PoC Developed for CoinHive Mining In Excel Using Custom JavaScript Functions

Within days of Microsoft announcing that they are introducing custom JavaScript equations in Excel, a security researcher has developed a way to use this method to load the CoinHive in-browser JavaScript miner within Excel. [...]

https://www.bleepingcomputer.com/news/security/poc-developed-for-coinhive-mining-in-excel-using-custom-javascript-functions/

Hacker Shuts Down Copenhagen’s Public City Bikes System

An unidentified hacker has breached Bycyklen —Copenhagen's city bikes network— and deleted the organization's entire database, disabling the public's access to bicycles over the weekend. [...]

https://www.bleepingcomputer.com/news/security/hacker-shuts-down-copenhagen-s-public-city-bikes-system/

Backdoored Python Library Caught Stealing SSH Credentials

Barely a week has passed from the last attempt to hide a backdoor in a code library, and we have a new case today. This time around, the backdoor was found in a Python module, and not an npm (JavaScript) package. [...]

https://www.bleepingcomputer.com/news/security/backdoored-python-library-caught-stealing-ssh-credentials/

Multiple OS Vendors Release Security Patches After Misinterpreting Intel Docs

Almost all major OS vendors released security patches yesterday after a researcher discovered that some OS makers have misinterpreted an Intel CPU debug feature and left their systems open to attacks. [...]

https://www.bleepingcomputer.com/news/security/multiple-os-vendors-release-security-patches-after-misinterpreting-intel-docs/

Windows CLI Apps Vulnerable to New Ctrl-Inject Process Injection Attack

Rotem Kerner, a security researcher with enSilo, has discovered a new process injection technique that can be abused by malicious actors to hide malware inside Windows-based CLI applications. [...]

https://www.bleepingcomputer.com/news/security/windows-cli-apps-vulnerable-to-new-ctrl-inject-process-injection-attack/

182% Increase in ID Records on Darknet With Kids’ Personal Info Being Exploited

4iQ is a identity threat intelligence company that monitors the internet for identity records exposed in data breaches and accidental leaks.  The latest 4iQ identity breach report indicates that between 2016 and 2017 there was a 182 percent increase in raw identity records discovered by its team. [...]

https://www.bleepingcomputer.com/news/security/182-percent-increase-in-id-records-on-darknet-with-kids-personal-info-being-exploited/

Microsoft Now Has a Usable Dark Theme for File Explorer in Windows 10

With today's release of Windows 10 Insider Preview Build 17666, Microsoft added an updated Dark Theme for File Explorer that is for the most part usable. We first reported on the File Explorer Dark Theme back in April, but at that time it was an ugly mess. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-now-has-a-usable-dark-theme-for-file-explorer-in-windows-10/

Firefox 60 Released With Support for an Enterprise-Friendly Policy Engine

The Mozilla Foundation released Firefox 60 earlier today. The highlights of this new Firefox version are support for a policy engine for deploying Firefox across enterprise environments, support for the WebAuthn passwordless authentication system, and the addition of sponsored stories (ads) for US users. [...]

https://www.bleepingcomputer.com/news/software/firefox-60-released-with-support-for-an-enterprise-friendly-policy-engine/

Microsoft Adding "Search with Bing" Feature to Notepad in Windows 10

In today Windows 10 Insider Build 17666, a new "Search with Bing" feature was added to Notepad. This feature allows a user to select text in and then "Search with Bing..." to open the default browser and search for the selected text. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-adding-search-with-bing-feature-to-notepad-in-windows-10/

Apple Is Cracking Down on Apps That Share Geolocation Data With Third-Parties

Reports are coming in from app developers that Apple has started cracking down on applications that share location data with third-party services. The crackdown comes after Apple has updated its App Store Review Guidelines to include sharing location data with third-parties as a punishable offense. [...]

https://www.bleepingcomputer.com/news/apple/apple-is-cracking-down-on-apps-that-share-geolocation-data-with-third-parties/

