Turla Outlook Backdoor Uses Clever Tactics for Stealth and Persistence

The Outlook backdoor Turla APT group uses for espionage operations is an unusual beast built for stealth and persistence, capable to survive in highly restricted networks. [...]

https://www.bleepingcomputer.com/news/security/turla-outlook-backdoor-uses-clever-tactics-for-stealth-and-persistence/

Some Surface Pro 4 Users Having Issues After July Firmware Update

Some Surface Pro 4 owners who have applied the July 2018 update are reportedly having issues with the power button, reboot, and touchscreen. A total of 102 customers have backed the forum post as they are having the same problem. [...]

https://www.bleepingcomputer.com/news/microsoft/some-surface-pro-4-users-having-issues-after-july-firmware-update/

Microsoft Rolls Out New Intel Microcode for Windows 10, Server 2016

Microsoft has released multiple microcode updates that mitigate additional variants of the speculative code execution vulnerabilities discovered in Intel processors. The patches cover the recently disclosed CPU flaws generically referred to as Foreshadow or L1 Terminal Fault. [...]

https://www.bleepingcomputer.com/news/security/microsoft-rolls-out-new-intel-microcode-for-windows-10-server-2016/

Idle Android Phones Send Data to Google Ten Times More Often Than iOS Devices to Apple

An idle Android smartphone sends user data back to Google servers nearly ten times more frequently as an Apple device sends data back to Apple servers. [...]

https://www.bleepingcomputer.com/news/google/idle-android-phones-send-data-to-google-ten-times-more-often-than-ios-devices-to-apple/

Lazarus Group Deploys Its First Mac Malware in Cryptocurrency Exchange Hack

Lazarus Group, the North Korean hackers who hacked Sony Films a few years back, have deployed their first Mac malware ever, according to Russian antivirus vendor Kaspersky Lab. [...]

https://www.bleepingcomputer.com/news/security/lazarus-group-deploys-its-first-mac-malware-in-cryptocurrency-exchange-hack/

Recent DNC Hacking Attempt Was Just a Simulated Phishing Test

A recent hacking attempt against the Democratic National Committee (DNC) proved to be a false alarm, according to a clarifying statement released by the DNC chief security officer Bob Lord. [...]

https://www.bleepingcomputer.com/news/government/recent-dnc-hacking-attempt-was-just-a-simulated-phishing-test/

Huawei & ZTE Banned From Providing 5G Equipment in Australia

The Australian government has banned Huawei and ZTE from providing hardware equipment for the country's 5G network, a Huawei spokesperson revealed today. [...]

https://www.bleepingcomputer.com/news/technology/huawei-and-zte-banned-from-providing-5g-equipment-in-australia/

Mirai IoT Malware Uses Aboriginal Linux to Target Multiple Platforms

Big changes on the IoT malware scene. Security researchers have spotted a version of the Mirai IoT malware that can run on a vast range of architectures, and even on Android devices. [...]

https://www.bleepingcomputer.com/news/security/mirai-iot-malware-uses-aboriginal-linux-to-target-multiple-platforms/

Cybercriminals Undeterred by ToS For Remcos RAT

Researchers from Cisco Talos are calling out the developer of a remote administration tool (RAT) for allowing its use for malicious purposes. [...]

https://www.bleepingcomputer.com/news/security/cybercriminals-undeterred-by-tos-for-remcos-rat/

Microsoft Releases New Windows 10 Redstone 5 Build for Slow Ring Insiders

Today, Microsoft is rolling out Windows 10 Preview Build 17738.1000 (Redstone 5) to the Insiders in the Slow ring and it's the third RS5 build in the Slow ring. The company previously rolled out the same build to users enrolled in the Fast ring earlier this month and it comes with no new changes. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-new-windows-10-redstone-5-build-for-slow-ring-insiders/

Windows 95 Is Now Available as an App for Windows, macOS and Linux

Felix Rieseberg, a software engineer at Slack has released Windows 95 as an app for Windows, Mac or Linux. It's a 100MB Electron app that you can install and run on Windows, Mac or even Linux computers. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-95-is-now-available-as-an-app-for-windows-macos-and-linux/

Cheddar Scratch Kitchen Exposes Card Data of Over 500,000

Restaurants in 23 states are on the list of Cheddar Scratch Kitchen locations affected by a cyberattack that exposed payment card information. [...]

https://www.bleepingcomputer.com/news/security/cheddar-scratch-kitchen-exposes-card-data-of-over-500-000/

Third SIM Swapper Arrested in the US

During the past two months, US law enforcement authorities have arrested three suspects on accusations of performing illicit SIM swaps. [...]

https://www.bleepingcomputer.com/news/security/third-sim-swapper-arrested-in-the-us/

T-Mobile Detects and Stops Ongoing Security Breach

T-Mobile USA announced a security breach late last night. The company says its cyber-security team discovered and shut down unauthorized access to its customers' data on Monday, August 20. [...]

https://www.bleepingcomputer.com/news/security/t-mobile-detects-and-stops-ongoing-security-breach/

Iranian Hackers Charged in March Are Still Actively Phishing Universities

An Iranian hacking group has continued its phishing operations undeterred by indictments from the US Department of Justice. [...]

https://www.bleepingcomputer.com/news/security/iranian-hackers-charged-in-march-are-still-actively-phishing-universities/

Bitdefender Disables Anti-Exploit Monitoring in Chrome After Google Policy Change

Chrome has started displaying alerts that suggest users remove programs that are considered incompatible applications with Chrome because they inject code into the browser's processes. In order to resolve these issues Bitdefender has decided to no longer monitor newer versions of Chrome with their anti-exploit technology. [...]

https://www.bleepingcomputer.com/news/google/bitdefender-disables-anti-exploit-monitoring-in-chrome-after-google-policy-change/

Senators Demand Voting Machine Vendor Explain Why It Dismisses Researchers Prodding Its Devices

Four US senators, members of the US Senate Select Committee on Intelligence, sent a letter on Wednesday to Election Systems and Software (ES&S), the largest voting machine vendor in the US, asking for clarifications on why the vendor is trying to discourage independent security reviews of its products. [...]

https://www.bleepingcomputer.com/news/government/senators-demand-voting-machine-vendor-explain-why-it-dismisses-researchers-prodding-its-devices/

Windows 10 Build 17746 Is Out for Insiders With Bug Fixes

Today, Microsoft is rolling out a new preview build for the Windows Insiders in the Fast Ring. Windows 10 Build 17746 comes with a bunch of improvements, fixes, and as well known issues. You can check out all the details here. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-build-17746-is-out-for-insiders-with-bug-fixes/

New Side-Channel Attack Uses Microphone to Read Screen Content

Using regular microphones, academic researchers managed to pick up acoustic signals from computer displays and determine in real time the type of content on the screen. [...]

https://www.bleepingcomputer.com/news/security/new-side-channel-attack-uses-microphone-to-read-screen-content/

The Week in Ransomware - August 24th 2018 - Hermes, Fox, and Ryuk

This week we had seen quite a few campaigns that had widespread distribution. These campaigns are either being installed over accessible Remote Desktop Services or malspam. The biggest news is a variant of the Hermes ransomware called Ryuk that has generated over 600k USD for the developers. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-24th-2018-hermes-fox-and-ryuk/

Smartphones From 11 OEMs Vulnerable to Attacks via Hidden AT Commands

Millions of mobile devices from eleven smartphone vendors are vulnerable to attacks carried out using AT commands, a team of security researchers has discovered. [...]

https://www.bleepingcomputer.com/news/security/smartphones-from-11-oems-vulnerable-to-attacks-via-hidden-at-commands/