Android Trojan Steals Data From Facebook Messenger, Skype, Other IM Clients

Security researchers have found a new Android malware strain that has been designed to steal data from mobile instant messaging clients. [...]

https://www.bleepingcomputer.com/news/security/android-trojan-steals-data-from-facebook-messenger-skype-other-im-clients/

Decrypters for Some Versions of Magniber Ransomware Released

Security researchers from AhnLab, a South Korea-based cyber-security firm, have created decrypters for some versions of the Magniber ransomware. [...]

https://www.bleepingcomputer.com/news/security/decrypters-for-some-versions-of-magniber-ransomware-released/

Some Chrome VPN Extensions Leak DNS Queries

Browser VPN extensions for Google Chrome may be leaking DNS queries to external observers thanks to a Chrome feature called DNS prefetching. [...]

https://www.bleepingcomputer.com/news/security/some-chrome-vpn-extensions-leak-dns-queries/

New Michigan Law Makes Possession of Ransomware Illegal

On Monday, Michigan Governor Rick Snyder signed two bills into law that criminalize the possession of ransomware "with the intent
to introduce it into a computer or computer network without authorization" and punish offenders with a three-year prison sentence, respectively. [...]

https://www.bleepingcomputer.com/news/security/new-michigan-law-makes-possession-of-ransomware-illegal/

Shooter at YouTube Headquarters Leads to Multiple Injuries

Reports have been coming in via Twitter that at approximately 4PM there was an active shooter incident at the YouTube headquarters in San Bruno, California. Supposedly centered around the cafeteria, a shooter had injured multiple people who were at the location. [...]

https://www.bleepingcomputer.com/news/google/shooter-at-youtube-headquarters-leads-to-multiple-injuries/

Live Chat Widgets Leak Employee Details From High-Profile Companies

At least two live chat widgets used on hundreds of high-profile sites are leaking the personal details of company employees. [...]

https://www.bleepingcomputer.com/news/security/live-chat-widgets-leak-employee-details-from-high-profile-companies/

Over 1,000 Magento Stores Hacked to Steal Card Data, Run Cryptojacking Scripts

Security researchers say they've identified at last 1,000 Magento sites that have been hacked by cybercriminals and infected with malicious scripts that steal payment card details or are used as staging points in the delivery of other malware. [...]

https://www.bleepingcomputer.com/news/security/over-1-000-magento-stores-hacked-to-steal-card-data-run-cryptojacking-scripts/

Microsoft Out-Of-Band Security Update Patches Malware Protection Engine Flaw

Yesterday, April 3, Microsoft released an emergency security update via Windows Update that fixes CVE-2018-0986, a vulnerability in the Microsoft Malware Protection Engine (MMPE). [...]

https://www.bleepingcomputer.com/news/security/microsoft-out-of-band-security-update-patches-malware-protection-engine-flaw/

Intel Reveals Some CPU Models Will Never Receive Microcode Updates

Intel released an update to the Meltdown and Spectre mitigation guide, revealing that it stopped working on mitigations for some processor series. [...]

https://www.bleepingcomputer.com/news/hardware/intel-reveals-some-cpu-models-will-never-receive-microcode-updates/

6 Cortana Settings That Can Make Your Life Easier

Cortana is the virtual assistant built into Windows 10. Even with minimal setup, it's still a useful tool. However, by tweaking settings, you can get even more benefits out of it and simplify your life.  [...]

https://www.bleepingcomputer.com/tips/virtual-assistants/6-cortana-settings-that-can-make-your-life-easier/

Latest macOS Update Breaks Support for Many External Monitors

macOS High Sierra 10.13.4, the latest macOS version released on March 29, breaks support for many externally-connected displays, according to users of four popular app & driver providers. [...]

https://www.bleepingcomputer.com/news/apple/latest-macos-update-breaks-support-for-many-external-monitors/

