Microsoft Disrupts APT28 Hacking Campaign Aimed at US Midterm Elections

Microsoft revealed last night that it successfully disrupted a hacking campaign associated with the Russian military intelligence service GRU. [...]

https://www.bleepingcomputer.com/news/security/microsoft-disrupts-apt28-hacking-campaign-aimed-at-us-midterm-elections/

Ryuk Ransomware Crew Makes $640,000 in Recent Activity Surge

A new ransomware strain named Ryuk is making the rounds, and, according to current reports, the group behind it has already made over $640,000 worth of Bitcoin. [...]

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-crew-makes-640-000-in-recent-activity-surge/

Microsoft Office 2016 Updated on Windows Desktop With New Features for Insiders

Microsoft has just rolled out a new Insider update for Office 2016 productivity suite on Windows desktop. The Office 2016 Build 10813.20004 for Windows desktop comes with new features for Word, Excel and PowerPoint [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-office-2016-updated-on-windows-desktop-with-new-features-for-insiders/

MongoDB Server Exposes Babysitting App's Database

The makers of Sitter, a popular app for connecting babysitters with parents, have involuntarily exposed the personal details of over 93,000 users. [...]

https://www.bleepingcomputer.com/news/security/mongodb-server-exposes-babysitting-apps-database/

TLS Certs Outliving Domain Ownership Open Door to MitM and DoS

Digital certificates that allow secure data exchange over the internet can survive domain ownership transfer and can open the door for malicious actions to the previous holder. [...]

https://www.bleepingcomputer.com/news/security/tls-certs-outliving-domain-ownership-open-door-to-mitm-and-dos/

Cloud Product Accidentally Exposes Users' TLS Certificate Private Keys

A severe issue was addressed on Monday, an issue that under certain conditions could be used to expose the private keys for TLS certificates used by companies running their infrastructure on cloud servers. [...]

https://www.bleepingcomputer.com/news/security/cloud-product-accidentally-exposes-users-tls-certificate-private-keys/

Mozilla to Remove Legacy Firefox Add-Ons From Add-On Portal in Early October

Mozilla announced today plans to remove all Firefox legacy add-ons from the official Mozilla add-ons portal later this year, in early October. [...]

https://www.bleepingcomputer.com/news/software/mozilla-to-remove-legacy-firefox-add-ons-from-add-on-portal-in-early-october/

Windows 10 Build 17744 Released With Bug Fixes And Improvements

There are only general fixes and improvements in Windows 10 Build 17744 as the software maker is now focused on squashing bugs and less on new features. Microsoft has fixed issues with Timeline and Cortana. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-build-17744-released-with-bug-fixes-and-improvements/

No Patch Available Yet for New Major Vulnerability in Ghostscript Interpreter

Tavis Ormandy, a Google Project Zero security researcher, has revealed details about a new major vulnerability discovered in Ghostscript, an interpreter for Adobe's PostScript and PDF page description languages. [...]

https://www.bleepingcomputer.com/news/security/no-patch-available-yet-for-new-major-vulnerability-in-ghostscript-interpreter/

New Attack Recovers RSA Encryption Keys from EM Waves Within Seconds

A research paper presented at the Usenix security conference last week detailed a new technique for retrieving encryption keys from electronic devices, a method that is much faster than all previously known techniques. [...]

https://www.bleepingcomputer.com/news/security/new-attack-recovers-rsa-encryption-keys-from-em-waves-within-seconds/

Supply Chain Attack Hits Organizations In South Korea

Security researchers have uncovered a new supply chain attack that targets organizations in South Korea. The threat actor chooses the victims selectively, based on an IP range for groups of interest. [...]

https://www.bleepingcomputer.com/news/security/supply-chain-attack-hits-organizations-in-south-korea/

Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades

A vulnerability affects all versions of the OpenSSH client released in the past two decades, ever since the application was released in 1999. [...]

https://www.bleepingcomputer.com/news/security/vulnerability-affects-all-openssh-versions-released-in-the-past-two-decades/

Legacy System Exposes Contact Info of BlackHat 2018 Attendees

Full contact information of everyone attending the BlackHat security conference this year has been exposed in clear text, a researcher has found. The data trove includes name, email, company, and phone number. [...]

https://www.bleepingcomputer.com/news/security/legacy-system-exposes-contact-info-of-blackhat-2018-attendees/

New Android Triout Malware Can Record Phone Calls, Steal Pictures

Security researchers from Bitdefender have discovered a new Android malware strain named Triout that comes equipped with intrusive spyware capabilities, such as the ability to record phone calls and steal pictures taken with the device. [...]

https://www.bleepingcomputer.com/news/security/new-android-triout-malware-can-record-phone-calls-steal-pictures/

Facebook Thwarts Iranian Social Media Influence Campaign Aimed at Western Users

Following a report from US cyber-security firm FireEye, Facebook has removed 652 pages, groups, and accounts associated with social media influence campaigns coming out of Iran. [...]

https://www.bleepingcomputer.com/news/technology/facebook-thwarts-iranian-social-media-influence-campaign-aimed-at-western-users/

Microsoft Plans to Make Monthly Windows 10 Updates Smaller in Size

Microsoft announced that they're developing an improved Windows Update mechanism that would create a small update package for easier and faster deployment. This new update type is is coming later this year with Windows 10 version 1809. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-plans-to-make-monthly-windows-10-updates-smaller-in-size/

Turla Outlook Backdoor Uses Clever Tactics for Stealth and Persistence

The Outlook backdoor Turla APT group uses for espionage operations is an unusual beast built for stealth and persistence, capable to survive in highly restricted networks. [...]

https://www.bleepingcomputer.com/news/security/turla-outlook-backdoor-uses-clever-tactics-for-stealth-and-persistence/

Some Surface Pro 4 Users Having Issues After July Firmware Update

Some Surface Pro 4 owners who have applied the July 2018 update are reportedly having issues with the power button, reboot, and touchscreen. A total of 102 customers have backed the forum post as they are having the same problem. [...]

https://www.bleepingcomputer.com/news/microsoft/some-surface-pro-4-users-having-issues-after-july-firmware-update/

Microsoft Rolls Out New Intel Microcode for Windows 10, Server 2016

Microsoft has released multiple microcode updates that mitigate additional variants of the speculative code execution vulnerabilities discovered in Intel processors. The patches cover the recently disclosed CPU flaws generically referred to as Foreshadow or L1 Terminal Fault. [...]

https://www.bleepingcomputer.com/news/security/microsoft-rolls-out-new-intel-microcode-for-windows-10-server-2016/

Idle Android Phones Send Data to Google Ten Times More Often Than iOS Devices to Apple

An idle Android smartphone sends user data back to Google servers nearly ten times more frequently as an Apple device sends data back to Apple servers. [...]

https://www.bleepingcomputer.com/news/google/idle-android-phones-send-data-to-google-ten-times-more-often-than-ios-devices-to-apple/

Lazarus Group Deploys Its First Mac Malware in Cryptocurrency Exchange Hack

Lazarus Group, the North Korean hackers who hacked Sony Films a few years back, have deployed their first Mac malware ever, according to Russian antivirus vendor Kaspersky Lab. [...]

https://www.bleepingcomputer.com/news/security/lazarus-group-deploys-its-first-mac-malware-in-cryptocurrency-exchange-hack/