Apple Issues Emergency Patch to Fix Password Leak in Disk Encryption Utility

Earlier today, Apple has issued an emergency update for macOS High Sierra to address a bug that exposed the passwords of encrypted APFS volumes via the password hint feature. [...]

https://www.bleepingcomputer.com/news/apple/apple-issues-emergency-patch-to-fix-password-leak-in-disk-encryption-utility/

PoCs for Two Magento Bugs Released

Security researchers from DefenseCode have released on Wednesday proof-of-concept code for two Magento vulnerabilities patched last month. [...]

https://www.bleepingcomputer.com/news/security/pocs-for-two-magento-bugs-released/

Hackers Hijack Ongoing Email Conversations to Insert Malicious Documents

A group of hackers is using a sophisticated technique of hijacking ongoing email conversations to insert malicious documents that appear to be coming from a legitimate source and infect other targets participating in the same conversational thread. [...]

https://www.bleepingcomputer.com/news/security/hackers-hijack-ongoing-email-conversations-to-insert-malicious-documents/

Browsers Will Store Credit Card Details Similar to How They Save Passwords

A new W3C standard is slowly creeping into current browser implementations, a standard that will simplify the way people make payments online. [...]

https://www.bleepingcomputer.com/news/technology/browsers-will-store-credit-card-details-similar-to-how-they-save-passwords/

Couple of Sassy Comments Reopen Topic of Encryption Backdoors in the US, UK

Officials reminded everyone this week that governments in the US and UK have not given up on their efforts to force tech companies to provide encryption backdoors, despite previous attempts being shut down following public outcry. [...]

https://www.bleepingcomputer.com/news/government/couple-of-sassy-comments-reopen-topic-of-encryption-backdoors-in-the-us-uk/

AOL Will Discontinue AIM on December 15, 2017

AOL will be shutting down AIM after 20 years of existence, on December 15, 2017, the company announced today. [...]

https://www.bleepingcomputer.com/news/software/aol-will-discontinue-aim-on-december-15-2017/

The Week in Ransomware - October 6th 2017 - Slowest Week in A Long Time

Since I started writing these weekly ransomware articles back in May 2016, this is the first time that we had an article with only six stories in it!  I am hoping that this means people are getting bored of ransomware and things will calm down, but I am also worried that this may be just a lull in the storm. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-6th-2017-slowest-week-in-a-long-time/

Google: Microsoft Is Putting Users at Risk by Not Patching Windows the Same Way

Project Zero, Google's top security team, says that Microsoft is putting customers at risk by not patching Windows OS versions in the same way and with the same consistency. [...]

https://www.bleepingcomputer.com/news/security/google-microsoft-is-putting-users-at-risk-by-not-patching-windows-the-same-way/

Disqus Confirms 2012 Data Breach That Exposed Details for 17.5 Million Users

Earlier today, on a late Friday evening, Disqus confirmed a data breach that appears to have taken place in the summer of 2012, and during which an unknown attacker(s) made off with details for at least 17.5 million user accounts. [...]

https://www.bleepingcomputer.com/news/security/disqus-confirms-2012-data-breach-that-exposed-details-for-17-5-million-users/

Some Motherboards Plagued by BIOS Firmware Implementation Flaws

Alex Matrosov, a security researcher for Cylance, has discovered several flaws in how some motherboard vendors implemented Intel's UEFI BIOS firmware into their products. [...]

https://www.bleepingcomputer.com/news/security/some-motherboards-plagued-by-bios-firmware-implementation-flaws/

Cyberstalking Suspect Arrested After VPN Providers Shared Logs With the FBI

VPN providers often advertise their products as a method of surfing the web anonymously, claiming they never store logs of user activity, but a recent criminal case shows that at least some, do store user activity logs. [...]

https://www.bleepingcomputer.com/news/security/cyberstalking-suspect-arrested-after-vpn-providers-shared-logs-with-the-fbi/

Market Research Firm Forrester Says Hackers Stole Sensitive Reports

Forrester, one of the world's leading market research and investment advisory firms, admitted late Friday afternoon to a security breach that took place during the past week. [...]

https://www.bleepingcomputer.com/news/security/market-research-firm-forrester-says-hackers-stole-sensitive-reports/

Malvertising Group Spreading Kovter Malware via Fake Browser Updates

A malvertising group nicknamed KovCoreG by security researchers has been using fake browser and Flash updates to trick users into installing the Kovter malware. [...]

https://www.bleepingcomputer.com/news/security/malvertising-group-spreading-kovter-malware-via-fake-browser-updates/

Office Depot, Best Buy Pull Kaspersky Products From Shelves

Both Office Depot and Best Buy have removed Kaspersky Lab products from shelves. The ban has been in effect since mid-September, and the two chains are offering existing Kaspersky customers replacement security software. [...]

https://www.bleepingcomputer.com/news/software/office-depot-best-buy-pull-kaspersky-products-from-shelves/

Devilishly Clever KnockKnock Attack Tries to Break Into System Email Accounts

Security researchers have spotted a new type of low-and-slow brute-force attack — which they nicknamed KnockKnock — aimed at companies with Office 365 accounts. [...]

https://www.bleepingcomputer.com/news/security/devilishly-clever-knockknock-attack-tries-to-break-into-system-email-accounts/

Android App Lets Users Detect Credit Card Skimmers at Gas Pumps

There is now an Android app that can search and detect gas pump skimmers based on their Bluetooth fingerprint. [...]

https://www.bleepingcomputer.com/news/security/android-app-lets-users-detect-credit-card-skimmers-at-gas-pumps/

New NIST and DHS Standards Get Ready to Tackle BGP Hijacks

Two US government agencies have united forces to coordinate the creation of a new set of standards aimed at securing the process of routing of information between major Internet entities, such as Internet Service Providers, hosting providers, cloud providers, educational, research, and national networks. [...]

https://www.bleepingcomputer.com/news/technology/new-nist-and-dhs-standards-get-ready-to-tackle-bgp-hijacks/

A New Player Joins Coinhive on the Browser Cryptojacking Scene

The browser cryptojacking scene has just expanded from one player to two with the recent launch of the Crypto-Loot service, a website that's eerily similar to the now notorious Coinhive in-browser miner. [...]

https://www.bleepingcomputer.com/news/security/a-new-player-joins-coinhive-on-the-browser-cryptojacking-scene/

Over 37,000 Chrome Users Installed a Fake AdBlock Plus Extensions

Google has removed a malicious extension from its Chrome Web Store that posed as the popular AdBlock Plus ad blocker but forcibly opened new tabs to show ads to users. [...]

https://www.bleepingcomputer.com/news/security/over-37-000-chrome-users-installed-a-fake-adblock-plus-extensions/

ATMii Malware Makes Windows 7 and Windows Vista ATMs Spit Out Cash

Security researchers have discovered a new ATM malware strain named ATMii that targets only ATMs running on Windows 7 and Windows Vista. [...]

https://www.bleepingcomputer.com/news/security/atmii-malware-makes-windows-7-and-windows-vista-atms-spit-out-cash/

Russia Says It Will Ban Cryptocurrency Exchanges

Sergei Shvetsov, First Deputy Chairman of the Central Bank of Russia, said he plans to ban websites that offer cryptocurrencies inside the country. [...]

https://www.bleepingcomputer.com/news/government/russia-says-it-will-ban-cryptocurrency-exchanges/