CroniX CryptoMiner Kills Rivals to Reign Supreme

The operator of a new cryptomining campaign takes aggressive actions against its competition and halts other cryptojacking activity on the machines it claims. [...]

https://www.bleepingcomputer.com/news/security/cronix-cryptominer-kills-rivals-to-reign-supreme/

Necurs Spews 780,000 Emails With Weaponized IQY Files

Necurs botnet distributed over 780,000 emails in five campaigns earlier this year, all containing weaponized IQY files - the latest method for delivering malware. [...]

https://www.bleepingcomputer.com/news/security/necurs-spews-780-000-emails-with-weaponized-iqy-files/

Tesla Will Restore Car Firmware/OS When Hacking Goes Wrong

Tesla recently added to its responsible disclosure guidelines with clarifications that welcome researchers to probe software in its cars for security bugs. [...]

https://www.bleepingcomputer.com/news/security/tesla-will-restore-car-firmware-os-when-hacking-goes-wrong/

Windows 10 Build 18234 (19H1) Released to Insiders With Improvements

Today, Microsoft is rolling out Windows 10 Build 18234 (19H1) for Windows Insiders in the Skip Ahead Ring. Build 18234 doesn't come with any new features as we're still in the early days of development of this feature update.  For those who enjoy the Windows 10 Dark Theme for file explorer, it has been ported over to this build. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-build-18234-19h1-released-to-insiders-with-improvements/

British Airways Loses Customer Payment Card Data in Breach

British Airways two hours ago announced the theft of customer data from its website and mobile application. [...]

https://www.bleepingcomputer.com/news/security/british-airways-loses-customer-payment-card-data-in-breach/

Businesses Can Now Pay to Extend Windows 7 Security Updates Beyond 2020

Windows 7 is projected to reach the end-of-support in January 2020 for consumers but Microsoft is extending the support cycle for businesses to help them make the shift to a modern desktop. [...]

https://www.bleepingcomputer.com/news/microsoft/businesses-can-now-pay-to-extend-windows-7-security-updates-beyond-2020/

New Fallout Exploit Kit Drops GandCrab Ransomware or Redirects to PUPs

A new exploit kit called Fallout is being used to distribute the GandCrab ransomware, malware downloading Trojans, and other potentially unwanted programs (PUPs).  [...]

https://www.bleepingcomputer.com/news/security/new-fallout-exploit-kit-drops-gandcrab-ransomware-or-redirects-to-pups/

New Chainshot Malware Found By Cracking 512-Bit RSA Key

Security researchers exploited a threat actor's poor choice for encryption and discovered a new piece of malware along with network infrastructure that links to various targeted attacks. [...]

https://www.bleepingcomputer.com/news/security/new-chainshot-malware-found-by-cracking-512-bit-rsa-key/

Domestic Kitten APT Operates in Silence Since 2016

An extensive surveillance operation targets specific groups of individuals with malicious mobile apps that collect sensitive information from the device along with surrounding voice recordings. [...]

https://www.bleepingcomputer.com/news/security/domestic-kitten-apt-operates-in-silence-since-2016/

New Windows 10 Preview Build 17755 & Your Phone Updated with SMS Support

Microsoft has released Insider preview build 17755 that just fixes known issues and bugs. The bigger news is the release of an updated Your Phone app that allow you to view and reply on your Windows 10 PC to text messages that you received on your linked Android devices. [...]

https://www.bleepingcomputer.com/news/security/new-windows-10-preview-build-17755-and-your-phone-updated-with-sms-support/

Apple Removes Top Security App For Stealing Data and Sending it to China

Apple removed today the #1 selling anti-malware app called Adware Doctor from the Mac App Store because it was gathering browsing history and other sensitive information without a user's permission and then uploading it to someone in China. [...]

https://www.bleepingcomputer.com/news/security/apple-removes-top-security-app-for-stealing-data-and-sending-it-to-china/

Privilege Escalation Bug Found in Popular VPN Clients

Vulnerabilities in NordVPN and ProtonVPN clients allow an attacker to execute code on the affected computer with the rights of an administrator. [...]

https://www.bleepingcomputer.com/news/security/privilege-escalation-bug-found-in-popular-vpn-clients/

The Week in Ransomware - September 7th 2018 - Obama, Matrix, and More

It has been a quiet week with just small variants and new variants of existing ones such as Matrix. As much as we would like to see ransomware die off altogether, it is hear to stay. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-7th-2018-obama-matrix-and-more/

Keybase Browser Extension Does Not Encrypt Messages

The browser extension for the Keybase app fails to keep the end-to-end encryption promised by its desktop variant. [...]

https://www.bleepingcomputer.com/news/security/keybase-browser-extension-does-not-encrypt-messages/

Chrome 69 Removing WWW and M subdomains From the Browser's Address Bar

With the release of Chrome 69, Google has decided to strip the "www" and "m" subdomains from the URL displayed in Chrome's address bar. For example, when a user visits www.bleepingcomputer.com, the www would be stripped and displayed as bleepingcomputer.com in the address bar. [...]

https://www.bleepingcomputer.com/news/google/chrome-69-removing-www-and-m-subdomains-from-the-browsers-address-bar/

Trend Micro Apps Leak User Data, Removed from Mac App Store

Multiple apps developed by Trend Micro are no longer available in the Mac App Store after researchers showed they were collecting browser history and information about users' computers. [...]

https://www.bleepingcomputer.com/news/security/trend-micro-apps-leak-user-data-removed-from-mac-app-store/

Over 3,700 MikroTik Routers Abused In CryptoJacking Campaigns

Ever since exploit code for CVE-2018-14847 became publicly available, miscreants have launched attacks against MikroTik routers. Thousands of unpatched devices are mining for cryptocurrency at the moment. [...]

https://www.bleepingcomputer.com/news/security/over-3-700-mikrotik-routers-abused-in-cryptojacking-campaigns/

Exploit Affecting Tor Browser Burned In A Tweet

[...]

https://www.bleepingcomputer.com/news/security/exploit-affecting-tor-browser-burned-in-a-tweet/

British Airways Fell Victim To Card Scraping Attack

[...]

https://www.bleepingcomputer.com/news/security/british-airways-fell-victim-to-card-scraping-attack/

Apple's Safari Falls For New Address Bar Spoofing Trick

An unpatched vulnerability in the Safari web browser allows an attacker to control the content displayed in the address bar, a security researcher discovered. The method enables well-crafted phishing attacks that are difficult to spot by the average consumer. [...]

https://www.bleepingcomputer.com/news/security/apples-safari-falls-for-new-address-bar-spoofing-trick/

Mongo Lock Attack Ransoming Deleted MongoDB Databases

An attack called Mongo Lock is targeting remotely accessible and unprotected MongoDB databases, wiping them, and then demanding a ransom in order to get the contents back.  [...]

https://www.bleepingcomputer.com/news/security/mongo-lock-attack-ransoming-deleted-mongodb-databases/