Google has begun testing their upcoming extension manifest V3 in the the latest Chrome Canary build, and with this initial 'alpha' release, developers can begin testing their extensions under the upcoming specification. | Continue reading
A little over 21 million login credentials stolen from Fortune 500 companies have been found in various places on the dark web, many of them already cracked and available in plaintext form. | Continue reading
French fashion online store Sixth June is offering shoppers more than the latest in men and women streetwear apparel as the site was infected some time ago with code that steals payment card info at checkout. | Continue reading
A new ransomware has been discovered called FuxSocy that borrows much of its behavior from the notorious and now-defunct Cerber Ransomware. | Continue reading
An ongoing phishing campaign is targeting the United Nations and several humanitarian aid organizations including UNICEF and UN World Food using landing pages impersonating legitimate Microsoft Office 365 login pages. | Continue reading
A new malware is targeting Discord users by modifying the Windows Discord client so that it is transformed into a backdoor and an information-stealing Trojan. | Continue reading
Hackers accessed the internal network of Czech cybersecurity company Avast, likely aiming for a supply chain attack targeting CCleaner. Detected on September 25, intrusion attempts started since May 14. | Continue reading
The next Firefox major release will update the security indicators in the address bar and add a privacy icon to signal privacy threats on loaded pages. | Continue reading
Cyber-espionage operations from Cozy Bear, a threat actor believed to work for the Russian government, continued undetected for the past years by using malware families previously unknown to security researchers. | Continue reading
Attackers have created an elaborate scheme to distribute a cryptocurrency trading program that installs a backdoor on a victim's Mac or Windows PC. | Continue reading
After a Sodinokibi ransomware affiliate posted partial transaction IDs for ransomware payments, researchers were able to use that information to follow the money trail for affiliates and in some cases, how they spend their illicit earnings. | Continue reading
During the past year, Let's Encrypt has issued a total of 15,270 SSL certificates that contained the word "PayPal" in the domain name or the certificate identity. Of these, approximately 14,766 (96.7%) were issued for domains that hosted phishing sites. | Continue reading
Network traffic in companies is generated by bots almost as much as by humans, shows a recent study. As bots become more sophisticated, they bypass the security challenges in place. | Continue reading
Oracle has sent out letters to partners in Venezuela stating that they will no longer be able to work with them in order to comply with President Trump's Executive Order 13884. | Continue reading
Someone is offering to auction on underground forums a database containing personal information of 92 million Brazilian citizens. They claim that every record is real and unique. | Continue reading
Two security vulnerabilities in Microsoft's NTLM authentication protocol allow attackers to bypass the MIC (Message Integrity Code) protection and downgrade NTLM security features leading to full domain compromise of a network. | Continue reading
A victim of the Muhstik Ransomware has hacked back against his attackers and released close to 3,000 decryption keys for victims along with a free decryptor to get their files back. | Continue reading
The operators behind the RobbinHood ransomware have changed their language in the ransom note, at least in one variant of the malware, to take from victims all hope of decrypting the files for free and to make them pay for the recovery. | Continue reading
Customer service software company Zendesk is sending users notifications regarding a security incident that might have impacted roughly 10,000 Zendesk Support and Chat accounts activated prior to November 1, 2016. | Continue reading
Victims of the Ouroboros Ransomware, otherwise known as Zeropadypt NextGen, can get their files decrypted for free with the help of a security researcher and a decryptor that has been made for different variants. | Continue reading
Microsoft has decided to roll back their decision to add CCleaner to a blacklist that would prevent the software's official site, www.ccleaner.com, from be posted in the Microsoft Community Forums. | Continue reading
A fake web site pretending to be an organization that offers job opportunities for U.S. veterans is distributing malware that let's the attackers gain full control over a victim's computer. | Continue reading
Microsoft ending support for Windows 7 and Server 2008 early next year will also stop delivery of security patches through the normal channel. But users have an alternative to get security fixes on a regular basis in the form of micropatches. | Continue reading
