White-Hats Go Rogue, Attack Financial Institutions

Hackers rooted in the white-hat part of the business moonlight as bank robbers, pouring their knowledge and skills into creating and modifying malware that allows them to infiltrate financial institutions. [...]

https://www.bleepingcomputer.com/news/security/white-hats-go-rogue-attack-financial-institutions/

White-Hats Go Rogue, Attack Financial Institutions

Hackers rooted in the white-hat part of the business moonlight as bank robbers, pouring their knowledge and skills into creating and modifying malware that allows them to infiltrate financial institutions. [...]

https://www.bleepingcomputer.com/news/security/white-hats-go-rogue-attack-financial-institutions/

MEGA Chrome Extension Hacked To Steal Login Credentials and CryptoCurrency

Security researchers have discovered that the MEGA Chrome extension had been compromised to steal login credentials and cryptocurrency keys. Once it was discovered that the extension was replaced with a malicious variant, Google removed the extension from the Chrome Web Store. [...]

https://www.bleepingcomputer.com/news/security/mega-chrome-extension-hacked-to-steal-login-credentials-and-cryptocurrency/

Scammers Cashing In on Free TK Domains & Ad Fraud

Scammers are utilizing free .TK domains to redirect users from hacked sites to fake blogs created for the sole purpose of displaying advertisements or tech support scams. [...]

https://www.bleepingcomputer.com/news/security/scammers-cashing-in-on-free-tk-domains-and-ad-fraud/

USA Is the Top Country for Hosting Malicious Domains According to Report

The US continues to be the top country hosting domains that serve web-based threats and, and the main source for exploit kits on a global level, according to new research. [...]

https://www.bleepingcomputer.com/news/security/usa-is-the-top-country-for-hosting-malicious-domains-according-to-report/

Windows Task Scheduler Zero Day Exploited by Malware

Malware developers have started to use the zero-day exploit for Windows Task Scheduler component, two days after proof-of-concept code for the vulnerability appeared online. [...]

https://www.bleepingcomputer.com/news/security/windows-task-scheduler-zero-day-exploited-by-malware/

Vodafone Tells Hacked Customers with "1234" Password to Pay Back Money

A Czech court recently sentenced two hackers to three years in prison for accessing Vodafone customer's mobile accounts and use them to purchase 600,000 Czech Koruna worth of gambling services. Vodafone reportedly wants the hacked victim's to pay for these charges as they were using an easy password of "1234". [...]

https://www.bleepingcomputer.com/news/security/vodafone-tells-hacked-customers-with-1234-password-to-pay-back-money/

New Windows 10 October 2018 Preview Build 17754 Released

Today, Microsoft is rolling out a new preview build of Windows 10 October 2018 Update with a series of improvements and bug fixes. Windows 10 Build 17754 comes with fixes for Action Center, Microsoft Edge PWA integration, and more. [...]

https://www.bleepingcomputer.com/news/microsoft/new-windows-10-october-2018-preview-build-17754-released/

Cisco Releases 16 Security Alerts Rated Critical and High

Cisco published on Wednesday 30 security advisories on vulnerabilities identified in its products. Half of them are for high and critical severity bugs. [...]

https://www.bleepingcomputer.com/news/security/cisco-releases-16-security-alerts-rated-critical-and-high/

CroniX CryptoMiner Kills Rivals to Reign Supreme

The operator of a new cryptomining campaign takes aggressive actions against its competition and halts other cryptojacking activity on the machines it claims. [...]

https://www.bleepingcomputer.com/news/security/cronix-cryptominer-kills-rivals-to-reign-supreme/

Necurs Spews 780,000 Emails With Weaponized IQY Files

Necurs botnet distributed over 780,000 emails in five campaigns earlier this year, all containing weaponized IQY files - the latest method for delivering malware. [...]

https://www.bleepingcomputer.com/news/security/necurs-spews-780-000-emails-with-weaponized-iqy-files/

Tesla Will Restore Car Firmware/OS When Hacking Goes Wrong

Tesla recently added to its responsible disclosure guidelines with clarifications that welcome researchers to probe software in its cars for security bugs. [...]

https://www.bleepingcomputer.com/news/security/tesla-will-restore-car-firmware-os-when-hacking-goes-wrong/

Windows 10 Build 18234 (19H1) Released to Insiders With Improvements

Today, Microsoft is rolling out Windows 10 Build 18234 (19H1) for Windows Insiders in the Skip Ahead Ring. Build 18234 doesn't come with any new features as we're still in the early days of development of this feature update.  For those who enjoy the Windows 10 Dark Theme for file explorer, it has been ported over to this build. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-build-18234-19h1-released-to-insiders-with-improvements/

British Airways Loses Customer Payment Card Data in Breach

British Airways two hours ago announced the theft of customer data from its website and mobile application. [...]

https://www.bleepingcomputer.com/news/security/british-airways-loses-customer-payment-card-data-in-breach/

Businesses Can Now Pay to Extend Windows 7 Security Updates Beyond 2020

Windows 7 is projected to reach the end-of-support in January 2020 for consumers but Microsoft is extending the support cycle for businesses to help them make the shift to a modern desktop. [...]

https://www.bleepingcomputer.com/news/microsoft/businesses-can-now-pay-to-extend-windows-7-security-updates-beyond-2020/

New Fallout Exploit Kit Drops GandCrab Ransomware or Redirects to PUPs

A new exploit kit called Fallout is being used to distribute the GandCrab ransomware, malware downloading Trojans, and other potentially unwanted programs (PUPs).  [...]

https://www.bleepingcomputer.com/news/security/new-fallout-exploit-kit-drops-gandcrab-ransomware-or-redirects-to-pups/

New Chainshot Malware Found By Cracking 512-Bit RSA Key

Security researchers exploited a threat actor's poor choice for encryption and discovered a new piece of malware along with network infrastructure that links to various targeted attacks. [...]

https://www.bleepingcomputer.com/news/security/new-chainshot-malware-found-by-cracking-512-bit-rsa-key/

Domestic Kitten APT Operates in Silence Since 2016

An extensive surveillance operation targets specific groups of individuals with malicious mobile apps that collect sensitive information from the device along with surrounding voice recordings. [...]

https://www.bleepingcomputer.com/news/security/domestic-kitten-apt-operates-in-silence-since-2016/

New Windows 10 Preview Build 17755 & Your Phone Updated with SMS Support

Microsoft has released Insider preview build 17755 that just fixes known issues and bugs. The bigger news is the release of an updated Your Phone app that allow you to view and reply on your Windows 10 PC to text messages that you received on your linked Android devices. [...]

https://www.bleepingcomputer.com/news/security/new-windows-10-preview-build-17755-and-your-phone-updated-with-sms-support/

Apple Removes Top Security App For Stealing Data and Sending it to China

Apple removed today the #1 selling anti-malware app called Adware Doctor from the Mac App Store because it was gathering browsing history and other sensitive information without a user's permission and then uploading it to someone in China. [...]

https://www.bleepingcomputer.com/news/security/apple-removes-top-security-app-for-stealing-data-and-sending-it-to-china/

Privilege Escalation Bug Found in Popular VPN Clients

Vulnerabilities in NordVPN and ProtonVPN clients allow an attacker to execute code on the affected computer with the rights of an administrator. [...]

https://www.bleepingcomputer.com/news/security/privilege-escalation-bug-found-in-popular-vpn-clients/