The Week in Ransomware - September 7th 2018 - Obama, Matrix, and More

It has been a quiet week with just small variants and new variants of existing ones such as Matrix. As much as we would like to see ransomware die off altogether, it is hear to stay. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-7th-2018-obama-matrix-and-more/

Keybase Browser Extension Does Not Encrypt Messages

The browser extension for the Keybase app fails to keep the end-to-end encryption promised by its desktop variant. [...]

https://www.bleepingcomputer.com/news/security/keybase-browser-extension-does-not-encrypt-messages/

Chrome 69 Removing WWW and M subdomains From the Browser's Address Bar

With the release of Chrome 69, Google has decided to strip the "www" and "m" subdomains from the URL displayed in Chrome's address bar. For example, when a user visits www.bleepingcomputer.com, the www would be stripped and displayed as bleepingcomputer.com in the address bar. [...]

https://www.bleepingcomputer.com/news/google/chrome-69-removing-www-and-m-subdomains-from-the-browsers-address-bar/

Trend Micro Apps Leak User Data, Removed from Mac App Store

Multiple apps developed by Trend Micro are no longer available in the Mac App Store after researchers showed they were collecting browser history and information about users' computers. [...]

https://www.bleepingcomputer.com/news/security/trend-micro-apps-leak-user-data-removed-from-mac-app-store/

Over 3,700 MikroTik Routers Abused In CryptoJacking Campaigns

Ever since exploit code for CVE-2018-14847 became publicly available, miscreants have launched attacks against MikroTik routers. Thousands of unpatched devices are mining for cryptocurrency at the moment. [...]

https://www.bleepingcomputer.com/news/security/over-3-700-mikrotik-routers-abused-in-cryptojacking-campaigns/

Exploit Affecting Tor Browser Burned In A Tweet

[...]

https://www.bleepingcomputer.com/news/security/exploit-affecting-tor-browser-burned-in-a-tweet/

British Airways Fell Victim To Card Scraping Attack

[...]

https://www.bleepingcomputer.com/news/security/british-airways-fell-victim-to-card-scraping-attack/

Apple's Safari Falls For New Address Bar Spoofing Trick

An unpatched vulnerability in the Safari web browser allows an attacker to control the content displayed in the address bar, a security researcher discovered. The method enables well-crafted phishing attacks that are difficult to spot by the average consumer. [...]

https://www.bleepingcomputer.com/news/security/apples-safari-falls-for-new-address-bar-spoofing-trick/

Mongo Lock Attack Ransoming Deleted MongoDB Databases

An attack called Mongo Lock is targeting remotely accessible and unprotected MongoDB databases, wiping them, and then demanding a ransom in order to get the contents back.  [...]

https://www.bleepingcomputer.com/news/security/mongo-lock-attack-ransoming-deleted-mongodb-databases/

Adobe September 2018 Security Updates Fix 6 Critical Vulnerabilities

Today Adobe released security updates for Flash Player and ColdFusion as part of their September 2018 monthly patch Tuesday. These updates fix numerous information disclosure vulnerabilities and critical vulnerabilities in ColdFusion that could allow attackers to remotely execute commands on a vulnerable server. [...]

https://www.bleepingcomputer.com/news/security/adobe-september-2018-security-updates-fix-6-critical-vulnerabilities/

Microsoft Releases Windows 10 Cumulative Updates KB4457128 and KB4457142

It's Patch Tuesday and Microsoft is rolling out a new cumulative update for Windows 10 April 2018 Update (version 1803) and Fall Creators Update (version 1709). The latest patch for Windows 10 comes with a small list of fixes and improvements. Most of the changes are aimed at enterprises and businesses. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-cumulative-updates-kb4457128-and-kb4457142/

Chrome 69 for iOS Moved Navigation Bar to Bottom of Screen & Users are Unhappy

With the release of Chrome 69 for iOS, Google has moved the browser's  navigation bar to the bottom of the user interface and people are not happy about it. [...]

https://www.bleepingcomputer.com/news/google/chrome-69-for-ios-moved-navigation-bar-to-bottom-of-screen-and-users-are-unhappy/

Windows 10 Build 17758 Is Now Available With Storage Sense Improvements

Microsoft is rolling out Windows 10 Build 17758 for Insiders in the Fast Ring. Windows 10 Build 17758 doesn't come with any major changes as the focus is now being entirely on refining performance ahead of the public launch of the Windows 10 October 2018 Update next month. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-build-17758-is-now-available-with-storage-sense-improvements/

Data Management Firm Exposes 445 Million Records

A database with over 200GB of data was found on a server left defenseless and open to public query, to anyone knowing where to find it. [...]

https://www.bleepingcomputer.com/news/security/data-management-firm-exposes-445-million-records/

Microsoft Releases Windows 7 & 8.1 Cumulative Updates KB4457144 & KB4457129

After releasing new cumulative updates for Windows 10, Microsoft is also rolling out a new patch for both Windows 7 and Windows 8.1. Earlier today, the software maker pushed out these updates for Windows 7 and 8.1 devices to address some security issues. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-7-and-81-cumulative-updates-kb4457144-and-kb4457129/

Microsoft September 2018 Patch Tuesday Fixes 17 Critical Vulnerabilities

Microsoft's September 2018 Patch Tuesday security updates resolve 62 known vulnerabilities in Microsoft products as well as an update for Adobe Flash Player. Of these 62 vulnerabilities, 17 are critical and could allow an attacker to remotely take control of a computer. [...]

https://www.bleepingcomputer.com/news/security/microsoft-september-2018-patch-tuesday-fixes-17-critical-vulnerabilities/

Mirai, Gafgyt IoT Botnets Reach To the Enterprise Sector

Mirai and Gafgyt, two of the best known IoT botnets, have forked once again, but the new variants peek at the corporate sector for creating or replenishing their denial-of-service resources for distributed attacks. [...]

https://www.bleepingcomputer.com/news/security/mirai-gafgyt-iot-botnets-reach-to-the-enterprise-sector/

Crooks Combine Phishing and Impersonation For Higher Success Rate

While phishing continues to be the prevalent threat in malware-less email-based attacks, cybercriminals refine their methods by adding an impersonation component to increase the success rate against company employees. [...]

https://www.bleepingcomputer.com/news/security/crooks-combine-phishing-and-impersonation-for-higher-success-rate/

Dramatic Increase of DDoS Attack Sizes Attributed to IoT Devices

A new report released today shows that distributed denial of service (DDoS) attacks have increased dramatically in the first two quarters of 2018 compared to 2017. The increase in attacks is being attributed to large scale botnets being created by attackers using insecure IoT devices. [...]

https://www.bleepingcomputer.com/news/security/dramatic-increase-of-ddos-attack-sizes-attributed-to-iot-devices/

Cybercriminals Go Phishing For Jaxx Wallet Users

For at least a week, the Jaxx cryptocurrency wallet website had a fraudulent version that served malicious links to trick users into revealing the backup phrase that protected the virtual funds. [...]

https://www.bleepingcomputer.com/news/security/cybercriminals-go-phishing-for-jaxx-wallet-users/

Feedify Service Compromised with Magecart Information Stealing Script

A script used by the customer engagement service Feedify has been hacked to include the malicious MageCart script. MageCart is malicious code used by attackers to steal credit card details and other information from e-commerce sites when a user submits a form. [...]

https://www.bleepingcomputer.com/news/security/feedify-service-compromised-with-magecart-information-stealing-script/