Exposed Docker APIs Continue to Be Used for Cryptojacking

Trend Micro has recently spotted an attacker that is scanning for exposed Docker Engine APIs and utilizing them to deploy containers that download and execute a coin miner. These containers then use scripts to spread to other systems. [...]

https://www.bleepingcomputer.com/news/security/exposed-docker-apis-continue-to-be-used-for-cryptojacking/

Microsoft Sandboxes Windows Defender

As the infosec community talked about potential cyber attacks leveraging vulnerabilities in antivirus products, Microsoft took notes and started to work on a solution. The company announced that its Windows Defender can run in a sandbox. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-sandboxes-windows-defender/

Windows 10 Bug Allowed UWP Apps Full Access to File System

A bug in Windows 10 allowed UWP apps (Universal Windows Platform) to have access to the entire file system in Windows without permission from the user. This could have allowed a malicious app to access any data stored on the computer without the knowledge or consent of the user. [...]

https://www.bleepingcomputer.com/news/security/windows-10-bug-allowed-uwp-apps-full-access-to-file-system/

Mirai Botnet Operator Ordered to Pay $8.6 Million

One author of the original Mirai botnet received this Friday a new sentence for launching distributed denial-of-service attacks prior to the infamous assaults two years ago. [...]

https://www.bleepingcomputer.com/news/security/mirai-botnet-operator-ordered-to-pay-86-million/

Mac CryptoCurrency Price Tracker Caught Installing Backdoors

A Trojan pretending to be a macOS cryptocurrency ticker called CoinTicker is installing two backdoors on the macs of unsuspecting users. [...]

https://www.bleepingcomputer.com/news/security/mac-cryptocurrency-price-tracker-caught-installing-backdoors/

Compression File Formats of the past Come Haunting in Spam Campaigns

Some ancient filetypes are making a comeback due to unwanted attention from cybercriminals looking for more effective ways to hide malware distributed through spam campaigns. [...]

https://www.bleepingcomputer.com/news/security/compression-file-formats-of-the-past-come-haunting-in-spam-campaigns/

Majority of Top 30 Sites Don't Offer Wide Range of 2FA Options

The Dashlane password management company has released research showing that the majority of the top 30 consumer sites do not offer a complete range of two factor authentication (2FA) options for login authentication. Of the top 30 sites, only 8 offered all of the tested for 2FA options. [...]

https://www.bleepingcomputer.com/news/security/majority-of-top-30-sites-dont-offer-wide-range-of-2fa-options/

Millions of Voter Records Up for Sale Ahead of the US Midterm Elections

As the US midterm elections close in, the underground markets appear to be flush with voter databases available for affordable prices. [...]

https://www.bleepingcomputer.com/news/security/millions-of-voter-records-up-for-sale-ahead-of-the-us-midterm-elections/

CommonRansom Ransomware Demands RDP Access to Decrypt Files

A new ransomware called CommonRansom was discovered that has a very bizarre request. In order to decrypt a computer after a payment is made, they require the victim to open up Remote Desktop Services on the affected computer and send them admin credentials in order to decrypt the victim's files. [...]

https://www.bleepingcomputer.com/news/security/commonransom-ransomware-demands-rdp-access-to-decrypt-files/

Windows 10 Build 17763.107 Released to Insiders With Fixes for October Update

According to the changelog, Microsoft has finally fixed a bug where the system won't display a confirmation prompt when users extract a file from a zip archive to a location where the file with the same name exists. Microsoft recently acknowledged the issue and today's update has finally addressed it. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-build-17763107-released-to-insiders-with-fixes-for-october-update/

Apple Fixes Creepy FaceTime Vulnerability, Crash Bug in macOS, and More

Today Apple released updates for core products that include iOS 12.1, Safari 12.0.1, iCloud for Windows, iTunes, watchOS 5.1, tvOS 12.1, and macOS. [...]

https://www.bleepingcomputer.com/news/security/apple-fixes-creepy-facetime-vulnerability-crash-bug-in-macos-and-more/

Telegram Desktop Saves Conversations Locally in Plain Text

The desktop variant for Telegram secure messaging app fails to protect chat content locally, offering access to plain text conversations and media that otherwise travel encrypted.. [...]

https://www.bleepingcomputer.com/news/security/telegram-desktop-saves-conversations-locally-in-plain-text/

Google's reCAPTCHA v3 Promises No Break For Bot Checking

Google launched the third version of its reCAPTCHA program that sets apart humans and bots when they land on websites, with the promise of eliminating user interaction. [...]

https://www.bleepingcomputer.com/news/google/googles-recaptcha-v3-promises-no-break-for-bot-checking/

Emotet Trojan Begins Stealing Victim's Email Using New Module

The Emotet malware is typically used as a banking trojan and more recently for distributing other malware, but has now become more versatile via a module that allows it to steal a victim's actual emails going back six months. [...]

https://www.bleepingcomputer.com/news/security/emotet-trojan-begins-stealing-victims-email-using-new-module/

Windows 10 Build 18272 Released to Insiders With Improvements

Windows 10 19H1 preview build 18272 is rolling out to the Windows Insiders in the Fast and Skip Ahead rings. Windows 10 Build 18272 comes with several improvements and fixes but there are no major changes. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-build-18272-released-to-insiders-with-improvements/

Complete Works Of Shakespeare Hidden Inside Twitter Thumbnail Image

A security researcher has demonstrated how he could hide the Complete Works of Shakespeare into an image and use Twitter to distribute it using stegenography. [...]

https://www.bleepingcomputer.com/news/security/complete-works-of-shakespeare-hidden-inside-twitter-thumbnail-image/

Method to View Contact Info on a Locked iOS 12.1 Device Disclosed

The day after iOS 12.1 was released, a researcher disclosed a new passcode bypass method that allows you to easily view the phone numbers and email addresses of a device's contacts even when the device is locked. [...]

https://www.bleepingcomputer.com/news/security/method-to-view-contact-info-on-a-locked-ios-121-device-disclosed/

Mozilla Firefox Adding Setting to Disable Recommended Extensions

In September we reported that Mozilla Firefox would be testing a new feature called Contextual Feature Recommender, or CFR, that recommends extensions related to sites that you are visiting. In Firefox 64, Mozilla will be adding a setting that allows you to block Firefox from making these types of recommendations. [...]

https://www.bleepingcomputer.com/news/software/mozilla-firefox-adding-setting-to-disable-recommended-extensions/

New Stuxnet Variant Allegedly Struck Iran

A malware similar in nature to Stuxnet but more aggressive and sophisticated allegedly hit the infrastructure and strategic networks in Iran. [...]

https://www.bleepingcomputer.com/news/security/new-stuxnet-variant-allegedly-struck-iran/

Necurs Botnet Distributing Sextortion Email Scams

Two recent sextortion scam campaigns seem to rely on the Necurs botnet infrastructure to distribute the messages, security researchers have discovered. [...]

https://www.bleepingcomputer.com/news/security/necurs-botnet-distributing-sextortion-email-scams/

New BLEEDINGBIT Vulnerabilities Affect Widely-Used Bluetooth Chips

Two vulnerabilities in the Bluetooth chips typically found in access points used to provide WiFi service in enterprises allow attackers to take control of the devices without authentication or breach the network. [...]

https://www.bleepingcomputer.com/news/security/new-bleedingbit-vulnerabilities-affect-widely-used-bluetooth-chips/