Mozilla Added WebP Image Support to Firefox 65

Mozilla is bringing support for Google's WebP image format to Firefox 65. The WebP image format was created by Google as a modern format designed for displaying images on the web. [...]

https://www.bleepingcomputer.com/news/software/mozilla-added-webp-image-support-to-firefox-65/

The Week in Ransomware - November 2nd 2018 - RaaS, DiskCryptor, & More

This week we saw a new RaaS called CommonRansom, a new DiskCryptor variant, and numerous Dharma variant released. Otherwise, it has been a fairly light news week for ransomware. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-2nd-2018-raas-diskcryptor-and-more/

New PortSmash Hyper-Threading CPU Vuln Can Steal Decryption Keys

A new side-channel vulnerability has been discovered called PortSmash that uses a timing attack that to steal information from other processes running on the same SMT/hyper-threading enabled CPU core. Utilizing this attack, researchers were able to steal the private decryption key from an OpenSSL thread running in the same core. [...]

https://www.bleepingcomputer.com/news/security/new-portsmash-hyper-threading-cpu-vuln-can-steal-decryption-keys/

New Microsoft Edge Browser Zero-Day RCE Exploit in the Works

Details are about to emerge about a zero-day remote code execution vulnerability in the Microsoft Edge web browser, as two researchers plan to reveal a proof-of-concept and publish a general write up. Microsoft has not been told the details of this vulnerability. [...]

https://www.bleepingcomputer.com/news/security/new-microsoft-edge-browser-zero-day-rce-exploit-in-the-works/

Security Bug Puts Online Radio Stations At Risk

A vulnerability discovered in Icecast streaming media server could be leveraged by an attacker to kill the broadcast of online radio stations that rely on it to reach their audience. [...]

https://www.bleepingcomputer.com/news/security/security-bug-puts-online-radio-stations-at-risk/

Scammers Ride on Voter Info Website Popularity to Push Scareware Alerts

[...]

https://www.bleepingcomputer.com/news/security/scammers-ride-on-voter-info-website-popularity-to-push-scareware-alerts/

Chrome 71 Will Block All Ads on Abusive Sites in December

Google has announced that starting in December 2018, Chrome 71 will remove all ads on sites that have repeatedly performed abusive behavior. [...]

https://www.bleepingcomputer.com/news/google/chrome-71-will-block-all-ads-on-abusive-sites-in-december/

Flaws in Popular SSD Drives Bypass Hardware Disk Encryption

Researchers have found flaws that can be exploited to bypass hardware decryption without a password in well known and popular SSD drives. [...]

https://www.bleepingcomputer.com/news/security/flaws-in-popular-ssd-drives-bypass-hardware-disk-encryption/

Microsoft is Porting Sysinternals Tools to Linux - ProcDump Released

If you have administered Windows computers or assisted in Windows malware removal, then there is a good chance you have heard of the popular free Sysinternals utilities.  [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-is-porting-sysinternals-tools-to-linux-procdump-released/

Fake Elon Musk Twitter Bitcoin Scam Earned 180K in One Day

A widespread scam pretending to be from Elon Musk and utilizing a stream of hacked Twitter accounts and fake giveaway sites has earned scammers over 28 bitcoins or approximately $180,000 in a single day. [...]

https://www.bleepingcomputer.com/news/security/fake-elon-musk-twitter-bitcoin-scam-earned-180k-in-one-day/

Yes! Aol Mail Is Down for the Past Two Hours

Reports have been coming in the for the past 2 hours that AOL Mail is down. It is not currently known what is causing the outage, but the AOL Customer Support Twitter account has stated tht the company is looking into issues with both AOL and Yahoo. [...]

https://www.bleepingcomputer.com/news/technology/yes-aol-mail-is-down-for-the-past-two-hours/

U-Boot's Trusted Boot Validation Bypassed

Memory handling issues in U-Boot open-source bootloader for embedded devices make possible multiple exploitation techniques that lead to arbitrary code execution. [...]

https://www.bleepingcomputer.com/news/security/u-boots-trusted-boot-validation-bypassed/

Apache Struts Team Urges Users for Library Update to Plug Years-Old Bugs

In an advisory yesterday, the Apache Software Foundation reiterates its recommendation for users of Struts to make sure their installations run a version of the Commons FileUpload library newer than 1.3.2, lest they expose their projects to possible remote code execution attacks. [...]

https://www.bleepingcomputer.com/news/security/apache-struts-team-urges-users-for-library-update-to-plug-years-old-bugs/

Hacking is the Lesser Evil for the U.S. Midterm Elections

The security of today's midterm elections in the US depend in part on the integrity of the electronic voting machines and the thwarting of foreign influence campaigns. As cyber attacks are expected, several government agencies have joined forces to combat influence efforts and help state and local officials secure the election. [...]

https://www.bleepingcomputer.com/news/security/hacking-is-the-lesser-evil-for-the-us-midterm-elections/

WordPress Design Flaw + WooCommerce Vulnerability Leads to Site Takeover

A design flaw in the WordPress permission system used by plugins and a file deletion vulnerability in a very popular eCommerce plugin called WooCommerce could allow attackers to gain full control over a WordPress site. [...]

https://www.bleepingcomputer.com/news/security/wordpress-design-flaw-woocommerce-vulnerability-leads-to-site-takeover/

HSBC Bank Data Breach Exposed Account Numbers, Balances, and More

A data breach at HSBC Bank has allowed attackers to gain access to a limited amount of customer's information such as account numbers, balances, addresses, transaction history, and much more. [...]

https://www.bleepingcomputer.com/news/security/hsbc-bank-data-breach-exposed-account-numbers-balances-and-more/

VirtualBox Zero-Day Vulnerability Details and Exploit Are Publicly Available

A Russian vulnerability researcher and exploit developer has published detailed information about a zero-day vulnerability in VirtualBox. His explanations include step-by-step instructions for exploiting the bug. [...]

https://www.bleepingcomputer.com/news/security/virtualbox-zero-day-vulnerability-details-and-exploit-are-publicly-available/

November Android Security Update Fixes Critical Bugs, Drops Media Library

Google released to all users and partners its November security bulletin for the Android operating system, with fixes for critical remote code execution (RCE) and privilege escalation vulnerabilities. [...]

https://www.bleepingcomputer.com/news/security/november-android-security-update-fixes-critical-bugs-drops-media-library/

Erratic Windows 10 Bug Breaks Changing of Default File Associations

For quite some time, users have been reporting an inconsistent bug in Windows 10 that prevents them from changing the default program that are associated with a file type. [...]

https://www.bleepingcomputer.com/news/microsoft/erratic-windows-10-bug-breaks-changing-of-default-file-associations/

Windows 10 19H1 Build 18277 Is Now Available With Action Center Improvements

Windows 10 19H1 preview build 18277 is now rolling out to the Insiders in the Fast and Skip Ahead Ring with some notable improvements. This test build improves Focus Assist feature, Action Center, introduces new Emojis and more. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-19h1-build-18277-is-now-available-with-action-center-improvements/

Beware of "Unofficial" Sites Pushing Notepad2 Adware Bundles

If you are looking to download the very popular Notepad replacement called Notepad2, be careful of sites created to look official, but actually distribute Notepad2 as an adware bundle. [...]

https://www.bleepingcomputer.com/news/security/beware-of-unofficial-sites-pushing-notepad2-adware-bundles/