The Few Privileged North Koreans Are Savvy Scammers
Despite North Korea's isolation from the rest of the world, the country's ruling elite use the internet to escape economic sanctions and to find and tackle new money-making opportunities, legal or not. [...]
https://www.bleepingcomputer.com/news/cryptocurrency/the-few-privileged-north-koreans-are-savvy-scammers/
Despite North Korea's isolation from the rest of the world, the country's ruling elite use the internet to escape economic sanctions and to find and tackle new money-making opportunities, legal or not. [...]
https://www.bleepingcomputer.com/news/cryptocurrency/the-few-privileged-north-koreans-are-savvy-scammers/
BleepingComputer
The Few Privileged North Koreans Are Savvy Scammers
Despite North Korea's isolation from the rest of the world, the country's ruling elite use the internet to escape economic sanctions and to find and tackle new money-making opportunities, legal or not.
Trivial Bug in X..Org Gives Root Permission on Linux and BSD Systems
A vulnerability that is trivial to exploit allows privilege escalation to root level on Linux and BSD distributions using X.Org server, the open source implementation of the X Window System that offers the graphical environment. [...]
https://www.bleepingcomputer.com/news/security/trivial-bug-in-xorg-gives-root-permission-on-linux-and-bsd-systems/
A vulnerability that is trivial to exploit allows privilege escalation to root level on Linux and BSD distributions using X.Org server, the open source implementation of the X Window System that offers the graphical environment. [...]
https://www.bleepingcomputer.com/news/security/trivial-bug-in-xorg-gives-root-permission-on-linux-and-bsd-systems/
BleepingComputer
Trivial Bug in X.Org Gives Root Permission on Linux and BSD Systems
A vulnerability that is trivial to exploit allows privilege escalation to root level on Linux and BSD distributions using X.Org server, the open source implementation of the X Window System that offers the graphical environment.
The Week in Ransomware - October 26th 2018 - Decryptors, RaaS, and More
We have had quite a bit of interesting news this week regarding ransomware. First we had the Kraken Cryptor deciding to connect to BleepingComputer.com during different stages of the encryption process, then we had a decryptor released by Bitdefender for GandCrab v1, v4, and v5, and finally a new FilesLocker rasnomware as a service. [...]
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-26th-2018-decryptors-raas-and-more/
We have had quite a bit of interesting news this week regarding ransomware. First we had the Kraken Cryptor deciding to connect to BleepingComputer.com during different stages of the encryption process, then we had a decryptor released by Bitdefender for GandCrab v1, v4, and v5, and finally a new FilesLocker rasnomware as a service. [...]
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-26th-2018-decryptors-raas-and-more/
BleepingComputer
The Week in Ransomware - October 26th 2018 - Decryptors, RaaS, and More
We have had quite a bit of interesting news this week regarding ransomware. First we had the Kraken Cryptor deciding to connect to BleepingComputer.com during different stages of the encryption process, then we had a decryptor released by Bitdefender forβ¦
Bushido-Powered DDoS Service Whipped Up from Leaked Code
Security researchers found a new DDoS-for-hire service that offers easy and cheap access to sufficient power to knock down most targets. [...]
https://www.bleepingcomputer.com/news/security/bushido-powered-ddos-service-whipped-up-from-leaked-code/
Security researchers found a new DDoS-for-hire service that offers easy and cheap access to sufficient power to knock down most targets. [...]
https://www.bleepingcomputer.com/news/security/bushido-powered-ddos-service-whipped-up-from-leaked-code/
BleepingComputer
Bushido-Powered DDoS Service Whipped Up from Leaked Code
Security researchers found a new DDoS-for-hire service that offers easy and cheap access to sufficient power to knock down most targets.
Exposed Docker APIs Continue to Be Used for Cryptojacking
Trend Micro has recently spotted an attacker that is scanning for exposed Docker Engine APIs and utilizing them to deploy containers that download and execute a coin miner. These containers then use scripts to spread to other systems. [...]
https://www.bleepingcomputer.com/news/security/exposed-docker-apis-continue-to-be-used-for-cryptojacking/
Trend Micro has recently spotted an attacker that is scanning for exposed Docker Engine APIs and utilizing them to deploy containers that download and execute a coin miner. These containers then use scripts to spread to other systems. [...]
https://www.bleepingcomputer.com/news/security/exposed-docker-apis-continue-to-be-used-for-cryptojacking/
BleepingComputer
Exposed Docker APIs Continue to Be Used for Cryptojacking
Trend Micro has recently spotted an attacker that is scanning for exposed Docker Engine APIs and utilizing them to deploy containers that download and execute a coin miner. These containers then use scripts to spread to other systems.