CertUtil.exe Could Allow Attackers To Download Malware While Bypassing AV

Windows has a built-in program called CertUtil, which can  be used to manage certificates in Windows. Using this program you can install, backup, delete, manage, and perform various functions related to certificates and certificate stores in Windows. [...]

https://www.bleepingcomputer.com/news/security/certutilexe-could-allow-attackers-to-download-malware-while-bypassing-av/

Google Chrome Extension Detects "Zero-Width Character" Fingerprinting Attacks

Software developer Marco Chiappetta has built a Google Chrome extension that can detect attempts to fingerprint text using the "zero-width character" technique. [...]

https://www.bleepingcomputer.com/news/security/google-chrome-extension-detects-zero-width-character-fingerprinting-attacks/

Facebook: Cambridge Analytica Accessed Data on 87 Million Users, Not 50 Million

Facebook revealed today that Cambridge Analytica accessed the personal information of more than 87 million users, and not 50 million, as it was initially reported. [...]

https://www.bleepingcomputer.com/news/security/facebook-cambridge-analytica-accessed-data-on-87-million-users-not-50-million/

Intel Tells Users to Uninstall Remote Keyboard App Over Unpatched Security Bugs

Intel has decided that instead of fixing three security bugs affecting the Intel Remote Keyboard Android app, it would be easier to discontinue the application altogether. [...]

https://www.bleepingcomputer.com/news/security/intel-tells-users-to-uninstall-remote-keyboard-app-over-unpatched-security-bugs/

Windows Insider RS5 Build 17639 Brings Us Improvements In Calculator and Sets

Yesterday Microsoft released Windows 10 Insider Preview Build 17639 to insiders on the Redstone 5 Skip Ahead ring. As Redstone 4, otherwise known as the Spring Creators Update, is being prepped for distribution, we will only see new builds in the Redstone 5 change for the time being. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-insider-rs5-build-17639-brings-us-improvements-in-calculator-and-sets/

Researchers Hijack Over 2,000 Subdomains From Legitimate Sites in CloudFront Experiment

Security experts from MindPoint Group, an information security firm, have hijacked over 2,000 subdomains from legitimate websites while researching possible security flaws in Amazon's CloudFront CDN service. [...]

https://www.bleepingcomputer.com/news/security/researchers-hijack-over-2-000-subdomains-from-legitimate-sites-in-cloudfront-experiment/

VirusTotal Launches Droidy, Its New Android Sandbox Technology

VirusTotal, the aggregated antivirus scanning engine owned by Google, announced today a new Android sandbox technology named Droidy. [...]

https://www.bleepingcomputer.com/news/security/virustotal-launches-droidy-its-new-android-sandbox-technology/

Hacker Uses Exploit to Generate Verge Cryptocurrency out of Thin Air

An unknown attacker has exploited a bug in the Verge cryptocurrency network code to mine Verge coins at a very rapid pace and generate funds almost out of thin air. [...]

https://www.bleepingcomputer.com/news/cryptocurrency/hacker-uses-exploit-to-generate-verge-cryptocurrency-out-of-thin-air/

HTTPS Everywhere Now Delivers New Rulesets Without Upgrading Extension

HTTPS Everywhere is a browser extension created by EFF and the TOR Project that makes web browsing more secure by automatically switching an insecure HTTP web request to a secure HTTPS request for sites that are using SSL. It does this through rules that are configured for compatible sites, which are then included in the extension. [...]

https://www.bleepingcomputer.com/news/security/https-everywhere-now-delivers-new-rulesets-without-upgrading-extension/

Cyber-Attacks on US Critical Infrastructure Linked to Cisco Switch Flaw

Cisco Talos, the cyber-security division of US IT conglomerate Cisco, said today that hackers are abusing misconfigured Cisco switches to gain a point of entry into organizations across the world. [...]

https://www.bleepingcomputer.com/news/security/cyber-attacks-on-us-critical-infrastructure-linked-to-cisco-switch-flaw/