Google Adds $1.5 Million Top Reward to Android Bug Bounty Program

Google is expanding the Android bug bounty program with new data exfiltration and lockscreen bypass categories as well as a $1 million reward for critical vulnerabilities targeting the Titan M chip. [...]

https://www.bleepingcomputer.com/news/security/google-adds-15-million-top-reward-to-android-bug-bounty-program/

Microsoft Outlook for Android Gets Spoofing Vulnerability Fix

Microsoft has released an update for Microsoft Outlook for Android that fixes a spoofing vulnerability in the application that could allow an attacker to compromise the device. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-outlook-for-android-gets-spoofing-vulnerability-fix/

Card Skimmer Group Replaces Checkout Page to Steal Payment Info

A payment service platform's checkout page was recently cloned by the threat actors behind a web skimming campaign that harvested and stole credit card information from an online shop's customers. [...]

https://www.bleepingcomputer.com/news/security/card-skimmer-group-replaces-checkout-page-to-steal-payment-info/

Microsoft 365 Experiencing OneDrive and SharePoint Outages

Right on the heels of yesterday's four hour outage, Microsoft 365 is once again experiencing problems. This time it is for the SharePoint Online and OneDrive for Business services where content is not loading or sites are not accessible. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-365-experiencing-onedrive-and-sharepoint-outages/

Windows 10 1909 Drops Exploit Protection From Security Baseline

Microsoft released the final version of its security configuration baseline settings for Windows 10 Version 1909 and Windows Server Version 1909, and also announced the removal of Exploit Protection settings and explicit enforcement of 30-day account password expiration for domain-joined devices. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-1909-drops-exploit-protection-from-security-baseline/

T-Mobile Discloses Data Breach Impacting Prepaid Customers

T-Mobile said today in a data breach notification that the account information of an undisclosed number of customers using the company's prepaid services was accessed by an unauthorized third-party. [...]

https://www.bleepingcomputer.com/news/security/t-mobile-discloses-data-breach-impacting-prepaid-customers/

Edenred Payment Solutions Giant Announces Malware Incident

Payment solutions giant Edenred today revealed in a statement that a malware incident affected an undisclosed number of its computing systems leading to an investigation for establishing the extent of the infection. [...]

https://www.bleepingcomputer.com/news/security/edenred-payment-solutions-giant-announces-malware-incident/

Allied Universal Breached by Maze Ransomware, Stolen Data Leaked

After a deadline was missed for receiving a ransom payment, the group behind Maze Ransomware has published almost 700 MB worth of data and files stolen from security staffing firm Allied Universal. We are told this is only 10% of the total files stolen and the rest will be released if a payment is not made. [...]

https://www.bleepingcomputer.com/news/security/allied-universal-breached-by-maze-ransomware-stolen-data-leaked/

FBI Warns of Cyber Attacks Targeting US Automotive Industry

The U.S. Federal Bureau of Investigation (FBI) Cyber Division warned private industry partners of incoming cyber attacks against the US automotive industry targeting sensitive corporate and enterprise data. [...]

https://www.bleepingcomputer.com/news/security/fbi-warns-of-cyber-attacks-targeting-us-automotive-industry/

Clop Ransomware Tries to Disable Windows Defender, Malwarebytes

In order to successfully encrypt a victim's data, the Clop CryptoMix Ransomware is now attempting to disable Windows Defender as well as remove the Microsoft Security Essentials and Malwarebytes' standalone Anti-Ransomware programs. [...]

https://www.bleepingcomputer.com/news/security/clop-ransomware-tries-to-disable-windows-defender-malwarebytes/

Dozens of VNC Vulnerabilities Found in Linux, Windows Solutions

Researchers found a total of 37 security vulnerabilities impacting four open-source Virtual Network Computing (VNC) implementations and present for the last 20 years, since 1999. [...]

https://www.bleepingcomputer.com/news/security/dozens-of-vnc-vulnerabilities-found-in-linux-windows-solutions/

OnePlus Exposed Customer Order Information in Data Breach

Chinese smartphone maker OnePlus announced a data breach leading to some of its customers' order information including names, contact numbers, emails, and shipping addresses being accessed by a third-party without authorization. [...]

https://www.bleepingcomputer.com/news/security/oneplus-exposed-customer-order-information-in-data-breach/

The Week in Ransomware - November 22nd 2019 - Leaky Files

This week the biggest news was Maze Ransomware escalating the ransomware threat releasing a victim's stolen data because they did not pay the ransom. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-22nd-2019-leaky-files/

TrickBot Trojan Getting Ready to Steal OpenSSH and OpenVPN Keys

The Trickbot banking trojan keeps evolving according to researchers who spotted this week an updated password grabber module that could be used to steal OpenSSH private keys and OpenVPN passwords and configuration files. [...]

https://www.bleepingcomputer.com/news/security/trickbot-trojan-getting-ready-to-steal-openssh-and-openvpn-keys/

Catch Restaurants Disclose Credit Card Stealing Malware Incident

Catch Hospitality Group has disclosed that point-of-sale systems (POS) at NYC hotspots Catch NYC, Catch Rooftop, and Catch Steak were infected with malware that allowed attackers to steal credit card information from customers. [...]

https://www.bleepingcomputer.com/news/security/catch-restaurants-disclose-credit-card-stealing-malware-incident/

Windows 10 Upgrades Blocked if Using Old Versions of AVG, Avast

If you are using older versions of Avast or AVG Antivirus, Microsoft has placed a compatibility hold that will prevent you from upgrading to Windows 10 1903 or Windows 10 1909 until you upgrade to a newer version of the antivirus software. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-upgrades-blocked-if-using-old-versions-of-avg-avast/

Silly Phishing Spotlight: Login to Unblock Microsoft Excel

As part of our ongoing series to educate users about some of the more silly phishing scams out there, we bring a new one that states Excel is blocked unless you login and verify your details. [...]

https://www.bleepingcomputer.com/news/security/silly-phishing-spotlight-login-to-unblock-microsoft-excel/

Livingston School District in New Jersey Hit With Ransomware

Students at the Livingston public school district in New Jersey are undoubtedly happy for a two hour delayed opening tomorrow. Unfortunately, this delay is not being caused by snow, but rather by a ransomware attack that the district is still recovering from. [...]

https://www.bleepingcomputer.com/news/security/livingston-school-district-in-new-jersey-hit-with-ransomware/

Microsoft Fixes Windows 10 Qualcomm Wi-Fi Driver Update Block

Microsoft has removed a compatibility hold that prevents users from upgrading to Windows 10 1903 and Windows 1909 if they are using older Qualcomm Wi-Fi drivers. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-qualcomm-wi-fi-driver-update-block/

Ginp Android Banker Sets as Default SMS App, Steals All Text

A new strain of mobile banking trojan called Ginp has been constantly refined to collect login credentials and credit card details. [...]

https://www.bleepingcomputer.com/news/security/ginp-android-banker-sets-as-default-sms-app-steals-all-text/