New Brrr Dharma Ransomware Variant Released

A new variant of the Dharma Ransomware was released this week that appends the .brrr extension to encrypted files. This variant was first discovered by Jakub Kroustek who tweeted a link to the sample on VirusTotal. [...]

https://www.bleepingcomputer.com/news/security/new-brrr-dharma-ransomware-variant-released/

Linus Torvalds Apologizes, Takes Break to Patch Behavior

In a mailing list message on Sunday, Linus Torvalds apologizes for a lifelong of outbursts and snappy retorts at developers that may have driven them away from the Linux project. [...]

https://www.bleepingcomputer.com/news/linux/linus-torvalds-apologizes-takes-break-to-patch-behavior/

CloudFlare's IPFS Gateway Makes it Easy to Create Distributed Web Sites

CloudFlare has introduced a new gateway that allows you to easily access content stored on IPFS, or the InterPlanetary File System, through a web browser and without having to install a client. [...]

https://www.bleepingcomputer.com/news/technology/cloudflares-ipfs-gateway-makes-it-easy-to-create-distributed-web-sites/

CCleaner Disregarding Settings and Forcing Update to 5.46

Reports are coming in that Piriform is forcing CCleaner to update to the latest 5.46 version even when users had configured the program to not perform automatic updates. To make matters worse, once the users were upgraded to the latest version, their privacy settings are reset to default, which is to send usage data. [...]

https://www.bleepingcomputer.com/news/software/ccleaner-disregarding-settings-and-forcing-update-to-546/

Xiaomi MIUI Now Showing Ads in Settings App on Their Phones

Xiaomi has been showing ads in the File Manager and app lock screen page for quite a while now. Now it appears that the company is also displaying ads in the settings app. [...]

https://www.bleepingcomputer.com/news/software/xiaomi-miui-now-showing-ads-in-settings-app-on-their-phones/

New Botnet Hides in Blockchain DNS Mist and Removes Cryptominer

A new botnet captured the attention of security researchers through its harmless behavior and the use of an original communication channel with its command and control center. [...]

https://www.bleepingcomputer.com/news/security/new-botnet-hides-in-blockchain-dns-mist-and-removes-cryptominer/

Windows 10 Cumulative Update KB4464218 and KB4464217 Released

Today, Windows 10 April 2018 Update and Windows 10 Fall Creators Update are receiving another new patch with minor bug fixes. The latest patch for Windows 10 April 2018 Update advances the build number to 17134.286 and if you're on Windows 10 Fall Creators Update, you'll be getting Build 16299.666. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-update-kb4464218-and-kb4464217-released/

iOS 12 Patches Memory Bugs, Safari 12 Fixes Data Leaks

A new round of security updates is available from Apple, fixing bugs in Safari, watchOS, tvOS, and iOS. Some of the vulnerabilities were disclosed ahead of these releases, creating a window of opportunity for ill-intended users. [...]

https://www.bleepingcomputer.com/news/security/ios-12-patches-memory-bugs-safari-12-fixes-data-leaks/

Database with 11 Million Email Records Exposed

A huge customer database containing 11 million records that include personal details, has been discovered on Monday sitting online, unprotected. [...]

https://www.bleepingcomputer.com/news/security/database-with-11-million-email-records-exposed/

Cloudflare Makes DNSSEC Activation Easy

A boost is expected in the near future in the adoption of the DNSSEC technology that establishes trust in the Domain Name System (DNS) - the mechanism responsible for translating website names into machine-intelligible data. [...]

https://www.bleepingcomputer.com/news/security/cloudflare-makes-dnssec-activation-easy/

Critical Peekaboo Bug in NVR Allows RCE, PoC Available

A critical vulnerability in software from a global vendor of video surveillance equipment puts at risk the security of video feeds from over 100 camera brands and more than 2,500 camera models. [...]

https://www.bleepingcomputer.com/news/security/critical-peekaboo-bug-in-nvr-allows-rce-poc-available/

Twitter Now Offers a Purely Chronological Timeline

Due to customer feedback, Twitter announced today that they are giving users more control over what tweets are displayed in their timeline by changing the functionality of the "Show the best Tweets first" setting. [...]

https://www.bleepingcomputer.com/news/technology/twitter-now-offers-a-purely-chronological-timeline/

Windows 10 Build 17763 Released As Microsoft Continues to Squash Bugs

Microsoft is rolling out Windows 10 Preview Build 17763 (RS5) for Insiders in the Fast Ring. Like the previous build, this release focuses entirely on fixing bugs and does not come with any new features or improvements. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-build-17763-released-as-microsoft-continues-to-squash-bugs/

Google's Removing the file:// Scheme from Chrome's Address Bar

According to a Chrome Gerrit entry, Google plans to do away with the file:// URI scheme in the address when opening local files. This is because Chrome 70 will include a new File notification that performs a similar purpose. [...]

https://www.bleepingcomputer.com/news/google/googles-removing-the-file-scheme-from-chromes-address-bar/

Xbash Malware Deletes Databases on Linux, Mines for Coins on Windows

What may very well be considered a cybercriminal's dream tool is now real and it is hunting Windows and Linux servers: a botnet with self-spreading capabilities that combines cryptomining and ransomware functions. [...]

https://www.bleepingcomputer.com/news/security/xbash-malware-deletes-databases-on-linux-mines-for-coins-on-windows/

NSO Group Rejects Citizen Lab's Findings on Pegasus Operations

A report released today about the activity of Pegasus spyware presents evidence of the tool's use outside the ethical boundaries publicized by its maker. [...]

https://www.bleepingcomputer.com/news/security/nso-group-rejects-citizen-labs-findings-on-pegasus-operations/

Windows 10 Build 18242 (19H1) Released With Bug Fixes

Today Microsoft released Windows 10 Insider Preview Build 18242 (19H1) to the Insiders on the Skip Ahead ring. This build is predominantly a bug fix release that resolves known issues in the 19H1 branch. 19H1 is the next feature update to be released after the October 2018 Update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-build-18242-19h1-released-with-bug-fixes/

Credential Stuffing Attacks Generate Billions of Login Attempts

Credential stuffing attacks are a growing problem, particularly in the financial sector, where botnets can initiate so many fraudulent login attempts that the wave has the effect of a distributed denial-of-service (DDoS) attack. [...]

https://www.bleepingcomputer.com/news/security/credential-stuffing-attacks-generate-billions-of-login-attempts/

My Cloud NAS Devices Vulnerable to Auth Bypass for over a Year

[...]

https://www.bleepingcomputer.com/news/security/my-cloud-nas-devices-vulnerable-to-auth-bypass-for-over-a-year/

Newegg Credit Card Info Stolen For a Month by Injected MageCart Script

The malicious credit card stealing MageCart script behind the British Airlines and Feedify breaches have struck again, but this time against the Newegg online technology retailer. [...]

https://www.bleepingcomputer.com/news/security/newegg-credit-card-info-stolen-for-a-month-by-injected-magecart-script/

Critical Security Update Released for Adobe Reader and Acrobat

Last week Adobe released fixed 6 critical updates in their September 2018 monthly Patch Tuesday. It looks like they missed one, as Adobe released today an out-of-band security update for a critical vulnerability in Adobe Acrobat and Adobe Reader. [...]

https://www.bleepingcomputer.com/news/security/critical-security-update-released-for-adobe-reader-and-acrobat/