hire-services-owner-sentenced-to-13-months-in-prison/

New NextCry Ransomware Encrypts Data on NextCloud Linux Servers

A new ransomware has been found in the wild that is currently undetected by antivirus engines on public scanning platforms. It's name is NextCry as it was discovered on a Linux machine running Nextcloud server. [...]

https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

US Govt Recommends Vendor System Configs To Block Malware Attacks

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) today reminded users and system administrators to properly configure their systems to defend against malware that can exploit improper configurations. [...]

https://www.bleepingcomputer.com/news/security/us-govt-recommends-vendor-system-configs-to-block-malware-attacks/

Windows 10 Build 19025 With Throttled Search Indexer Out for Insiders

Microsoft has released Windows 10 Insider Preview Build 19025 (20H1) to Insiders in the Fast ring, a release that comes with throttling for the Windows Search indexer to tackle excessive disk usage and activity. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-build-19025-with-throttled-search-indexer-out-for-insiders/