Microsoft Sandboxes Windows Defender
As the infosec community talked about potential cyber attacks leveraging vulnerabilities in antivirus products, Microsoft took notes and started to work on a solution. The company announced that its Windows Defender can run in a sandbox. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-sandboxes-windows-defender/
As the infosec community talked about potential cyber attacks leveraging vulnerabilities in antivirus products, Microsoft took notes and started to work on a solution. The company announced that its Windows Defender can run in a sandbox. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-sandboxes-windows-defender/
BleepingComputer
Microsoft Sandboxes Windows Defender
As the infosec community talked about potential cyber attacks leveraging vulnerabilities in antivirus products, Microsoft took notes and started to work on a solution. The company announced that its Windows Defender can run in a sandbox.
Windows 10 Bug Allowed UWP Apps Full Access to File System
A bug in Windows 10 allowed UWP apps (Universal Windows Platform) to have access to the entire file system in Windows without permission from the user. This could have allowed a malicious app to access any data stored on the computer without the knowledge or consent of the user. [...]
https://www.bleepingcomputer.com/news/security/windows-10-bug-allowed-uwp-apps-full-access-to-file-system/
A bug in Windows 10 allowed UWP apps (Universal Windows Platform) to have access to the entire file system in Windows without permission from the user. This could have allowed a malicious app to access any data stored on the computer without the knowledge or consent of the user. [...]
https://www.bleepingcomputer.com/news/security/windows-10-bug-allowed-uwp-apps-full-access-to-file-system/
BleepingComputer
Windows 10 Bug Allowed UWP Apps Full Access to File System
A bug in Windows 10 allowed UWP apps (Universal Windows Platform) to have access to the entire file system in Windows without permission from the user. This could have allowed a malicious app to access any data stored on the computer without the knowledgeβ¦
Mirai Botnet Operator Ordered to Pay $8.6 Million
One author of the original Mirai botnet received this Friday a new sentence for launching distributed denial-of-service attacks prior to the infamous assaults two years ago. [...]
https://www.bleepingcomputer.com/news/security/mirai-botnet-operator-ordered-to-pay-86-million/
One author of the original Mirai botnet received this Friday a new sentence for launching distributed denial-of-service attacks prior to the infamous assaults two years ago. [...]
https://www.bleepingcomputer.com/news/security/mirai-botnet-operator-ordered-to-pay-86-million/
BleepingComputer
Mirai Botnet Operator Ordered to Pay $8.6 Million
One author of the original Mirai botnet received this Friday a new sentence for launching distributed denial-of-service attacks prior to the infamous assaults two years ago.
Mac CryptoCurrency Price Tracker Caught Installing Backdoors
A Trojan pretending to be a macOS cryptocurrency ticker called CoinTicker is installing two backdoors on the macs of unsuspecting users. [...]
https://www.bleepingcomputer.com/news/security/mac-cryptocurrency-price-tracker-caught-installing-backdoors/
A Trojan pretending to be a macOS cryptocurrency ticker called CoinTicker is installing two backdoors on the macs of unsuspecting users. [...]
https://www.bleepingcomputer.com/news/security/mac-cryptocurrency-price-tracker-caught-installing-backdoors/
BleepingComputer
Mac CryptoCurrency Price Tracker Caught Installing Backdoors
A Trojan pretending to be a macOS cryptocurrency ticker called CoinTicker is installing two backdoors on the macs of unsuspecting users.
Compression File Formats of the past Come Haunting in Spam Campaigns
Some ancient filetypes are making a comeback due to unwanted attention from cybercriminals looking for more effective ways to hide malware distributed through spam campaigns. [...]
https://www.bleepingcomputer.com/news/security/compression-file-formats-of-the-past-come-haunting-in-spam-campaigns/
Some ancient filetypes are making a comeback due to unwanted attention from cybercriminals looking for more effective ways to hide malware distributed through spam campaigns. [...]
https://www.bleepingcomputer.com/news/security/compression-file-formats-of-the-past-come-haunting-in-spam-campaigns/
BleepingComputer
Compression File Formats of the past Come Haunting in Spam Campaigns
Some ancient filetypes are making a comeback due to unwanted attention from cybercriminals looking for more effective ways to hide malware distributed through spam campaigns.
