Smartphones From 11 OEMs Vulnerable to Attacks via Hidden AT Commands

Millions of mobile devices from eleven smartphone vendors are vulnerable to attacks carried out using AT commands, a team of security researchers has discovered. [...]

https://www.bleepingcomputer.com/news/security/smartphones-from-11-oems-vulnerable-to-attacks-via-hidden-at-commands/

Fortnite Android App Vulnerable to Man-in-the-Disk Attacks

Google security researchers have revealed this week that the immensely popular Fortnite Android app is vulnerable to so-called man-in-the-disk (MitD) attacks. [...]

https://www.bleepingcomputer.com/news/security/fortnite-android-app-vulnerable-to-man-in-the-disk-attacks/

NewsGuard Browser Extension Aims to Alert You to Fake News Sites

If you are having trouble keep tracking of site's that are considered reputable news sources verses ones that are not, a new browser extension from NewsGuard may be of help. [...]

https://www.bleepingcomputer.com/news/software/newsguard-browser-extension-aims-to-alert-you-to-fake-news-sites/

Ubuntu and CentOS Are Undoing a GNOME Security Feature

Current versions of Ubuntu and CentOS are disabling a security feature that was added to the GNOME desktop environment last year. [...]

https://www.bleepingcomputer.com/news/security/ubuntu-and-centos-are-undoing-a-gnome-security-feature/

Firefox Nightly Distrusts All Symantec TLS Certs

The plan to distrust TLS certificates issued by Symantec is on track as Mozilla released its first version of the browser that reacts with a security warning when users land on any page bearing the seal of trust from Symantec Certificate Authority. [...]

https://www.bleepingcomputer.com/news/security/firefox-nightly-distrusts-all-symantec-tls-certs/

Atlas Quantum Cryptocurrency Investment Platform Suffers Data Breach

Cryptocurrency investment platform Atlas Quantum announced on Sunday a data breach that exposed the personal details of all of its users. [...]

https://www.bleepingcomputer.com/news/security/atlas-quantum-cryptocurrency-investment-platform-suffers-data-breach/

Andromeda Botnet Operator Released With a Slap on the Wrist

Sergey Yarets, also known as Ar3s, a hacker arrested last year for running an instance of the Andromeda botnet, was released by Belarusian authorities with nothing more than a slap on the wrist. [...]

https://www.bleepingcomputer.com/news/security/andromeda-botnet-operator-released-with-a-slap-on-the-wrist/

Nearly 1,200 US News Sites Still Not Available for EU Users After GDPR

More than three months after the European Union introduced the new General Data Protection Regulation (GDPR), nearly 1,200 US-based news sites remain inaccessible to EU users. [...]

https://www.bleepingcomputer.com/news/technology/nearly-1-200-us-news-sites-still-not-available-for-eu-users-after-gdpr/

Windows 10 KB4100347 Intel CPU Update Causing Boot Issues & Pushed to AMD Users

On August 21st, Microsoft released an update to the May KB4100347 Intel microcodes for Windows 10 & Windows Server 2016. After installing this latest version, Windows users are reporting that they are unable to boot Windows 10 or are having performance issues. To complicate the issue, the Intel CPU update is being pushed to AMD users [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4100347-intel-cpu-update-causing-boot-issues-and-pushed-to-amd-users/

OCR Software Dev Exposes 200,000 Customer Documents

A misconfigured MongoDB server belonging to Abbyy, an optical character recognition software developer, allowed public access to customer files. [...]

https://www.bleepingcomputer.com/news/security/ocr-software-dev-exposes-200-000-customer-documents/

Novel Attack Technique Uses Smart Light Bulbs to Steal Data

Researchers have determined that some light bulbs are suitable for covert data exfiltration from personal devices, and can leak multimedia preferences by recording their luminance patterns from afar. [...]

https://www.bleepingcomputer.com/news/security/novel-attack-technique-uses-smart-light-bulbs-to-steal-data/

