Internet Explorer Bug Leaks What Users Type in the URL Address Bar

Microsoft's Internet Explorer browser is affected by a serious bug that allows rogue sites to detect what the user is typing in his URL address bar. [...]

https://www.bleepingcomputer.com/news/security/internet-explorer-bug-leaks-what-users-type-in-the-url-address-bar/

Russia Threatens to Ban Facebook While China Blocks WhatsApp With GFW Upgrade

Russian officials said they are considering a ban on Facebook for the start of 2018 unless the social network is willing to comply with the country's new privacy and user protection rules. [...]

https://www.bleepingcomputer.com/news/technology/russia-threatens-to-ban-facebook-while-china-blocks-whatsapp-with-gfw-upgrade/

Another Banking Trojan Adds Support for NSA's EternalBlue Exploit

A third banking trojan has added support for EternalBlue, an exploit supposedly created by the NSA, leaked online by the Shadow Brokers, and the main driving force behind the WannaCry and NotPetya ransomware outbreaks. [...]

https://www.bleepingcomputer.com/news/security/another-banking-trojan-adds-support-for-nsas-eternalblue-exploit/

Linux Kernel Bug Reclassified as Security Issue After Two Years

Multiple Linux distros are issuing security updates for OS versions that still use an older kernel branch after it recently came to light that a mild memory bug was in reality much worse, and the bug was recently categorized as a security flaw. [...]

https://www.bleepingcomputer.com/news/security/linux-kernel-bug-reclassified-as-security-issue-after-two-years/

New "Illusion Gap" Attack Bypasses Windows Defender Scans

Security researchers from CyberArk have discovered a new technique that allows malware to bypass Windows Defender, the standard security software that comes included with all Windows operating systems. [...]

https://www.bleepingcomputer.com/news/security/new-illusion-gap-attack-bypasses-windows-defender-scans/

Firefox 56 Released With Built-In Screenshot Utility, New Options Panel

Later today, Mozilla is scheduled to announce the public availability of Firefox 56, its latest browser release. As is its custom, the Foundation made available Firefox 56 on its FTP servers a day earlier. [...]

https://www.bleepingcomputer.com/news/software/firefox-56-released-with-built-in-screenshot-utility-new-options-panel/

MIT Tool Lets Programmers Port Source Code Between Incompatible Projects

Scientists at MIT have developed a new tool called CodeCarbonCopy (CCC) that can automatically port code from one project to another, mapping differences and adapting the imported code to the new codebase. [...]

https://www.bleepingcomputer.com/news/technology/mit-tool-lets-programmers-port-source-code-between-incompatible-projects/

Copy-Pasting Malware Dev Made $63,000 From Mining Monero on IIS Servers

A malware author (or authors) has made around $63,000 during the past five months by hacking unpatched IIS 6.0 servers and mining Monero. [...]

https://www.bleepingcomputer.com/news/security/copy-pasting-malware-dev-made-63-000-from-mining-monero-on-iis-servers/

Permissions Loophole Lets iOS Apps Extract Location Details From Image Metadata

A rogue iOS application can gain access to limited geo-location information by obtaining image permissions and extracting GPS coordinates from locally-stored photos. [...]

https://www.bleepingcomputer.com/news/apple/permissions-loophole-lets-ios-apps-extract-location-details-from-image-metadata/

Net Neutrality Activists Targeted by Clever Pornhub-Themed Phishing Campaign

Employees of US NGOs Fight for the Future and Free Press were targeted with complex spear-phishing attempts between July 7 and August 8, reported today the Electronic Frontier Foundation (EFF). [...]

https://www.bleepingcomputer.com/news/security/net-neutrality-activists-targeted-by-clever-pornhub-themed-phishing-campaign/

Hacker Hides Backdoor Inside Fake WordPress Security Plugin

A cyber-criminal has hidden the code for a PHP backdoor inside the source code of a WordPress plugin masquerading as a security tool named "X-WP-SPAM-SHIELD-PRO." [...]

https://www.bleepingcomputer.com/news/security/hacker-hides-backdoor-inside-fake-wordpress-security-plugin/

Apple Quietly Patches macOS Security Bypass Vulnerability

Apple appears to have silently patched a vulnerability in macOS that would have allowed attackers to bypass the operating system's built-in file quarantine system and execute malicious JavaScript code. [...]

https://www.bleepingcomputer.com/news/security/apple-quietly-patches-macos-security-bypass-vulnerability/

Ubuntu to Stop Offering 32-Bit ISO Images, Joining Many Other Linux Distros

Canonical engineer Dimitri John Ledkov announced on Wednesday that Ubuntu does not plan to offer 32-bit ISO installation images for its new OS version starting with the next release — Ubuntu 17.10 (Artful Aardvark) scheduled for release on October 19. [...]

https://www.bleepingcomputer.com/news/software/ubuntu-to-stop-offering-32-bit-iso-images-joining-many-other-linux-distros/

Leave It to Sex Toy Flaws to Show the Sad State of Bluetooth LE Implementations

A security firm's investigation of modern smart sex toys has revealed just how exposed most IoT devices running BLE (Bluetooth Low Energy) really are. [...]

https://www.bleepingcomputer.com/news/security/leave-it-to-sex-toy-flaws-to-show-the-sad-state-of-bluetooth-le-implementations/

The Week in Ransomware - September 29th 2017 - Locky & RedBoot

[...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-29th-2017-locky-and-redboot/

Many Up-To-Date Macs Not Getting EFI Firmware Updates

Some Macs running up-to-date versions of their operating system may not be running the latest EFI firmware version, exposing users to firmware attacks, according to a 63-page report published today by security researchers from Duo Labs. [...]

https://www.bleepingcomputer.com/news/apple/many-up-to-date-macs-not-getting-efi-firmware-updates/

A Year After It Added Support for Extension, Edge Has Only 70 Add-Ons

In the summer of 2016 and with the release of the Windows 10 Anniversary Update, Microsoft proudly announced it added support for extensions in Microsoft Edge, its newest browser that at a time was only one year old. [...]

https://www.bleepingcomputer.com/news/microsoft/a-year-after-it-added-support-for-extension-edge-has-only-70-add-ons/

Internet Regulator Delays Key Security Feature Update Because of Lazy ISPs

Inattentive ISPs and technical faults have led the Internet Corporation for Assigned Names and Numbers (ICANN) to delay the KSK Rollover for next year. [...]

https://www.bleepingcomputer.com/news/security/internet-regulator-delays-key-security-feature-update-because-of-lazy-isps/

Gaming Service Goes Down After Hacker Wipes Database and Holds It for Ransom

R6DB, an online service that provides statistics for Rainbow Six Siege players, went down over the weekend after an attacker wiped the company's database and asked a ransom. [...]

https://www.bleepingcomputer.com/news/security/gaming-service-goes-down-after-hacker-wipes-database-and-holds-it-for-ransom/

FBI iPhone Hacking Tool Can Remain a Secret, Court Rules

A District of Columbia court ruled that the FBI can keep secret the name and vendor of a hacking tool it used to break into the iPhone of the San Bernardino shooter, Rizwan Farook. [...]

https://www.bleepingcomputer.com/news/government/fbi-iphone-hacking-tool-can-remain-a-secret-court-rules/

US Telco Fined $3 Million in Domain Renewal Blunder

Sorenson Communications, a Utah-based telecommunications provider, received a whopping $3 million fine from the Federal Communications Commission (FCC) on Friday for failing to renew a crucial domain name used by a part of the local 911 emergency service. [...]

https://www.bleepingcomputer.com/news/technology/us-telco-fined-3-million-in-domain-renewal-blunder/