Majority of Top 30 Sites Don't Offer Wide Range of 2FA Options
The Dashlane password management company has released research showing that the majority of the top 30 consumer sites do not offer a complete range of two factor authentication (2FA) options for login authentication. Of the top 30 sites, only 8 offered all of the tested for 2FA options. [...]
https://www.bleepingcomputer.com/news/security/majority-of-top-30-sites-dont-offer-wide-range-of-2fa-options/
The Dashlane password management company has released research showing that the majority of the top 30 consumer sites do not offer a complete range of two factor authentication (2FA) options for login authentication. Of the top 30 sites, only 8 offered all of the tested for 2FA options. [...]
https://www.bleepingcomputer.com/news/security/majority-of-top-30-sites-dont-offer-wide-range-of-2fa-options/
BleepingComputer
Majority of Top 30 Sites Don't Offer Wide Range of 2FA Options
The Dashlane password management company has released research showing that the majority of the top 30 consumer sites do not offer a complete range of two factor authentication (2FA) options for login authentication. Of the top 30 sites, only 8 offered allβ¦
Millions of Voter Records Up for Sale Ahead of the US Midterm Elections
As the US midterm elections close in, the underground markets appear to be flush with voter databases available for affordable prices. [...]
https://www.bleepingcomputer.com/news/security/millions-of-voter-records-up-for-sale-ahead-of-the-us-midterm-elections/
As the US midterm elections close in, the underground markets appear to be flush with voter databases available for affordable prices. [...]
https://www.bleepingcomputer.com/news/security/millions-of-voter-records-up-for-sale-ahead-of-the-us-midterm-elections/
BleepingComputer
Millions of Voter Records Up for Sale Ahead of the US Midterm Elections
As the US midterm elections close in, the underground markets appear to be flush with voter databases available for affordable prices.
CommonRansom Ransomware Demands RDP Access to Decrypt Files
A new ransomware called CommonRansom was discovered that has a very bizarre request. In order to decrypt a computer after a payment is made, they require the victim to open up Remote Desktop Services on the affected computer and send them admin credentials in order to decrypt the victim's files. [...]
https://www.bleepingcomputer.com/news/security/commonransom-ransomware-demands-rdp-access-to-decrypt-files/
A new ransomware called CommonRansom was discovered that has a very bizarre request. In order to decrypt a computer after a payment is made, they require the victim to open up Remote Desktop Services on the affected computer and send them admin credentials in order to decrypt the victim's files. [...]
https://www.bleepingcomputer.com/news/security/commonransom-ransomware-demands-rdp-access-to-decrypt-files/
BleepingComputer
CommonRansom Ransomware Demands RDP Access to Decrypt Files
A new ransomware called CommonRansom was discovered that has a very bizarre request. In order to decrypt a computer after a payment is made, they require the victim to open up Remote Desktop Services on the affected computer and send them admin credentialsβ¦
Windows 10 Build 17763.107 Released to Insiders With Fixes for October Update
According to the changelog, Microsoft has finally fixed a bug where the system won't display a confirmation prompt when users extract a file from a zip archive to a location where the file with the same name exists. Microsoft recently acknowledged the issue and today's update has finally addressed it. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-build-17763107-released-to-insiders-with-fixes-for-october-update/
According to the changelog, Microsoft has finally fixed a bug where the system won't display a confirmation prompt when users extract a file from a zip archive to a location where the file with the same name exists. Microsoft recently acknowledged the issue and today's update has finally addressed it. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-build-17763107-released-to-insiders-with-fixes-for-october-update/
BleepingComputer
Windows 10 Build 17763.107 Released to Insiders With Fixes for October Update
According to the changelog, Microsoft has finally fixed a bug where the system won't display a confirmation prompt when users extract a file from a zip archive to a location where the file with the same name exists. Microsoft recently acknowledged the issueβ¦
Apple Fixes Creepy FaceTime Vulnerability, Crash Bug in macOS, and More
Today Apple released updates for core products that include iOS 12.1, Safari 12.0.1, iCloud for Windows, iTunes, watchOS 5.1, tvOS 12.1, and macOS. [...]
https://www.bleepingcomputer.com/news/security/apple-fixes-creepy-facetime-vulnerability-crash-bug-in-macos-and-more/
Today Apple released updates for core products that include iOS 12.1, Safari 12.0.1, iCloud for Windows, iTunes, watchOS 5.1, tvOS 12.1, and macOS. [...]
https://www.bleepingcomputer.com/news/security/apple-fixes-creepy-facetime-vulnerability-crash-bug-in-macos-and-more/
BleepingComputer
Apple Fixes Creepy FaceTime Vulnerability, Crash Bug in macOS, and More
Today Apple released updates for core products that include iOS 12.1, Safari 12.0.1, iCloud for Windows, iTunes, watchOS 5.1, tvOS 12.1, and macOS.
