Microsoft September Patch Tuesday Fixes 82 Security Issues, Including a Zero-Day
Moments ago, Microsoft published the September 2017 Patch Tuesday, and this month the OS maker fixed 82 security bugs. Among the patches, there is one zero-day vulnerability exploited in the wild and three bugs whose details became public but have yet to be exploited in attacks. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-september-patch-tuesday-fixes-82-security-issues-including-a-zero-day/
Moments ago, Microsoft published the September 2017 Patch Tuesday, and this month the OS maker fixed 82 security bugs. Among the patches, there is one zero-day vulnerability exploited in the wild and three bugs whose details became public but have yet to be exploited in attacks. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-september-patch-tuesday-fixes-82-security-issues-including-a-zero-day/
BleepingComputer
Microsoft September Patch Tuesday Fixes 82 Security Issues, Including a Zero-Day
Moments ago, Microsoft published the September 2017 Patch Tuesday, and this month the OS maker fixed 82 security bugs. Among the patches, there is one zero-day vulnerability exploited in the wild and three bugs whose details became public but have yet toβ¦
Apple iPhone X Unveiled: Goodbye Home Button. Hello Face ID
Today at Apple's annual press conference, Apple unveiled the iPhone X, iPhone 8, Apple Watch Series 3, and Apple TV 4k. Let's take a look at the new features unveiled in these products. [...]
https://www.bleepingcomputer.com/news/apple/apple-iphone-x-unveiled-goodbye-home-button-hello-face-id/
Today at Apple's annual press conference, Apple unveiled the iPhone X, iPhone 8, Apple Watch Series 3, and Apple TV 4k. Let's take a look at the new features unveiled in these products. [...]
https://www.bleepingcomputer.com/news/apple/apple-iphone-x-unveiled-goodbye-home-button-hello-face-id/
BleepingComputer
Apple iPhone X Unveiled: Goodbye Home Button. Hello Face ID
Today at Apple's annual press conference, Apple unveiled the iPhone X, iPhone 8, Apple Watch Series 3, and Apple TV 4k. Let's take a look at the new features unveiled in these products.
Over 4,000 ElasticSearch Servers Found Hosting PoS Malware Files
The Kromtech Security Center has identified over 4,000 instances of ElasticSearch servers that are hosting files specific to two strains of POS (Point of Sale) malware β AlinaPOS and JackPOS. [...]
https://www.bleepingcomputer.com/news/security/over-4-000-elasticsearch-servers-found-hosting-pos-malware-files/
The Kromtech Security Center has identified over 4,000 instances of ElasticSearch servers that are hosting files specific to two strains of POS (Point of Sale) malware β AlinaPOS and JackPOS. [...]
https://www.bleepingcomputer.com/news/security/over-4-000-elasticsearch-servers-found-hosting-pos-malware-files/
BleepingComputer
Over 4,000 ElasticSearch Servers Found Hosting PoS Malware Files
The Kromtech Security Center has identified over 4,000 instances of ElasticSearch servers that are hosting files specific to two strains of POS (Point of Sale) malware β AlinaPOS and JackPOS.
RouteX Malware Uses Netgear Routers for Credential Stuffing Attacks
A Russian-speaking hacker has been infecting Netgear routers over the past months with a new strain of malware named RouteX that he uses to turn infected devices into SOCKS proxies and carry out credential stuffing attacks. [...]
https://www.bleepingcomputer.com/news/security/routex-malware-uses-netgear-routers-for-credential-stuffing-attacks/
A Russian-speaking hacker has been infecting Netgear routers over the past months with a new strain of malware named RouteX that he uses to turn infected devices into SOCKS proxies and carry out credential stuffing attacks. [...]
https://www.bleepingcomputer.com/news/security/routex-malware-uses-netgear-routers-for-credential-stuffing-attacks/
BleepingComputer
RouteX Malware Uses Netgear Routers for Credential Stuffing Attacks
A Russian-speaking hacker has been infecting Netgear routers over the past months with a new strain of malware named RouteX that he uses to turn infected devices into SOCKS proxies and carry out credential stuffing attacks.
Second Researcher Drops Router Exploit Code After D-Link Mishandles Bug Reports
Embedi, a hardware security firm, has published details about two vulnerabilities that have yet to be patched in the firmware of D-Link routers. This marks the second incident of this sort in the last five days. [...]
https://www.bleepingcomputer.com/news/security/second-researcher-drops-router-exploit-code-after-d-link-mishandles-bug-reports/
Embedi, a hardware security firm, has published details about two vulnerabilities that have yet to be patched in the firmware of D-Link routers. This marks the second incident of this sort in the last five days. [...]
https://www.bleepingcomputer.com/news/security/second-researcher-drops-router-exploit-code-after-d-link-mishandles-bug-reports/
BleepingComputer
Second Researcher Drops Router Exploit Code After D-Link Mishandles Bug Reports
Embedi, a hardware security firm, has published details about two vulnerabilities that have yet to be patched in the firmware of D-Link routers. This marks the second incident of this sort in the last five days.