Google has released Chrome 77 to the Stable desktop channel, with new features and 36 security fixes, with 1 being marked as Critical and 8 as High severity. | Continue reading
Tens of millions of records from customers of two airline companies owned by Lion Air have been circulating on data exchange forums for at least a month. The info was stored in an Amazon bucket that was open on the web. | Continue reading
Google has announced that they would soon be performing a trial of utilizing DNS-over-HTTPS (DoH) in the Google Chrome browser. This experiment will be conducted in Chrome 78 and will attempt to upgrade a user's DNS server to a corresponding DoH server, and if available, use that … | Continue reading
Attackers can use genuine binaries from Microsoft Teams to execute a malicious payload using a mock installation folder for the collaboration software. | Continue reading
OpenPGP installations can grind to a halt and fail to verify the authenticity of downloaded packages as the keyserver network has been flooded with bogus extra signatures attesting ownership of a certificate. | Continue reading
FBI's Internet Crime Complaint Center (IC3) says that Business Email Compromise scams are continuing to grow every year, with a 100% increase in the identified global exposed losses between May 2018 and July 2019. | Continue reading
A recent power outage outage at an Amazon AWS data facility and the resulting data loss for some customers shows that storing data in the cloud does not mean you do not also need a backup. | Continue reading
The Exim mail transfer agent (MTA) software is impacted by a critical severity vulnerability present in versions 4.80 up to and including 4.92.1. | Continue reading
The forums of the XKCD webcomic created by Randall Munroe in 2005 are currently offline after being impacted by a data breach which exposed the information of 561,991 users on July 1. | Continue reading
The Windows 10 20H1 Update will introduce a new cloud recovery feature that allow users to reset their PC using Windows files downloaded from Microsoft's servers. | Continue reading
HackerOne says that five more hackers have become millionaires after reporting security vulnerabilities through the vulnerability coordination and bug bounty platform. | Continue reading
Researchers found a Trojan Dropper malicious module hidden within the Android app CamScanner downloaded over 100 million times by Google Play Store users. | Continue reading
In order to reduce the "clutter" in the Chrome tabs context menus, Google has decided to remove the "Close other tabs" option as well as other features because they are not commonly used. | Continue reading
Microsoft is working on also adding automatic phishing to enterprise in-org forms after previously rolling out Microsoft Forms proactive phishing prevention for public forms in July. | Continue reading
Multiple implementations of the HTTP/2 protocol are vulnerable to attacks that could consume sufficient resources to cause a denial-of-service (DoS) condition on unpatched servers. | Continue reading
Two high severity security flaws impacting the Kubernetes open-source system for handling containerized apps can allow an unauthorized attacker to trigger a denial of services state remotely, without user interaction. | Continue reading
Mozilla patched a vulnerability in the Firefox web browser with the launch of the 68.0.2 release which would allow unauthorized users to copy passwords from the browser's built-in Save Logins database even when protected with a master password. | Continue reading
A new Bluetooth vulnerability named "KNOB" has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices. | Continue reading
Microsoft released patches for two new critical remote code execution (RCE) vulnerabilities found in the Remote Desktop Services (RDS) and affecting all in-support versions of Windows. | Continue reading
Valve has pushed out a fix for a zero-day Steam Client local privilege escalation (LPE) vulnerability, but researchers say there are still other LPE vulnerabilities that are being ignored. | Continue reading
In the Chrome 78 Canary build, Google is testing a new feature that will give any site a dark mode whether or not they actually support one. | Continue reading
With the release of Chrome 76, Google fixed a loophole that allowed web sites to detect if a visitor was using Incognito mode. Unfortunately, their fix led to two other methods that can still be used to detect when a visitor is browsing privately. | Continue reading
Vulnerabilities in the image transfer protocol used in digital cameras enabled a security researcher to infect with ransomware a Canon EOS 80D DSLR over a Wifi connection. | Continue reading
A vulnerability in Microsoft's Remote Desktop Protocol (RDP) can also be used to escape virtual machines running on Hyper-V, the virtualization technology in Azure and Windows 10. | Continue reading