Researcher Livestreams 51% Attack on Altcoin Blockchain

A little over a week ago, researcher promised to run a 51% attack on the blockchain of a small cryptocurrency called Einsteinium (EMC2), to show the world how easy the entire process was. [...]

https://www.bleepingcomputer.com/news/security/researcher-livestreams-51-percent-attack-on-altcoin-blockchain/

Tumblr Fixes Security Bug that Leaked Private Account Info

A bug in Tumblr's "Recommended Blogs" feature was fixed that disclosed private and personal information about the owner of the recommended blogs. [...]

https://www.bleepingcomputer.com/news/security/tumblr-fixes-security-bug-that-leaked-private-account-info/

Apple's New Data & Privacy Portal Lets You Download Your Data

Apple has released a new data & privacy portal that can be used to download data that is linked to your Apple ID. This data can include transaction history, Apple app history, AppleCare history, marketing data, and more. [...]

https://www.bleepingcomputer.com/news/apple/apples-new-data-and-privacy-portal-lets-you-download-your-data/

Windows 10 Cumulative and Compatibility Updates Released

The latest October updates with minor improvements are rolling out to Windows 10 Fall Creators Update, Windows 10 Anniversary Update and Windows 10 November Update. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-and-compatibility-updates-released/

Firefox Adding Search Shortcuts for Google & Amazon to Top Sites

Mozilla is rolling out a new feature to all U.S. Firefox users that adds Google and Amazon Search Shortcuts to the list of pinned Top Sites in the new tab page.  [...]

https://www.bleepingcomputer.com/news/security/firefox-adding-search-shortcuts-for-google-and-amazon-to-top-sites/

Fraudster Targets Cryptocurrency Wallets with a Variety of Info Stealers

An online scammer targeting thousands of victims interested in cryptocurrencies runs a large and diverse business that includes phishing and fraud operations. [...]

https://www.bleepingcomputer.com/news/security/fraudster-targets-cryptocurrency-wallets-with-a-variety-of-info-stealers/

jQuery File Upload Plugin Vulnerable for 8 Years and Only Hackers Knew

Of the thousands of plugins for the jQuery framework, one of the most popular of them harbored for at least three years an oversight in code that eluded the security community, despite public availability of tutorials that explained how it could be exploited. [...]

https://www.bleepingcomputer.com/news/security/jquery-file-upload-plugin-vulnerable-for-8-years-and-only-hackers-knew/

The Week in Ransomware - October 19th 2018 - GandCrab, Birbware, and More

It has been another slow week, with mostly new variants of existing ransomware being released. The biggest news is that the GandCrab Ransomware developers have decided to release the decryption keys for Syrian victims. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-19th-2018-gandcrab-birbware-and-more/

Winamp 5.8 Media Player Released in All Its Nostalgic Glory

The world's famous media player app Winamp is finally back with some improvements and fixes. The new version 5.8 of Winamp is compatible with Windows 8.1 and Windows 10 but the interface is unchanged. [...]

https://www.bleepingcomputer.com/news/software/winamp-58-media-player-released-in-all-its-nostalgic-glory/

Kraken Cryptor Ransomware Connecting to BleepingComputer During Encryption

Over the weekend, the Kraken Cryptor Ransomware released version 2.0.6, which now connects to BleepingComputer during different stages of their encryption process. It is not known what they are trying to achieve by doing this, but it does provide BleepingComputer with insight into the amount of its victims. [...]

https://www.bleepingcomputer.com/news/security/kraken-cryptor-ransomware-connecting-to-bleepingcomputer-during-encryption/

Remote Code Execution Flaws Found in Popular OS Powering Embedded Systems

FreeRTOS, the open-source operating system that powers most of the small microprocessors and microcontrollers in smart homes and critical infrastructure systems has 13 vulnerabilities, a third of them allowing remote code execution. [...]

