Some Spectre In-Browser Mitigations Can Be Defeated

Some of the protections against the Spectre CPU vulnerability introduced in modern browsers can be defeated, security researchers revealed this week. [...]

https://www.bleepingcomputer.com/news/security/some-spectre-in-browser-mitigations-can-be-defeated/

ProtonMail DDoS Attacks Are a Case Study of What Happens When You Mock Attackers

For the past two days, secure email provider ProtonMail has been fighting off DDoS attacks that have visibly affected the company's services, causing short but frequent outages at regular intervals. [...]

https://www.bleepingcomputer.com/news/security/protonmail-ddos-attacks-are-a-case-study-of-what-happens-when-you-mock-attackers/

Every Android Device Since 2012 Impacted by RAMpage Vulnerability

Almost all Android devices released since 2012 are vulnerable to a new vulnerability named RAMpage, an international team of academics has revealed today. The vulnerability, tracked as CVE-2018-9442, is a variation of the Rowhammer attack. [...]

https://www.bleepingcomputer.com/news/security/every-android-device-since-2012-impacted-by-rampage-vulnerability/

Equifax Engineer Who Designed Breach Website Charged With Insider Trading

The US Securities and Exchange Commission (SEC) has indicted a former Equifax engineer on charges of insider trading. [...]

https://www.bleepingcomputer.com/news/legal/equifax-engineer-who-designed-breach-website-charged-with-insider-trading/

National Security Concerns Over Hackers Commandeering Satellites

The number of satellites transmitting GPS locations, cellphone signals and other sensitive information has been rapidly increasing, which has resulted in the creation of favorable circumstances for hackers. Even with all the advances in satellite technology, much of the US military's satellite technology remains vulnerable. [...]

https://www.bleepingcomputer.com/news/security/national-security-concerns-over-hackers-commandeering-satellites/

Microsoft Announces Major Update for Skype on Windows 10

Microsoft has announced a major Skype update for Windows 10, which brings new features and refinements to the app. These new features include the ability to easily share the screen during a call, improved layout, snapshots, and more. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-major-update-for-skype-on-windows-10/

Brave Browser Adds Support for Private Browsing With Tor Integration

Brave, a lesser known but perfectly fine browser, launched a new version today that features a private browsing mode that automatically starts inside a Tor session. [...]

https://www.bleepingcomputer.com/news/software/brave-browser-adds-support-for-private-browsing-with-tor-integration/

All-Radio 4.27 Portable Can't Be Removed? Then Your PC is Severely Infected

Starting yesterday, there have been numerous reports of people being infected with something called "All-Radio 4.27 Portable". After researching this heavily today, it has been determined that seeing this program is a symptom of a much bigger problem on your computer. [...]

https://www.bleepingcomputer.com/news/security/all-radio-427-portable-cant-be-removed-then-your-pc-is-severely-infected/

PROPagate Code Injection Technique Detected in the Wild for the First Time

Security firm FireEye has detected that malware authors have deployed the PROPagate code injection technique for the first time inside a live malware distribution campaign. [...]

https://www.bleepingcomputer.com/news/security/propagate-code-injection-technique-detected-in-the-wild-for-the-first-time/

File-Wiping Malware Placed Inside Gentoo Linux Code After GitHub Account Hack

An unknown hacker has temporarily taken control over the GitHub account of the Gentoo Linux organization and embedded malicious code inside the operating system's distributions that would delete user files. [...]

https://www.bleepingcomputer.com/news/linux/file-wiping-malware-placed-inside-gentoo-linux-code-after-github-account-hack/

Adidas Announces Data Breach

Sportswear maker Adidas announced a data breach yesterday evening, which the company says it impacted shoppers who used its US website. [...]

https://www.bleepingcomputer.com/news/security/adidas-announces-data-breach/

Rewards of Up to $500,000 Offered for FreeBSD, OpenBSD, NetBSD, Linux Zero-Days

Exploit broker Zerodium is offering rewards of up to $500,000 for zero-days in UNIX-based operating systems like OpenBSD, FreeBSD, NetBSD, but also for Linux distros such as Ubuntu, CentOS, Debian, and Tails. [...]

https://www.bleepingcomputer.com/news/security/rewards-of-up-to-500-000-offered-for-freebsd-openbsd-netbsd-linux-zero-days/

Security Flaws Disclosed in LTE (4G) Mobile Telephony Standard

A team of academics has published research yesterday that describes three attacks against the mobile communication standard LTE (Long-Term Evolution), also known as 4G. [...]

https://www.bleepingcomputer.com/news/security/security-flaws-disclosed-in-lte-4g-mobile-telephony-standard/

Typeform Announces Breach After Hacker Grabs Backup File

Barcelona-based online survey and form building service Typeform announced a data breach today after an unknown attacker downloaded a backup file containing sensitive customer information. [...]

https://www.bleepingcomputer.com/news/security/typeform-announces-breach-after-hacker-grabs-backup-file/

The Week in Ransomware - June 29th 2018 - Slow week!

It has been a very slow week for ransomware, which we are always happy about. While ransomware will never go away completely, as time goes on, more people become educated, and better backup strategies are created, we continue to see ransomware slowly diminishing. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-29th-2018-slow-week/

Clipboard Hijacker Malware Monitors 2.3 Million Bitcoin Addresses

While we have covered cryptocurrency clipboard hijackers in the past, most of the previous samples monitored for 400-600 thousand cryptocurrency addresses. This week BleepingComputer noticed a sample of this type of malware that monitors for a over 2.3 million cryptocurrency addresses! [...]

https://www.bleepingcomputer.com/news/security/clipboard-hijacker-malware-monitors-23-million-bitcoin-addresses/

Microsoft Won’t Kill the Classic Snipping Tool on Windows 10 With Next Update

Microsoft is looking for feedback from Insiders about Screen Sketch app before removing the old Snipping Tool. In the release notes, Microsoft's Dona Sarkar says the removal is not timed for Redstone 5 and the classic Snipping Tool is here to stay, at least for now. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-won-t-kill-the-classic-snipping-tool-on-windows-10-with-next-update/

DNS Poisoning or BGP Hijacking Suspected Behind Trezor Wallet Phishing Incident

The team behind the Trezor multi-cryptocurrency wallet service has discovered a phishing attack against some of its users that took place over the weekend. [...]

https://www.bleepingcomputer.com/news/security/dns-poisoning-or-bgp-hijacking-suspected-behind-trezor-wallet-phishing-incident/

App Masks Hidden Printer Tracking Dots to Keep Whistleblowers Safe

Four academics from the Technical University in Dresden, Germany (TU Dresden) have created an app that detects and masks the hidden dot patterns that laser color printers secretly hide on all printed documents. [...]

https://www.bleepingcomputer.com/news/security/app-masks-hidden-printer-tracking-dots-to-keep-whistleblowers-safe/

NSA Deletes Hundreds of Millions of Call Records Over "Technical Irregularities"

The US National Security Agency (NSA) announced last week it was mass-deleting hundreds of millions of records of phone calls and text messages dating back to 2015. [...]

https://www.bleepingcomputer.com/news/government/nsa-deletes-hundreds-of-millions-of-call-records-over-technical-irregularities/

Newer Diameter Telephony Protocol Just As Vulnerable As SS7

Security researchers say the Diameter protocol used with today's 4G (LTE) telephony and data transfer standard is vulnerable to the same types of vulnerabilities as the older SS7 standard used with older telephony standards such as 3G, 2G, and earlier. [...]

https://www.bleepingcomputer.com/news/security/newer-diameter-telephony-protocol-just-as-vulnerable-as-ss7/