Backdoor Found in WordPress Plugin With More Than 200,000 Installations
For the past two and a half months, a WordPress plugin named Display Widgets has been used to install a backdoor on WordPress sites across the Internet. [...]
https://www.bleepingcomputer.com/news/security/backdoor-found-in-wordpress-plugin-with-more-than-200-000-installations/
For the past two and a half months, a WordPress plugin named Display Widgets has been used to install a backdoor on WordPress sites across the Internet. [...]
https://www.bleepingcomputer.com/news/security/backdoor-found-in-wordpress-plugin-with-more-than-200-000-installations/
BleepingComputer
Backdoor Found in WordPress Plugin With More Than 200,000 Installations
For the past two and a half months, a WordPress plugin named Display Widgets has been used to install a backdoor on WordPress sites across the Internet.
Exploit Broker Zerodium Offers $1 Million for Tor Browser Zero-Days
Zerodium, a company that buys exploits to sell to government agencies, is offering up to $1 million for zero-days affecting the Tor Browser. [...]
https://www.bleepingcomputer.com/news/security/exploit-broker-zerodium-offers-1-million-for-tor-browser-zero-days/
Zerodium, a company that buys exploits to sell to government agencies, is offering up to $1 million for zero-days affecting the Tor Browser. [...]
https://www.bleepingcomputer.com/news/security/exploit-broker-zerodium-offers-1-million-for-tor-browser-zero-days/
BleepingComputer
Exploit Broker Zerodium Offers $1 Million for Tor Browser Zero-Days
Zerodium, a company that buys exploits to sell to government agencies, is offering up to $1 million for zero-days affecting the Tor Browser.
US Officially Bans Kaspersky Products From Government Systems
In a Binding Operational Directive published today by the Department of Homeland Security (DHS), the US government has banned the use of Kaspersky Lab security software on government computers. [...]
https://www.bleepingcomputer.com/news/government/us-officially-bans-kaspersky-products-from-government-systems/
In a Binding Operational Directive published today by the Department of Homeland Security (DHS), the US government has banned the use of Kaspersky Lab security software on government computers. [...]
https://www.bleepingcomputer.com/news/government/us-officially-bans-kaspersky-products-from-government-systems/
BleepingComputer
US Officially Bans Kaspersky Products From Government Systems
In a Binding Operational Directive published today by the Department of Homeland Security (DHS), the US government has banned the use of Kaspersky Lab security software on government computers.
Windows 10 Insider Build 16362 for Skip Ahead Insiders Improves on the Boot Experience
Today Microsoft released Insider Preview Build 16362 for PC to only insiders on the fast ring who have opted to skip ahead. This build brings improvements to the boot experience, narrator, Edge, gaming, input, and the Windows Shell. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-16362-for-skip-ahead-insiders-improves-on-the-boot-experience/
Today Microsoft released Insider Preview Build 16362 for PC to only insiders on the fast ring who have opted to skip ahead. This build brings improvements to the boot experience, narrator, Edge, gaming, input, and the Windows Shell. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-16362-for-skip-ahead-insiders-improves-on-the-boot-experience/
BleepingComputer
Windows 10 Insider Build 16362 for Skip Ahead Insiders Improves on the Boot Experience
Today Microsoft released Insider Preview Build 16362 for PC to only insiders on the fast ring who have opted to skip ahead. This build brings improvements to the boot experience, narrator, Edge, gaming, input, and the Windows Shell.
Upcoming Windows 10 Will Show Popup Dialogs for Individual App Permissions
The next major update of the Windows 10 operating system β codenamed the Fall Creators Update (FCU) β will receive new privacy controls, including popup dialogs that warn users about features an app is about to use. [...]
https://www.bleepingcomputer.com/news/microsoft/upcoming-windows-10-will-show-popup-dialogs-for-individual-app-permissions/
The next major update of the Windows 10 operating system β codenamed the Fall Creators Update (FCU) β will receive new privacy controls, including popup dialogs that warn users about features an app is about to use. [...]
https://www.bleepingcomputer.com/news/microsoft/upcoming-windows-10-will-show-popup-dialogs-for-individual-app-permissions/
BleepingComputer
Upcoming Windows 10 Will Show Popup Dialogs for Individual App Permissions
The next major update of the Windows 10 operating system β codenamed the Fall Creators Update (FCU) β will receive new privacy controls, including popup dialogs that warn users about features an app is about to use.
