macOS Exploit Published on the Last Day of 2017

On the last day of 2017, a security researcher going online by the pseudonym of Siguza published details about a macOS vulnerability affecting all Mac operating system versions released since 2002, and possibly earlier. [...]

https://www.bleepingcomputer.com/news/apple/macos-exploit-published-on-the-last-day-of-2017/

Security Summary: In Development Heropoint Ransomware

This is a quick analysis of the in development infection called Heropoint Ransomware. This article will contain technical information related to how it infects a computer, how it is distributed, and whether it can be decrypted. [...]

https://www.bleepingcomputer.com/news/security/security-summary-in-development-heropoint-ransomware/

Mozilla Will Delete Firefox Crash Reports Collected by Accident

Mozilla said last week it would delete all telemetry data collected because of a bug in the Firefox crash reporter. [...]

https://www.bleepingcomputer.com/news/software/mozilla-will-delete-firefox-crash-reports-collected-by-accident/

9% of Popular Websites Use Anti-Adblock Scripts

Around 9% of today's most popular websites deployed or are deploying anti-adblock scripts in an effort to maintain advertising revenues and fight off the rise in the adoption of ad-blocking extensions. [...]

https://www.bleepingcomputer.com/news/technology/9-percent-of-popular-websites-use-anti-adblock-scripts/

"Trackmageddon" Vulnerabilities Discovered in (GPS) Location Tracking Services

Two security researchers —Vangelis Stykas and Michael Gruhn— have published a report on a series of vulnerabilities that they named "Trackmageddon" that affect several GPS and location tracking services. [...]

https://www.bleepingcomputer.com/news/security/-trackmageddon-vulnerabilities-discovered-in-gps-location-tracking-services/

PiKarma Python Script Helps You Identify Malicious WiFi Networks

An open source project released in December 2017 has caught our eye due to its immense usefulness, especially for those users who travel a lot and who have to connect to many WiFi networks, a habit that may put them at a considerable risk of getting hacked. [...]

https://www.bleepingcomputer.com/news/security/pikarma-python-script-helps-you-identify-malicious-wifi-networks/

Google Removes 36 Fake Android Security Apps Packed with Adware

Google has removed 36 Android apps that snuck into the official Play Store, posing as security and performance boosting apps, but which only contained code to mimic the behavior of such apps. [...]

https://www.bleepingcomputer.com/news/security/google-removes-36-fake-android-security-apps-packed-with-adware/

OS Makers Preparing Patches for Secret Intel CPU Security Bug

OS makers and cloud service providers are preparing patches for a security bug affecting Intel processors, according to several sources with knowledge of the upcoming fixes. [...]

https://www.bleepingcomputer.com/news/security/os-makers-preparing-patches-for-secret-intel-cpu-security-bug/

Intel Denies Reports of Huge Performance Dip Due to Patches for CPU Security Bug

Intel released a statement earlier today denying media reports that upcoming patches for a yet-to-be-disclosed security bug cause huge performance dips for devices using Intel CPUs. [...]

https://www.bleepingcomputer.com/news/hardware/intel-denies-reports-of-huge-performance-dip-due-to-patches-for-cpu-security-bug/

Google: Almost All CPUs Since 1995 Vulnerable To "Meltdown" And "Spectre" Flaws

Google has just published details on two vulnerabilities named Meltdown and Spectre that in the company's assessment affect "every processor [released] since 1995." [...]

https://www.bleepingcomputer.com/news/security/google-almost-all-cpus-since-1995-vulnerable-to-meltdown-and-spectre-flaws/

List of Meltdown and Spectre Vulnerability Advisories, Patches, & Updates

This article contains an continuously updated list of advisories, bulletins, and software updates related to the Meltdown and Spectre vulnerabilities discovered in modern processors. The related CVEs are CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754. [...]

https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre-vulnerability-advisories-patches-and-updates/

Microsoft Releases Emergency Updates to Fix Meltdown and Spectre CPU Flaws

Late last night, Microsoft issued out-of-band updates that address Meltdown and Spectre, two security flaws said to be affecting almost all CPUs released since 1995. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-updates-to-fix-meltdown-and-spectre-cpu-flaws/

Mozilla Confirms Web-Based Execution Vector for Meltdown and Spectre Attacks

Mozilla has officially confirmed that the recently disclosed Meltdown and Spectre CPU flaws can be exploited via web content such as JavaScript files in order to extract information from users visiting a web page. [...]

https://www.bleepingcomputer.com/news/security/mozilla-confirms-web-based-execution-vector-for-meltdown-and-spectre-attacks/

How to Check and Update Windows Systems for the Meltdown and Spectre CPU Flaws

A simple, dumbed-down, step-by-step article on how to get these updates and navigate Microsoft's overly complicated announcement. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-check-and-update-windows-systems-for-the-meltdown-and-spectre-cpu-flaws/

Server Cryptomix Ransomware Variant Released

The devs behind the Cryptomix ransomware just keep pushing them out. A new Cryptomix variant was released last week that appends the .SERVER extension to encrypted files and changes the contact emails used by the ransomware.  [...]

https://www.bleepingcomputer.com/news/security/server-cryptomix-ransomware-variant-released/

Department of Homeland Security Suffers Data Breach

The US Department of Homeland Security (DHS) announced it suffered a data breach last year, during which data for over 247,000 DHS employees and individuals under DHS investigations was taken from a secure DHS database. [...]

https://www.bleepingcomputer.com/news/security/department-of-homeland-security-suffers-data-breach/

Intel Promises Firmware Updates for Most Modern CPUs by the End of Next Week

Intel pinky-promised today that it will provide firmware updates by the end of next week for 90% of all CPU models it released in the past five years. [...]

https://www.bleepingcomputer.com/news/hardware/intel-promises-firmware-updates-for-most-modern-cpus-by-the-end-of-next-week/

Microsoft Word subDoc Feature Abused to Steal Windows Credentials

The security research team at Rhino Labs, a US-based cyber-security company, has discovered that malicious actors can use a lesser-known Microsoft Word feature called subDoc to trick Windows computers into handing over their NTLM hashes, the standard format in which user account credentials are stored. [...]

https://www.bleepingcomputer.com/news/security/microsoft-word-subdoc-feature-abused-to-steal-windows-credentials/

Google Unveils New Retpoline Coding Technique for Mitigating Spectre Attacks

Google has published details about a new coding technique created by the company's engineers that any developer can deploy and prevent Spectre attacks. [...]

https://www.bleepingcomputer.com/news/google/google-unveils-new-retpoline-coding-technique-for-mitigating-spectre-attacks/

Apple: All Mac Systems and iOS Devices Are Affected by Meltdown & Spectre Flaws

Apple has finally released an official statement on the company's mitigations status regarding the recently disclosed Meltdown and Spectre vulnerabilities. [...]

https://www.bleepingcomputer.com/news/apple/apple-all-mac-systems-and-ios-devices-are-affected-by-meltdown-and-spectre-flaws/

HP Recalls Laptop Batteries Due to Overheating and Fire Hazard

HP announced today "a worldwide voluntary safety recall and replacement program" for laptop batteries it shipped with notebooks or sold as accessories or replacements between December 2015 and December 2017. [...]

https://www.bleepingcomputer.com/news/hardware/hp-recalls-laptop-batteries-due-to-overheating-and-fire-hazard/