Microsoft Appears to Have Lost the Source Code of an Office Component

The way Microsoft patched a recent security bug has made several security and software experts believe the company might have lost the source code to one of its Office components. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-appears-to-have-lost-the-source-code-of-an-office-component/

Android Bug Lets Attackers Record Audio & Screen Activity on 3 of 4 Smartphones

Android smartphones running Lolipop, Marshmallow, and Nougat, are vulnerable to an attack that exploits the MediaProjection service to capture the user's screen and record system audio [...]

https://www.bleepingcomputer.com/news/security/android-bug-lets-attackers-record-audio-and-screen-activity-on-3-of-4-smartphones/

Terdot Banking Trojan Grows Into a Sophisticated Threat

Everything else is new, and there's a lot of it. According to Bitdefender, Terdot can also operate a local MitM proxy server to sniff and reroute web traffic, can target more than just banking sites, and can also download and execute files from a remote server. [...]

https://www.bleepingcomputer.com/news/security/terdot-banking-trojan-grows-into-a-sophisticated-threat/

Wp-Vcd WordPress Malware Campaign Is Back

WordPress site owners should be on the lookout for a malware strain tracked as wp-vcd that hides in legitimate WordPress files and that is used to add a secret admin user and grant attackers control over infected sites. [...]

https://www.bleepingcomputer.com/news/security/wp-vcd-wordpress-malware-campaign-is-back/

Another Tor Browser Feature Makes It Into Firefox: First-Party Isolation

Unbeknown to most users, Mozilla added a privacy-enhancing feature to the Firefox browser over the summer that can help users block online advertisers from tracking them across the Internet. [...]

https://www.bleepingcomputer.com/news/software/another-tor-browser-feature-makes-it-into-firefox-first-party-isolation/

SSL Certificate Provider StartCom Shuts Down After Browser Ban

Certificate Authority (CA) StartCom announced last week, on Friday, its intention to cease operations by 2018, and completely shut down its certificate infrastructure by 2020. [...]

https://www.bleepingcomputer.com/news/security/ssl-certificate-provider-startcom-shuts-down-after-browser-ban/

82% of the Code on GitHub Consists of Clones of Previously Created Files

Most source code files hosted on GitHub are actually clones of previously created files, according to a recent study conducted by a joint team of researchers from the University of California, Irvine, the Czech Technical University, Microsoft Research, and Northeastern University. [...]

https://www.bleepingcomputer.com/news/software/82-percent-of-the-code-on-github-consists-of-clones-of-previously-created-files/

Amazon, Microsoft Launch Secret Cloud Servers for the US Intelligence Community

Today, Amazon announced a new offering named "AWS Secret Region," which is a cloud server region for use only by US intelligence agencies and their third-party contractors. [...]

https://www.bleepingcomputer.com/news/government/amazon-microsoft-launch-secret-cloud-servers-for-the-us-intelligence-community/

Microsoft Offering Free Windows 10 Development Environment VM for a Limited Time

Microsoft is providing a free virtual machine that comes preloaded with Windows 10 Enterprise, Visual Studio 2017, and various utilities in order to promote the development of Universal Windows Platform apps.  Before you get too excited about a free version of Windows 10 Enterprise, this Virtual Machine expires on January 15th 2018. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-offering-free-windows-10-development-environment-vm-for-a-limited-time/

Four Years Later, We Have a New OWASP Top 10

The Open Web Application Security Project (OWASP) has published a new version of its infamous Top 10 vulnerability ranking, four years after its last update, in 2013. [...]

https://www.bleepingcomputer.com/news/security/four-years-later-we-have-a-new-owasp-top-10/

Cryptocurrency Startup Claims Hackers Stole $30.95 Million

In an official statement posted on its website yesterday, Tether, a startup that offers 1-to-1 dollar-backed digital tokens [USDT], said a hacker stole funds worth $30,950,010. [...]

