In February 2018, Microsoft officials announced they planned to make the Windows Defender Advanced Threat Protection (ATP) available for Windows 7 and Windows 8.1. The targeted delivery date for general availability on those platforms was summer 2018. On February 22, Microsoft officials blogged that Windows Defender ATP Endpoint Protection was now generally available for Windows 7 and 8.1…

https://www.zdnet.com/article/microsofts-windows-defender-advanced-threat-protection-service-now-available-for-windows-7-8-1-clients/

Hackers accessed tax return information stored with TurboTax using a stolen password from a third party, an Intuit spokesman said Monday.

The attack, earlier reported in Dark Reading, didn’t breach the internal systems at Intuit, which owns TurboTax. Instead, attackers took lists of passwords stolen from other services and used them to try to log in to TurboTax accounts, the spokesman said. There, valuable personal information, such as Social Security numbers, names and addresses, is stored in tax returns…

https://www.cnet.com/news/hackers-reportedly-access-turbotax-accounts-and-tax-returns/

In September of 2018, an anonymous independent security researcher (who we’ll call X) noticed that their power company’s website was offering to email—not reset!—lost account passwords to forgetful users. Startled, X fed the online form the utility account number and the last four phone number digits it was asking for. Sure enough, a few minutes later the account password, in plain text, was sitting in X’s inbox…

https://arstechnica.com/tech-policy/2019/02/plain-wrong-millions-of-utility-customers-passwords-stored-in-plain-text/

Is your Android phone feeling hot to the touch, acting sluggish, in need of frequent charges, or using dramatically more data than it used to? It may be a victim of DrainerBot, a major fraud operation distributed through Google Play apps with more than 10 million downloads, researchers said Wednesday…

https://arstechnica.com/information-technology/2019/02/google-play-apps-with-10-million-installs-drains-batteries-jacks-up-data-charges/

WinRAR has patched a 19-year-old security vulnerability that allowed attackers to extract malicious software to anywhere on your hard drive. The vulnerability was discovered by researchers at Check Point Software Technologies, who realised that WinRAR’s support for the effectively defunct ACE archive format meant that it was still relying on an insecure and dated DLL file from 2006…

https://www.theverge.com/2019/2/21/18234448/winrar-winace-19-year-old-vulnerability-patched-version-5-70-beta-1

Secure password firms 1Password, Dashlane, KeePass and LastPass are blasting a research report that highlights how a local adversary can crack open and steal passwords stored by the utilities.

The uproar began Tuesday when lead researcher, Adrian Bednarek with Independent Security Evaluators (ISE), published findings that demonstrated how someone could pluck clear text passwords associated with the utilities from the memory of Windows 10 systems…

https://threatpost.com/1password-dashlane-keepass-and-lastpass/142037/

A new study has identified security flaws in five of the most popular password managers.

Now for some counterintuitive advice: I still think you should use a password manager. So do the ethical hackers with Independent Security Evaluators who came to me with news of the flaws — and other security pros I spoke to about the study, published Tuesday. You wouldn’t stop using a seat belt because it couldn’t protect you from every kind of vehicle accident. The same applies to password managers…

https://www.washingtonpost.com/technology/2019/02/19/password-managers-have-security-flaw-you-should-still-use-one/

Google is currently in the process of updating the API used by Chrome extensions. This isn’t something that typical users would have cared much about, until extension developers pointed out that one of the proposed changes could prevent many content blockers (including uBlock Origin) from functioning. While Google hasn’t completely backtracked from its plans, it has made concessions amidst public outcry and legal threats…

https://www.androidpolice.com/2019/02/17/google-backtracks-on-chrome-ad-blocker-changes-after-public-outcry-and-legal-threats/