Booz Allen Hamilton Researchers Detail New RtPOS Point-of-Sale Malware

Security researchers from Booz Allen Hamilton have spotted a previously unseen and undocumented malware strain that targets point-of-sale (POS) systems. [...]

https://www.bleepingcomputer.com/news/security/booz-allen-hamilton-researchers-detail-new-rtpos-point-of-sale-malware/

Exploit Published for Unpatched Flaw in Windows Task Scheduler

A security researcher has published on Twitter details about a vulnerability in the Windows OS. The vulnerability is a "local privilege escalation" issue that allows an attacker to elevate the access of malicious code from a limited USER role to an all-access SYSTEM account. [...]

https://www.bleepingcomputer.com/news/security/exploit-published-for-unpatched-flaw-in-windows-task-scheduler/

US Government Takes Steps to Bolster CVE Program

The US government is taking steps to fix the Common Vulnerabilities and Exposures (CVE) system that's been plagued by various problems in recent years. [...]

https://www.bleepingcomputer.com/news/security/us-government-takes-steps-to-bolster-cve-program/

Active Attacks Detected Using Apache Struts Vulnerability CVE-2018-11776

After last week a security researcher revealed a vulnerability in Apache Struts, a piece of very popular enterprise software, active exploitation attempts have started this week. [...]

https://www.bleepingcomputer.com/news/security/active-attacks-detected-using-apache-struts-vulnerability-cve-2018-11776/

Instagram Expands 2FA Support Following Recent Wave of Account Hacks

Instagram announced today plans to improve its two-factor authentication (2FA) mechanism by adding support for third-party authenticator apps. [...]

https://www.bleepingcomputer.com/news/security/instagram-expands-2fa-support-following-recent-wave-of-account-hacks/

Sticky Notes 3.0 Is Now Available for Windows Insiders

Microsoft has been teasing a major update for Sticky Notes app over the last few weeks and today you can download the update if you're a Skip Ahead ring Insider. The Sticky Notes 3.0 for Windows 10 comes with the dark theme, cross-device syncing and more. [...]

https://www.bleepingcomputer.com/news/microsoft/sticky-notes-30-is-now-available-for-windows-insiders/

You May Soon Be Able to Log Into Windows 10 Using a Google Account

According to a new project uploaded to the Chromium team's code review site, users may soon be able to login into Windows 10 using their Google G Suite accounts. This new feature uses a "Google Credential Provider" that will allow Windows to authenticate enterprise users against their company's G Suite account and possibly regular Go [...]

https://www.bleepingcomputer.com/news/google/you-may-soon-be-able-to-log-into-windows-10-using-a-google-account/

Data of 130 Million Chinese Hotel Chain Guests Sold on Dark Web Forum

A hacker is selling the personal details of over 130 million hotel guests for 8 Bitcoin ($56,000) on a Chinese Dark Web forum. [...]

https://www.bleepingcomputer.com/news/security/data-of-130-million-chinese-hotel-chain-guests-sold-on-dark-web-forum/

Beware of Fake "Shipping Docs" Malspam Pushing the DarkComet RAT

A new malspam campaign is underway that pretends to be shipping documents and contains an attachment that installs the DarkComet remote access Trojan. When DarkComet is installed, the malware has the ability to log your keystrokes, application usage, take screenshots, and more, which is then sent back to the malware developer. [...]

https://www.bleepingcomputer.com/news/security/beware-of-fake-shipping-docs-malspam-pushing-the-darkcomet-rat/

Critical Flaw Fixed in Packagist, PHP's Largest Package Repository

The maintainers of Packagist, the PHP ecosystem's largest package repository, have fixed a critical vulnerability on their official website that could have allowed an attacker to hijack their service. [...]

https://www.bleepingcomputer.com/news/security/critical-flaw-fixed-in-packagist-phps-largest-package-repository/