U.S. Gov Agencies Fail to Fully Embrace DMARC Email Security Policy

[...]

https://www.bleepingcomputer.com/news/security/us-gov-agencies-fail-to-fully-embrace-dmarc-email-security-policy/

Google’s Android Apps Are No Longer Free for European Smartphone Makers

Google has announced changes in how European smartphone and tablet makers can use Google's Android apps in response to the EU's $5 billion fine. Going forward, EU manufacturers will now have to pay Google a license fee to bundle Google's suite of mobile apps. [...]

https://www.bleepingcomputer.com/news/google/google-s-android-apps-are-no-longer-free-for-european-smartphone-makers/

TLS 1.0 and TLS 1.1 Being Retired in 2020 by All Major Browsers

In a coordinated announcement, Microsoft, Google, Apple, and Mozilla have stated that they will be retiring the TLS 1.0 and TLS 1.1 secure communication protocols beginning in 2020. [...]

https://www.bleepingcomputer.com/news/security/tls-10-and-tls-11-being-retired-in-2020-by-all-major-browsers/

Windows 10 October 2018 Update Build 17763.104 Released to Insiders With Fixes

The update has finally a bug in Task Manager that causes incorrect reporting of CPU usage. It's one of the known issues that Insiders reported during the testing of October 2018 Update but for some reason, it wasn't fixed before the public launch. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-october-2018-update-build-17763104-released-to-insiders-with-fixes/

Vending Machine App Hacked for Unlimited Credit

A hacker enticed by the payment method used by the vending machines located on a university campus found a way to get free credit after looking at the inner workings of the machine's accompanying mobile app. [...]

https://www.bleepingcomputer.com/news/security/vending-machine-app-hacked-for-unlimited-credit/

Abandoned Tweet Counter Hijacked With Malicious Script

An abandoned Tweet counter that was still being loaded by 800+ sites was hijacked with a malicious script that caused visitors to be redirected to scam sites. [...]

https://www.bleepingcomputer.com/news/security/abandoned-tweet-counter-hijacked-with-malicious-script/

New GreyEnergy Malware Targets ICS, Tied with BlackEnergy and TeleBots

A new advanced threat actor is now on the public map of adversaries that target systems in the critical infrastructure sector. The name is GreyEnergy and it shows similarities with the BlackEnergy group. [...]

https://www.bleepingcomputer.com/news/security/new-greyenergy-malware-targets-ics-tied-with-blackenergy-and-telebots/

Hacker: I'm logged in. New LibSSH Vulnerability: OK! I believe you.

Newly released versions of the libssh library fix an authentication bypass flaw that grants access to the server by just telling it that the procedure was a success. [...]

https://www.bleepingcomputer.com/news/security/hacker-im-logged-in-new-libssh-vulnerability-ok-i-believe-you/

SEO Poisoning Campaign Targeting U.S. Midterm Election Keywords

A new SEO poisoning campaign has been discovered that is targeting keywords associated with the U.S. midterm elections. Users who are enticed to visit these pages will then be redirected to a variety of scam sites, adult sites, and sites pushing unwanted software. [...]

https://www.bleepingcomputer.com/news/security/seo-poisoning-campaign-targeting-us-midterm-election-keywords/

Windows 10 Build 18262 Released to Insiders with Task Manager Improvements

Today, Microsoft is rolling out Windows 10 Build 18262 to the Windows Insiders in the Fast and Skip Ahead rings. This build comes with improvements for Task Manager and Narrator. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-build-18262-released-to-insiders-with-task-manager-improvements/

Mozilla Adding Native Windows 10 Share Support to Firefox 64

Mozilla is adding a native Windows 10 Share experience to Firefox 64. This allows users to share web sites using a variety of applications that are installed in Windows 10. [...]

https://www.bleepingcomputer.com/news/security/mozilla-adding-native-windows-10-share-support-to-firefox-64/

GandCrab Devs Release Decryption Keys for Syrian Victims

In a post to an underground hacking and cybercrime forum, the GandCrab developers have released the decryption keys for Syrian victims. The release of these decryption keys was in response to a Tweet where a Syrian victim asked for help after images of his deceased children were encrypted. [...]

https://www.bleepingcomputer.com/news/security/gandcrab-devs-release-decryption-keys-for-syrian-victims/

New Reconnaissance Tool Uses Code from Eight-Year-Old Comment Crew Implant

A newly discovered first-stage implant targeting Korean-speaking victims borrows code from another reconnaissance tool linked to Comment Crew, a Chinese nation-state threat actor that was exposed in 2013 following cyber espionage campaigns against the United States. [...]

https://www.bleepingcomputer.com/news/security/new-reconnaissance-tool-uses-code-from-eight-year-old-comment-crew-implant/

Bug Trio Affecting Eight D-Link Models Leads to Full Compromise

Several router models from D-Link are vulnerable to three security bugs that could help an attacker get full control over them. [...]

https://www.bleepingcomputer.com/news/security/bug-trio-affecting-eight-d-link-models-leads-to-full-compromise/

Researcher Livestreams 51% Attack on Altcoin Blockchain

A little over a week ago, researcher promised to run a 51% attack on the blockchain of a small cryptocurrency called Einsteinium (EMC2), to show the world how easy the entire process was. [...]

https://www.bleepingcomputer.com/news/security/researcher-livestreams-51-percent-attack-on-altcoin-blockchain/

Tumblr Fixes Security Bug that Leaked Private Account Info

A bug in Tumblr's "Recommended Blogs" feature was fixed that disclosed private and personal information about the owner of the recommended blogs. [...]

https://www.bleepingcomputer.com/news/security/tumblr-fixes-security-bug-that-leaked-private-account-info/

Apple's New Data & Privacy Portal Lets You Download Your Data

Apple has released a new data & privacy portal that can be used to download data that is linked to your Apple ID. This data can include transaction history, Apple app history, AppleCare history, marketing data, and more. [...]

https://www.bleepingcomputer.com/news/apple/apples-new-data-and-privacy-portal-lets-you-download-your-data/

Windows 10 Cumulative and Compatibility Updates Released

The latest October updates with minor improvements are rolling out to Windows 10 Fall Creators Update, Windows 10 Anniversary Update and Windows 10 November Update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-and-compatibility-updates-released/

Firefox Adding Search Shortcuts for Google & Amazon to Top Sites

Mozilla is rolling out a new feature to all U.S. Firefox users that adds Google and Amazon Search Shortcuts to the list of pinned Top Sites in the new tab page.  [...]

https://www.bleepingcomputer.com/news/security/firefox-adding-search-shortcuts-for-google-and-amazon-to-top-sites/

Fraudster Targets Cryptocurrency Wallets with a Variety of Info Stealers

An online scammer targeting thousands of victims interested in cryptocurrencies runs a large and diverse business that includes phishing and fraud operations. [...]

https://www.bleepingcomputer.com/news/security/fraudster-targets-cryptocurrency-wallets-with-a-variety-of-info-stealers/

jQuery File Upload Plugin Vulnerable for 8 Years and Only Hackers Knew

Of the thousands of plugins for the jQuery framework, one of the most popular of them harbored for at least three years an oversight in code that eluded the security community, despite public availability of tutorials that explained how it could be exploited. [...]

https://www.bleepingcomputer.com/news/security/jquery-file-upload-plugin-vulnerable-for-8-years-and-only-hackers-knew/