Ichidan Is a Shodan-Like Search Engine for the Dark Web
Two days ago, Bleeping Computer came across a new Dark Web portal that allows users to search Tor Onion sites in the same way users utilize Shodan to discover Internet-exposed services. [...]
https://www.bleepingcomputer.com/news/security/ichidan-is-a-shodan-like-search-engine-for-the-dark-web/
Two days ago, Bleeping Computer came across a new Dark Web portal that allows users to search Tor Onion sites in the same way users utilize Shodan to discover Internet-exposed services. [...]
https://www.bleepingcomputer.com/news/security/ichidan-is-a-shodan-like-search-engine-for-the-dark-web/
BleepingComputer
Ichidan Is a Shodan-Like Search Engine for the Dark Web
Two days ago, Bleeping Computer came across a new Dark Web portal that allows users to search Tor Onion sites in the same way users utilize Shodan to discover Internet-exposed services.
Equifax Confirms Hackers Used Apache Struts Vulnerability to Breach Its Servers
In an update posted to its security breach website, Equifax said hackers used an Apache Struts security bug to breach its servers and later steal data on over 143 million customers, from both the US and the UK. [...]
https://www.bleepingcomputer.com/news/security/equifax-confirms-hackers-used-apache-struts-vulnerability-to-breach-its-servers/
In an update posted to its security breach website, Equifax said hackers used an Apache Struts security bug to breach its servers and later steal data on over 143 million customers, from both the US and the UK. [...]
https://www.bleepingcomputer.com/news/security/equifax-confirms-hackers-used-apache-struts-vulnerability-to-breach-its-servers/
BleepingComputer
Equifax Confirms Hackers Used Apache Struts Vulnerability to Breach Its Servers
In an update posted to its security breach website, Equifax said hackers used an Apache Struts security bug to breach its servers and later steal data on over 143 million customers, from both the US and the UK.
Attackers Can Bypass SKEL Protection in macOS High Sierra
A new security feature added in macOS High Sierra (10.13) named "Secure Kernel Extension Loading" (SKEL) can be bypassed to allow the loading of malicious kernel extensions. [...]
https://www.bleepingcomputer.com/news/security/attackers-can-bypass-skel-protection-in-macos-high-sierra/
A new security feature added in macOS High Sierra (10.13) named "Secure Kernel Extension Loading" (SKEL) can be bypassed to allow the loading of malicious kernel extensions. [...]
https://www.bleepingcomputer.com/news/security/attackers-can-bypass-skel-protection-in-macos-high-sierra/
BleepingComputer
Attackers Can Bypass SKEL Protection in macOS High Sierra
A new security feature added in macOS High Sierra (10.13) named "Secure Kernel Extension Loading" (SKEL) can be bypassed to allow the loading of malicious kernel extensions.
Developers Unwittingly Embedded Malware in Their Android Apps via Shady SDK
Malware authors hid malicious code inside a software development kit (SDK) that developers embedded in their Android apps, unwittingly exposing their users to a mobile malware strain that Check Point identifies as ExpensiveWall. [...]
https://www.bleepingcomputer.com/news/security/developers-unwittingly-embedded-malware-in-their-android-apps-via-shady-sdk/
Malware authors hid malicious code inside a software development kit (SDK) that developers embedded in their Android apps, unwittingly exposing their users to a mobile malware strain that Check Point identifies as ExpensiveWall. [...]
https://www.bleepingcomputer.com/news/security/developers-unwittingly-embedded-malware-in-their-android-apps-via-shady-sdk/
BleepingComputer
Developers Unwittingly Embedded Malware in Their Android Apps via Shady SDK
Malware authors hid malicious code inside a software development kit (SDK) that developers embedded in their Android apps, unwittingly exposing their users to a mobile malware strain that Check Point identifies as ExpensiveWall.
Malvertising Campaign Mines Cryptocurrency Right in Your Browser
Malware authors are using JavaScript code delivered via malvertising campaigns to mine different cryptocurrencies inside people's browsers, without their knowledge. [...]
https://www.bleepingcomputer.com/news/security/malvertising-campaign-mines-cryptocurrency-right-in-your-browser/
Malware authors are using JavaScript code delivered via malvertising campaigns to mine different cryptocurrencies inside people's browsers, without their knowledge. [...]
https://www.bleepingcomputer.com/news/security/malvertising-campaign-mines-cryptocurrency-right-in-your-browser/
BleepingComputer
Malvertising Campaign Mines Cryptocurrency Right in Your Browser
Malware authors are using JavaScript code delivered via malvertising campaigns to mine different cryptocurrencies inside people's browsers, without their knowledge.
