Intel Fixes 9-Year-Old CPU Flaw That Allows Remote Code Execution

Intel's security team released a series of patches yesterday that fix a remote code execution (RCE) bug found in the Intel Management Engine (ME). [...]

https://www.bleepingcomputer.com/news/hardware/intel-fixes-9-year-old-cpu-flaw-that-allows-remote-code-execution/

IBM Warns Customers That Some of Its USB Flash Drives May Contain Malware

IBM has issued a security alert last week, warning customers that some USB flash drives shipped with IBM Storwize products may contain malicious code. [...]

https://www.bleepingcomputer.com/news/security/ibm-warns-customers-that-some-of-its-usb-flash-drives-may-contain-malware/

New Shodan Tool Can Find Malware Command and Control (C&C) Servers

Shodan and Recorded Future have launched today a search engine for discovering malware command-and-control (C&C) servers. Named Malware Hunter, this new tool is integrated into Shodan, a search engine for discovering Internet-connected devices. [...]

https://www.bleepingcomputer.com/news/security/new-shodan-tool-can-find-malware-command-and-control-candc-servers/

Microsoft Unveils Windows 10 S, a Competitor for Google's Chrome OS

At the MicrosoftEDU Event held today in New York, Microsoft announced Windows 10 S, a version of the Windows 10 operating system that is restricted to running only Windows Store apps. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-unveils-windows-10-s-a-competitor-for-googles-chrome-os/

Tor Browser Flaws Allow User Profiling

Dr. Neal Krawetz, a computer forensics expert, revealed on Monday several problems with the amount of details the Tor Browser discloses about users, which may allow a determined actor to identify users employing the Tor Browser to surf the Internet. [...]

https://www.bleepingcomputer.com/news/software/tor-browser-flaws-allow-user-profiling/

Google Will Quietly Auto-Migrate Some Users to 64-Bit Chrome

Google will release Chrome 58.0.3029.96 in the coming days and weeks, and as part of this update, the company plans to move some of its 32-bit users to Chrome's 64-bit version. [...]

https://www.bleepingcomputer.com/news/software/google-will-quietly-auto-migrate-some-users-to-64-bit-chrome/

India's Aadhaar Biometrics Database Is About to Become a Security Nightmare

A report released on Monday by The Centre for Internet and Society reveals that over 135 million records from India's Aadhaar national ID systems have already leaked online. [...]

https://www.bleepingcomputer.com/news/security/indias-aadhaar-biometrics-database-is-about-to-become-a-security-nightmare/

Watch Researchers Hack an Industrial Robot and Sabotage Production

There is an insane amount of industrial robots connected to the Internet, and even worse, thousands are left with no form of user authentication whatsoever, open to attack from anyone skilled enough to know how to sabotage their mode of operation. [...]

https://www.bleepingcomputer.com/news/security/watch-researchers-hack-an-industrial-robot-and-sabotage-production/

Cerber Ransomware Version 6 Gets Anti-Vm and Anti-Sandboxing Features

Security researchers have spotted version 6 of the Cerber ransomware, and this new edition continues to add new features, heightening the overall complexity this ransomware family has been showing. [...]

https://www.bleepingcomputer.com/news/security/cerber-ransomware-version-6-gets-anti-vm-and-anti-sandboxing-features/

Windows 10 S Won't Let You Change the Default Browser, Meaning You're Stuck With Edge

Windows 10 S users won't be able to change their default browser and search provider away from Microsoft Edge and Bing. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-s-wont-let-you-change-the-default-browser-meaning-youre-stuck-with-edge/

It Took Google One Hour to Shut Down Massive Self-Replicating Phishing Campaign

A massive phishing campaign took place today, but Google's security staff was on hand and shut down the attacker's efforts within an hour after users first reported the problem on Reddit. [...]

https://www.bleepingcomputer.com/news/security/it-took-google-one-hour-to-shut-down-massive-self-replicating-phishing-campaign/

HoeflerText SocEng Attack Now Targeting Firefox with a Mozilla Font Pack

HoeflerText Font Pack social engineering attack has expanded to now include the Firefox browser as one of its targets. Not paying attention and installing its payload will lead to the Zeus Panda banking Trojan being installed on a victim's computer. [...]

https://www.bleepingcomputer.com/news/security/hoeflertext-soceng-attack-now-targeting-firefox-with-a-mozilla-font-pack/

234 Android Applications Are Currently Using Ultrasonic Beacons to Track Users

A team of researchers from the Brunswick Technical University in Germany has discovered an alarming number of Android applications that employ ultrasonic tracking beacons to track users and their nearby environment. [...]

https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/

Malware Targets North Korea for Once

Security researchers from Cisco Talos have come across a new malware family that was used to target various officials and organizations linked to North Korea. [...]

https://www.bleepingcomputer.com/news/security/malware-targets-north-korea-for-once/

WordPress Zero-Day Could Expose Password Reset Emails

Polish security expert Dawid Golunski has discovered a zero-day in the WordPress password reset mechanism that would allow an attacker to obtain the password reset link, under certain circumstances. [...]

https://www.bleepingcomputer.com/news/security/wordpress-zero-day-could-expose-password-reset-emails/

Some Twitter Dude Is Trying to Take Credit for the Google Docs Phishing Attack

A Twitter user by the name @EugenePupov is trying to take credit for the massive phishing attack that hit Gmail users last night, but currently available evidence isn't lining up with his statements. [...]

https://www.bleepingcomputer.com/news/security/some-twitter-dude-is-trying-to-take-credit-for-the-google-docs-phishing-attack/

15K Botnet Mines for Cryptocurrencies on Vulnerable Windows Servers

A malware developer suspected of operating out of China is in control of a botnet of 15,000 compromised Windows Server machines, which he uses to mine for various crypto-currencies, and primarily Monero. [...]

https://www.bleepingcomputer.com/news/security/15k-botnet-mines-for-cryptocurrencies-on-vulnerable-windows-servers/

Windows 10 Insider Build 16188 For PC Brings Application Guard to the Enterprise

Today Microsoft released Insider Preview Build 16188 for PC and Insider Preview Build 15210 for Mobile to insiders on the fast ring. With build 16188, Microsoft introduces new features in Microsoft Edge's PDF Reader and Application Guard for Microsoft Edge. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-16188-for-pc-brings-application-guard-to-the-enterprise/

Hackers Use Flaws in Telephony Core Protocol to Bypass 2FA on Bank Accounts

Hackers have exploited decades-old flaws in the SS7 mobile telephony protocol to hijack phone numbers and SMS messages, in order to bypass two-factor authentication (2FA) and steal money from bank accounts. [...]

https://www.bleepingcomputer.com/news/security/hackers-use-flaws-in-telephony-core-protocol-to-bypass-2fa-on-bank-accounts/

New Fatboy Ransomware-as-a-Service Advertised on Russian Hacking Forum

A new Ransomware-as-a-Service (RaaS) portal is being advertised on an underground hacking forum, primarily used by Russian-speaking criminals. [...]

https://www.bleepingcomputer.com/news/security/new-fatboy-ransomware-as-a-service-advertised-on-russian-hacking-forum/

Cyber-Espionage Malware Is So Advanced It Has Its Own API

Russian cyberspies have developed a new breed of backdoor trojan that features several novel techniques, including an API that allows attackers to reverse the C&C communications flow when needed. [...]

https://www.bleepingcomputer.com/news/security/cyber-espionage-malware-is-so-advanced-it-has-its-own-api/