https://www.bleepingcomputer.com/news/security/cryptocurrency-startup-claims-hackers-stole-30-95-million/

TP-Link Offers Outdated or No Firmware at All on 30% of Its European Sites

TP-Link's European sites are falling behind when it comes to providing firmware updates, said Daniel Aleksandersen, a Norwegian technology expert, on Monday. [...]

https://www.bleepingcomputer.com/news/security/tp-link-offers-outdated-or-no-firmware-at-all-on-30-percent-of-its-european-sites/

Intel Fixes Critical Bugs in Management Engine, Its Secret CPU-On-Chip

Intel published a security advisory last night detailing eight vulnerabilities that impact core CPU technologies such as the Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE). [...]

https://www.bleepingcomputer.com/news/security/intel-fixes-critical-bugs-in-management-engine-its-secret-cpu-on-chip/

NoScript Add-On Updated for Firefox 57 and the New WebExtensions API

Six days after Mozilla launched Firefox 57, a revamped version of the Firefox browser, Giorgio Maone, the developer of the NoScript add-on, has updated NoScript to work with Firefox's new WebExtensions add-ons API. [...]

https://www.bleepingcomputer.com/news/software/noscript-add-on-updated-for-firefox-57-and-the-new-webextensions-api/

FBI Charges Iranian National Behind HBO Hack

The FBI and the US Department of Justice (DOJ) will announce official charges later today against Behzad Mesri, an Iranian national, for allegedly hacking HBO, attempting to extort the company into paying a ransom, and leaking then-unreleased episodes and scripts for HBO TV series, including Game of Thrones. [...]

https://www.bleepingcomputer.com/news/security/fbi-charges-iranian-national-behind-hbo-hack/

Minecraft Now Supports Windows Mixed Reality for an Immersive Experience

Today, Microsoft released Minecraft version 1.2.552.0, which includes support for Windows Mixed Reality. Simply plug in any supported Windows Mixed Reality headset and you can dive right into an immersive Minecraft experience. [...]

https://www.bleepingcomputer.com/news/gaming/minecraft-now-supports-windows-mixed-reality-for-an-immersive-experience/

Popular Websites Are Recording Your Every Move

482 of the Alexa top 50,000 sites are recording their users' every moves, keystrokes and mouse movements included. This data is then sent to an analytics dashboard, not all times in a secure manner. [...]

https://www.bleepingcomputer.com/news/technology/popular-websites-are-recording-your-every-move/

Uber Supposedly Paid Hackers $100,000 to Keep Quiet About a 2016 Data Breach

Uber confirmed that hackers breached some part of its network in October 2016 and made off with personal data for 50 million users and 7 million drivers. [...]

https://www.bleepingcomputer.com/news/security/uber-supposedly-paid-hackers-100-000-to-keep-quiet-about-a-2016-data-breach/

Broadband Providers Win Big with the Proposed Repeal of Net Neutrality

In an announcement today, FCC Chairman Ajit Pai stated that he has circulated a draft order for the repeal of Obama's Net Neutrality regulations and and the restoration of "Internet Freedom". This draft has been circulated among the other FCC commissioners for a vote at a December 14th meeting, where it is anticipated to be approved. [...]

https://www.bleepingcomputer.com/news/security/broadband-providers-win-big-with-the-proposed-repeal-of-net-neutrality/

Hacker Breaches Sacramento Public Transportation System, Asks for 1 BTC Ransom

The Sacramento Regional Transit (SacRT) public transportation agency was forced to shut down its website due to a security breach that took place on Saturday, November 18. [...]

https://www.bleepingcomputer.com/news/security/hacker-breaches-sacramento-public-transportation-system-asks-for-1-btc-ransom/

HP to Release Patch This Week for Printer Security Bugs

HP said it would release firmware patches later this week for several security bugs reported to the company by various cyber-security experts. [...]

https://www.bleepingcomputer.com/news/security/hp-to-release-patch-this-week-for-printer-security-bugs/