https://www.bleepingcomputer.com/news/security/remote-code-execution-flaws-found-in-popular-os-powering-embedded-systems/

McAfee Tech Support Scam Harvesting Credit Card Information

A new tech support scam pretending to be from McAfee was discovered last week that is harvesting credit card details and personal information of its victims. [...]

https://www.bleepingcomputer.com/news/security/mcafee-tech-support-scam-harvesting-credit-card-information/

Signal Upgrade Process Leaves Unencrypted Messages on Disk

The desktop version for the encrypted communications app Signal does not provide protection for the data it handles during the update procedure, saving it locally as unencrypted plain text. [...]

https://www.bleepingcomputer.com/news/security/signal-upgrade-process-leaves-unencrypted-messages-on-disk/

Google Chrome Is Reportedly Coming to Windows on ARM PCs

In an interview, Miguel Nunes, Qualcomm senior director of product management confirmed that the ARM port of Google Chrome is already in works and it would arrive in the second half of 2019. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-is-reportedly-coming-to-windows-on-arm-pcs/

Libssh CVE-2018-10933 Scanners & Exploits Released - Apply Updates Now

Last week a vulnerability was disclosed regarding a ridiculously easy authentication bypass vulnerability in libssh. Since then, multiple tools and scripts have been released that allow attackers to remotely exploit this vulnerability in order to remotely execute commands on vulnerable devices. [...]

https://www.bleepingcomputer.com/news/security/libssh-cve-2018-10933-scanners-and-exploits-released-apply-updates-now/

Windows 10 1809 Zip Extraction Bug Overwrites Files without Confirmation

A new bug has popped up in Windows 10 Build 1809 that does not display an overwrite prompt when extracting files from a Zip archive to a location where the same file exists. [...]

https://www.bleepingcomputer.com/news/security/windows-10-1809-zip-extraction-bug-overwrites-files-without-confirmation/

Phishing Report Shows Microsoft, Paypal, & Netflix as Top Targets

A new phishing report has been released that keeps track of the top 25 brands targeted by bad actors. Of these brands, Microsoft, Paypal, and Netflix are the top brands impersonated by phishing attacks. [...]

https://www.bleepingcomputer.com/news/security/phishing-report-shows-microsoft-paypal-and-netflix-as-top-targets/

Signal Desktop Leaves Message Decryption Key in Plain Sight

A mistake in the process used by the Signal Desktop application to encrypt locally stored messages leaves them wide open to an attacker. [...]

https://www.bleepingcomputer.com/news/security/signal-desktop-leaves-message-decryption-key-in-plain-sight/

Skype Preview for Windows 10 is Getting Split View Mode

Microsoft is currently working hard to update the new modern Skype 8 with all necessary features as the company plans to end support for Skype Classic on November 1. Today, Microsoft announced that the Split View mode is now available in Skype preview for Windows 10. [...]

https://www.bleepingcomputer.com/news/microsoft/skype-preview-for-windows-10-is-getting-split-view-mode/

Firefox Targeting Competing VPN Sites With ProtonVPN Offer in New Test

Mozilla has announced a study where Firefox will promote the ProtonVPN service as a new revenue source. BleepingComputer was able to gain access to the study's extension and it appears that the ProtonVPN will be recommended when visiting competing VPN providers, streaming services, or when connecting to insecure wireless gateways. [...]

https://www.bleepingcomputer.com/news/software/firefox-targeting-competing-vpn-sites-with-protonvpn-offer-in-new-test/

Critical Infrastructure & Supply Chain Remain Highly Vulnerable to Attacks

Additionally, cybercriminals have been targeting the commercial sector with as much aggression and skill as their attacks against the government. Unfortunately, some attacks against the government. Unfortunately, some attacks against corporations have national security ramifications, a fact not yet fully realized by all businesses. [...]

https://www.bleepingcomputer.com/news/security/critical-infrastructure-and-supply-chain-remain-highly-vulnerable-to-attacks/