Windows 10 Insider Preview Build 17666 Is Here With Lots of Goodies

Today Microsoft released Windows 10 Insider Preview Build 17666 (Redstone 5) to insiders in the fast ring. This is a big build, with Sets improvements, a new Clipboard experience, a finished Dark Theme for File Explorer, Linux & Mac line ending support in Notepad, Notepad Search with Bing, Search Previews, & custom Tile Folder names. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-preview-build-17666-is-here-with-lots-of-goodies/

Bitcoin Wallet App Caught Stealing Seed Keys

The team behind Electrum, a Bitcoin wallet app, has exposed a copycat product named Electrum Pro as a malicious app that steals users' seed keys. [...]

https://www.bleepingcomputer.com/news/security/bitcoin-wallet-app-caught-stealing-seed-keys/

Oh, Joy! Source Code of TreasureHunter PoS Malware Leaks Online

On the malware scene, there is no clearer sign of trends to come than the leaking of a malware family's source code. Based on this assumption, we can now expect an influx of Point-of-Sale malware in the coming months after the release of the source code of the TreasureHunter PoS malware on a Russian-speaking cybercrime forum. [...]

https://www.bleepingcomputer.com/news/security/oh-joy-source-code-of-treasurehunter-pos-malware-leaks-online/

26% of Companies Ignore Security Bugs Because They Don’t Have the Time to Fix Them

A survey compiled last month at the RSA security conference reveals that most companies are still behind with proper security practices, and some of them even intentionally ignore security flaws for various reasons ranging from lack of time to lack of know-how. [...]

https://www.bleepingcomputer.com/news/security/26-percent-of-companies-ignore-security-bugs-because-they-don-t-have-the-time-to-fix-them/

Oh, Joy! Source Code of TreasureHunter PoS Malware Leaks Online

On the malware scene, there is no clearer sign of trends to come than the leaking of a malware family's source code. Based on this assumption, we can now expect an influx of Point-of-Sale malware in the coming months after the release of the source code of the TreasureHunter PoS malware on a Russian-speaking cybercrime forum. [...]

https://www.bleepingcomputer.com/news/security/oh-joy-source-code-of-treasurehunter-pos-malware-leaks-online/

5,000 Routers With No Telnet Password. Nothing to See Here! Move Along!

A Brazilian ISP appears to have deployed routers without a Telnet password for nearly 5,000 customers, leaving the devices wide open to abuse. [...]

https://www.bleepingcomputer.com/news/security/5-000-routers-with-no-telnet-password-nothing-to-see-here-move-along/

IBM Bans the Use of Removable Drives to Transfer Data

IBM has allegedly issued a worldwide ban against the the use of removable drives, including Flash, USB, and SD cards, to transfer data. This new policy is being instituted to prevent confidential and sensitive information from being leaked due to misplaced or unsecured storage devices. [...]

https://www.bleepingcomputer.com/news/business/ibm-bans-the-use-of-removable-drives-to-transfer-data/

Botnet Party on GPON Routers

At least five IoT botnets are fighting each other and attempting to infect Dasan GPON routers, according to Chinese cyber-security firm Qihoo 360 Netlab. [...]

https://www.bleepingcomputer.com/news/security/botnet-party-on-gpon-routers/

Microsoft Introduces a Redesigned Windows Clipboard Experience

For as long as people have been running Windows, users have been using the Copy & Paste commands to store and retrieve data from the Clipboard. In the Windows 10 Insider build 17666 Microsoft is showing off their Cloud Clipboard feature, which introduces what could be biggest upgrade to the Windows Clipboard since it was created. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-introduces-a-redesigned-windows-clipboard-experience/

Researchers Come Up With a Way to Launch Rowhammer Attacks via Network Packets

Five academics from the Vrije University in Amsterdam and one from the University of Cyprus have discovered a way for launching Rowhammer attacks via network packets and network cards. [...]

https://www.bleepingcomputer.com/news/security/researchers-come-up-with-a-way-to-launch-rowhammer-attacks-via-network-packets/

Malicious Apps Get Back on the Play Store Just by Changing Their Name

Security researchers are reporting that malicious Android apps they have detected and reported to Google the first time, have slipped back into the Play Store after changing their name. [...]

https://www.bleepingcomputer.com/news/security/malicious-apps-get-back-on-the-play-store-just-by-changing-their-name/