Telegram Desktop Saves Conversations Locally in Plain Text
The desktop variant for Telegram secure messaging app fails to protect chat content locally, offering access to plain text conversations and media that otherwise travel encrypted.. [...]
https://www.bleepingcomputer.com/news/security/telegram-desktop-saves-conversations-locally-in-plain-text/
The desktop variant for Telegram secure messaging app fails to protect chat content locally, offering access to plain text conversations and media that otherwise travel encrypted.. [...]
https://www.bleepingcomputer.com/news/security/telegram-desktop-saves-conversations-locally-in-plain-text/
BleepingComputer
Telegram Desktop Saves Conversations Locally in Plain Text
The desktop variant for Telegram secure messaging app fails to protect chat content locally, offering access to plain text conversations and media that otherwise travel encrypted..
Google's reCAPTCHA v3 Promises No Break For Bot Checking
Google launched the third version of its reCAPTCHA program that sets apart humans and bots when they land on websites, with the promise of eliminating user interaction. [...]
https://www.bleepingcomputer.com/news/google/googles-recaptcha-v3-promises-no-break-for-bot-checking/
Google launched the third version of its reCAPTCHA program that sets apart humans and bots when they land on websites, with the promise of eliminating user interaction. [...]
https://www.bleepingcomputer.com/news/google/googles-recaptcha-v3-promises-no-break-for-bot-checking/
BleepingComputer
Google's reCAPTCHA v3 Promises No Break For Bot Checking
Google launched the third version of its reCAPTCHA program that sets apart humans and bots when they land on websites, with the promise of eliminating user interaction.
Emotet Trojan Begins Stealing Victim's Email Using New Module
The Emotet malware is typically used as a banking trojan and more recently for distributing other malware, but has now become more versatile via a module that allows it to steal a victim's actual emails going back six months. [...]
https://www.bleepingcomputer.com/news/security/emotet-trojan-begins-stealing-victims-email-using-new-module/
The Emotet malware is typically used as a banking trojan and more recently for distributing other malware, but has now become more versatile via a module that allows it to steal a victim's actual emails going back six months. [...]
https://www.bleepingcomputer.com/news/security/emotet-trojan-begins-stealing-victims-email-using-new-module/
BleepingComputer
Emotet Trojan Begins Stealing Victim's Email Using New Module
The Emotet malware is typically used as a banking trojan and more recently for distributing other malware, but has now become more versatile via a module that allows it to steal a victim's actual emails going back six months.
Windows 10 Build 18272 Released to Insiders With Improvements
Windows 10 19H1 preview build 18272 is rolling out to the Windows Insiders in the Fast and Skip Ahead rings. Windows 10 Build 18272 comes with several improvements and fixes but there are no major changes. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-build-18272-released-to-insiders-with-improvements/
Windows 10 19H1 preview build 18272 is rolling out to the Windows Insiders in the Fast and Skip Ahead rings. Windows 10 Build 18272 comes with several improvements and fixes but there are no major changes. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-build-18272-released-to-insiders-with-improvements/
BleepingComputer
Windows 10 Build 18272 Released to Insiders With Improvements
Windows 10 19H1 preview build 18272 is rolling out to the Windows Insiders in the Fast and Skip Ahead rings. Windows 10 Build 18272 comes with several improvements and fixes but there are no major changes.
Complete Works Of Shakespeare Hidden Inside Twitter Thumbnail Image
A security researcher has demonstrated how he could hide the Complete Works of Shakespeare into an image and use Twitter to distribute it using stegenography. [...]
https://www.bleepingcomputer.com/news/security/complete-works-of-shakespeare-hidden-inside-twitter-thumbnail-image/
A security researcher has demonstrated how he could hide the Complete Works of Shakespeare into an image and use Twitter to distribute it using stegenography. [...]
https://www.bleepingcomputer.com/news/security/complete-works-of-shakespeare-hidden-inside-twitter-thumbnail-image/
BleepingComputer
Complete Works Of Shakespeare Hidden Inside Twitter Thumbnail Image
A security researcher has demonstrated how he could hide the Complete Works of Shakespeare into an image and use Twitter to distribute it using Steganography.
Method to View Contact Info on a Locked iOS 12.1 Device Disclosed
The day after iOS 12.1 was released, a researcher disclosed a new passcode bypass method that allows you to easily view the phone numbers and email addresses of a device's contacts even when the device is locked. [...]
https://www.bleepingcomputer.com/news/security/method-to-view-contact-info-on-a-locked-ios-121-device-disclosed/
The day after iOS 12.1 was released, a researcher disclosed a new passcode bypass method that allows you to easily view the phone numbers and email addresses of a device's contacts even when the device is locked. [...]
https://www.bleepingcomputer.com/news/security/method-to-view-contact-info-on-a-locked-ios-121-device-disclosed/
BleepingComputer
Method to View Contact Info on a Locked iOS 12.1 Device Disclosed
The day after iOS 12.1 was released, a researcher disclosed a new passcode bypass method that allows you to easily view the phone numbers and email addresses of a device's contacts even when the device is locked.