Sysadmin Hacks Former Employer and Buys iPad Tablets From Staples
A judge sentenced a Texas man to 27 months in prison for hacking his former employer so he could use company resources to buy at least 11 iPad Air tablets for himself. [...]
https://www.bleepingcomputer.com/news/security/sysadmin-hacks-former-employer-and-buys-ipad-tablets-from-staples/
A judge sentenced a Texas man to 27 months in prison for hacking his former employer so he could use company resources to buy at least 11 iPad Air tablets for himself. [...]
https://www.bleepingcomputer.com/news/security/sysadmin-hacks-former-employer-and-buys-ipad-tablets-from-staples/
BleepingComputer
Sysadmin Hacks Former Employer and Buys iPad Tablets From Staples
A judge sentenced a Texas man to 27 months in prison for hacking his former employer so he could use company resources to buy at least 11 iPad Air tablets for himself.
Chrome Will Mute All Sites With Auto-Playing Sound by Default Starting 2018
Google engineers have announced changes in the way Chrome will handle websites with auto-playing audio. [...]
https://www.bleepingcomputer.com/news/google/chrome-will-mute-all-sites-with-auto-playing-sound-by-default-starting-2018/
Google engineers have announced changes in the way Chrome will handle websites with auto-playing audio. [...]
https://www.bleepingcomputer.com/news/google/chrome-will-mute-all-sites-with-auto-playing-sound-by-default-starting-2018/
BleepingComputer
Chrome Will Mute All Sites With Auto-Playing Sound by Default Starting 2018
Google engineers have announced changes in the way Chrome will handle websites with auto-playing audio.
Ten Malicious Libraries Found on PyPI - Python Package Index
The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI β Python Package Index β the official third-party software repository for the Python programming language. [...]
https://www.bleepingcomputer.com/news/security/ten-malicious-libraries-found-on-pypi-python-package-index/
The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI β Python Package Index β the official third-party software repository for the Python programming language. [...]
https://www.bleepingcomputer.com/news/security/ten-malicious-libraries-found-on-pypi-python-package-index/
BleepingComputer
Ten Malicious Libraries Found on PyPI - Python Package Index
The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI β Python Package Index β the official third-party software repository for the Python programming language.
Adware Installs InfoStealer Trojan that it loads via Chrome DLL Hijacking
A password stealing Trojan called AdService is being quietly distributed by adware bundles that typically install other programs such as Russian adware, extensions, clickers, adware, and fake system optimization programs. This Trojan is loaded through DLL hijacking in Chrome. [...]
https://www.bleepingcomputer.com/news/security/adware-installs-infostealer-trojan-that-it-loads-via-chrome-dll-hijacking/
A password stealing Trojan called AdService is being quietly distributed by adware bundles that typically install other programs such as Russian adware, extensions, clickers, adware, and fake system optimization programs. This Trojan is loaded through DLL hijacking in Chrome. [...]
https://www.bleepingcomputer.com/news/security/adware-installs-infostealer-trojan-that-it-loads-via-chrome-dll-hijacking/
BleepingComputer
Adware Installs InfoStealer Trojan That It Loads via Chrome DLL Hijacking
A password stealing Trojan called AdService is being quietly distributed by adware bundles that typically install other programs such as Russian adware, extensions, clickers, adware, and fake system optimization programs. This Trojan is loaded through DLLβ¦
Security.txt Standard Proposed, Similar to Robots.txt
Ed Foudil, a web developer and security researcher, has submitted a draft to the IETF β Internet Engineering Task Force β seeking the standardization of security.txt, a file that webmasters can host on their domain root and describe the site's security policies. [...]
https://www.bleepingcomputer.com/news/security/security-txt-standard-proposed-similar-to-robots-txt/
Ed Foudil, a web developer and security researcher, has submitted a draft to the IETF β Internet Engineering Task Force β seeking the standardization of security.txt, a file that webmasters can host on their domain root and describe the site's security policies. [...]
https://www.bleepingcomputer.com/news/security/security-txt-standard-proposed-similar-to-robots-txt/
BleepingComputer
Security.txt Standard Proposed, Similar to Robots.txt
Ed Foudil, a web developer and security researcher, has submitted a draft to the IETF β Internet Engineering Task Force β seeking the standardization of security.txt, a file that webmasters can host on their domain root and describe the site's security policies.
OurMine Hacks Vevo After Employee Was Disrespectful to Hackers on LinkedIn
Hacking group OurMine has breached Vevo, a video hosting service, and has leaked files from the company's internal network. [...]
https://www.bleepingcomputer.com/news/security/ourmine-hacks-vevo-after-employee-was-disrespectful-to-hackers-on-linkedin/
Hacking group OurMine has breached Vevo, a video hosting service, and has leaked files from the company's internal network. [...]
https://www.bleepingcomputer.com/news/security/ourmine-hacks-vevo-after-employee-was-disrespectful-to-hackers-on-linkedin/
BleepingComputer
OurMine Hacks Vevo After Employee Was Disrespectful to Hackers on LinkedIn
Hacking group OurMine has breached Vevo, a video hosting service, and has leaked files from the company's internal network.