Business Email Compromise Is a $26 Billion Scam Says the FBI
www.bleepingcomputer.com/news/security/business-email-compromise-is-a-26-billion-scam-says-the-fbi/ FBI’s Internet Crime Complaint Center (IC3) says that Business Email Compromise (BEC) scams are continuing to grow every year, with a 100% increase in the identified global exposed losses between May 2018 and July 2019.
281 Arrested in Worldwide Business Email Compromise Crackdown
www.bleepingcomputer.com/news/security/281-arrested-in-worldwide-business-email-compromise-crackdown/ 281 people were arrested over a four-month period in the U.S. and in countries around the world as part of Operation reWired, a coordinated effort of multiple law enforcement agencies from several countries.
Office 365 ATP Automated Incident Response Now Generally Available
www.bleepingcomputer.com/news/microsoft/office-365-atp-automated-incident-response-now-generally-available/ Microsoft announced today the general availability of the Automated Incident Response feature in Office 365 Advanced Threat Protection (ATP) users to support the rising requirements of security teams.
Microsoft Phishing Page Uses Captcha to Bypass Automated Detection
www.bleepingcomputer.com/news/security/microsoft-phishing-page-uses-captcha-to-bypass-automated-detection/ A new phishing campaign has been observed in the wild using captcha boxes to hide a fake Microsoft account login page from secure email gateways (SEGs).
Microsoft Teams Can Be Used To Execute Arbitrary Payloads
www.bleepingcomputer.com/news/security/microsoft-teams-can-be-used-to-execute-arbitrary-payloads/ Attackers can use genuine binaries from Microsoft Teams to execute a malicious payload using a mock installation folder for the collaboration software.
How Safari and iMessage Have Made iPhones Less Secure
www.wired.com/story/ios-security-imessage-safari/ Security researchers say iOS’s security woes stem in part from Apple putting too much trust in its own software’s code.
The NetCAT is out of the bag: Intel chipset exploited to sniff SSH passwords as they’re typed over the network
www.theregister.co.uk/2019/09/10/intel_netcat_side_channel_attack/ Cunning data-snooping side-channel technique is tough to exploit, Chipzilla warns. Report: www.vusec.net/projects/netcat/
Microsoft’s September 2019 Patch Tuesday Fixes 79 Vulnerabilities
www.bleepingcomputer.com/news/microsoft/microsofts-september-2019-patch-tuesday-fixes-79-vulnerabilities/ With the release of the September 2019 security updates, Microsoft has released 2 advisories and updates for 79 vulnerabilities. Of these vulnerabilities, 17 are classified as Critical. . Also:
Microsoft Releases the September 2019 Security Updates for Office
www.bleepingcomputer.com/news/microsoft/microsoft-releases-the-september-2019-security-updates-for-office/ Microsoft released the September 2019 Microsoft Office security updates, bundling a total of 19 security updates and five cumulative updates across seven different products, five of them patching remote code execution flaws.
It’s 2019, and Windows PCs can be pwned via a shortcut file, a webpage, an evil RDP server…
www.theregister.co.uk/2019/09/10/patch_tuesday_abode_sap/ Microsoft joins Adobe and SAP in cleaning up security bugs, two of which are under active attack
Exploit Kits Target Windows Users with Ransomware and Trojans
www.bleepingcomputer.com/news/security/exploit-kits-target-windows-users-with-ransomware-and-trojans/ Over the weekend and into today, four different malvertising campaigns have been redirecting users to exploit kits that install password stealing Trojans, ransomware, and clipboard hijackers.. (Using vulnerabilities from 2018 and before)
Some D-Link and Comba WiFi Routers Leak Their Passwords in Plaintext
Rolling in DoH: Chrome 78 to experiment with DNS-over-HTTPS hot on the heels of Firefox
www.theregister.co.uk/2019/09/10/chrome_78_dnsoverhttps/ Google promises it won’t override your choice of DNS provider
Scraping A Public Website Doesn’t Violate the CFAA, Ninth Circuit (Mostly) Holds
reason.com/2019/09/09/scraping-a-public-website-doesnt-violate-the-cfaa-ninth-circuit-mostly-holds/ The Ninth Circuit Court of Appeals has handed down a groundbreaking decision today on the federal computer hacking law, the Computer Fraud and Abuse Act (CFAA). In HiQ Labs v. LinkedIn, the court held that scraping a public website is likely not a CFAA violation.