Business Email Compromise Attacks See Almost 500% Increase

Business email compromised (BEC) attacks have seen an explosive 476% growth between Q4 2017 and Q4 2018, while the number of email fraud attempts against companies increased 226% QoQ. [...]

https://www.bleepingcomputer.com/news/security/business-email-compromise-attacks-see-almost-500-percent-increase/

Apple Releases Fix for Group FaceTime Snooping Bug in iOS and macOS

Apple has released security updates for iOS and macOS that fix a severe bug in FaceTime that allowed callers to listen in, and potentially view, the people they were calling without the call being answered. [...]

https://www.bleepingcomputer.com/news/security/apple-releases-fix-for-group-facetime-snooping-bug-in-ios-and-macos/

Google Introduces Adiantum Storage Encryption to Low-End Android Devices

Google unveiled today the new Adiantium storage encryption method for devices without cryptographic acceleration and running Android 9 or later on processors which do not support AES or other crypto instructions. [...]

https://www.bleepingcomputer.com/news/google/google-introduces-adiantum-storage-encryption-to-low-end-android-devices/

Microsoft Now Allows Skype Users to Blur the Background on Video Calls

Microsoft has started rolling out new updates for Skype that add the background blur feature to video calls. This feature will enable you to blur the background while on video calls to protect you from embarrassing moments. [...]

https://www.bleepingcomputer.com/news/security/microsoft-now-allows-skype-users-to-blur-the-background-on-video-calls/

Microsoft Provides Mitigations, Workarounds for PrivExchange Vulnerability

Microsoft released a security advisory with mitigation measures and workarounds for an elevation of privilege vulnerability affecting Microsoft Exchange 2013 and newer which was made public by security researcher Dirk-jan Mollema, together with a proof-of-concept tool named PrivExchange. [...]

https://www.bleepingcomputer.com/news/security/microsoft-provides-mitigations-workarounds-for-privexchange-vulnerability/

Wells Fargo Hit By Nationwide Outage, ATMs and Online Banking Down

Wells Fargo customers from all over the U.S. have been reporting that multiple services offered by the multinational financial services company's banking branch, with credit cards, ATMs, and the online banking system reportedly being down. [...]

https://www.bleepingcomputer.com/news/technology/wells-fargo-hit-by-nationwide-outage-atms-and-online-banking-down/

New Phishing Attack Uses Google Translate as Camouflage

A phishing campaign that attempts to steal Google account and Facebook credentials has been discovered that utilizes Google Translate as camouflage on mobile browsers. [...]

https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-google-translate-as-camouflage/

TWOSENSE.AI Awarded $2.42M Behavioral Biometrics Security Contract by DoD

New York AI startup TWOSENSE.AI was awarded a $2.42M contract by the U.S. Department of Defense (DoD) under which it will have to implement an uninterrupted multifactor authentication using deep neural networks which will eventually replace DoD's physical ID chip cards (CAC), with its continuous behavioral biometric authentication. [...]

https://www.bleepingcomputer.com/news/security/twosenseai-awarded-242m-behavioral-biometrics-security-contract-by-dod/

Like Microsoft Edge, Chrome is Getting Tab Hover Card Images

Recently Google added a new experimental feature that displays a small info card when you hover over a tab in Chrome. Similar to Microsoft Edge's tab hover card implementation, Chrome 74 will show a preview image of the associated web site when you hover over its tab. [...]

https://www.bleepingcomputer.com/news/security/like-microsoft-edge-chrome-is-getting-tab-hover-card-images/

Apple Patched Two Actively Exploited Zero-Days in iOS 12.1.4

As revealed by Project Zero team lead Ben Hawkes on Twitter, Apple fixed two zero-day vulnerabilities which were being exploited in the wild before the release of the iOS 12.1.4 security update. [...]

https://www.bleepingcomputer.com/news/security/apple-patched-two-actively-exploited-zero-days-in-ios-1214/

Coinminer Targets Linux, Kills Competition to Maximize Profits

A new coinminer malware strain which targets the Linux platform and installs the XMR-Stak Cryptonight cryptocurrency miner has been observed while searching for and killing other Linux malware and coin miners present on the compromised machine. [...]

https://www.bleepingcomputer.com/news/security/coinminer-targets-linux-kills-competition-to-maximize-profits/

Mail Attachment Builds Ransomware Downloader from Super Mario Image

A malicious spreadsheet has been discovered that builds a PowerShell command from individual pixels in a downloaded image of Mario from Super Mario Bros. When executed, this command will download and install malware such as the GandCrab Ransomware and other malware. [...]

https://www.bleepingcomputer.com/news/security/mail-attachment-builds-ransomware-downloader-from-super-mario-image/

Windows 10 Insider Preview Build 18334 Released With Gaming Improvements

Microsoft has released Windows 10 Insider Preview Build 18334 (19H1) to insiders in the Fast ring. This build adds numerous fixes, changes, and improvements, as well as "technology tailor-made for gaming to Windows." [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-preview-build-18334-released-with-gaming-improvements/

The Week in Ransomware - February 8th 2019 - Shady Data Recovery Companies

This week was mostly filled with new variants of existing ransomware such as STOP, Dharma, and Jigsaw ransomware. We did though have some interesting news, such as a ransomware downloader being created from the pixels of images and shady data recovery companies partnering with GandCrab to make extra profits. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-8th-2019-shady-data-recovery-companies/

Decompiled Undertale RPG Source Code Released on GitHub

The decompiled source code for the popular video game Undertale has been posted to GitHub. This decompilation contains what appears to be all of the game's assets, including its images, scripts, and audio files. [...]

https://www.bleepingcomputer.com/news/gaming/decompiled-undertale-rpg-source-code-released-on-github/

Windows95 v2.0 Let's You Play DOOM, Wolfenstein 3D, and More

Looking for a sense of nostalgia by running Windows 95 and using it to play DOOM, Wolfenstein 3D, and other games? Now you can with the release of a new version of a Windows 95 Electron application that gives you the full experience. [...]

https://www.bleepingcomputer.com/news/security/windows95-v20-lets-you-play-doom-wolfenstein-3d-and-more/

Facebook, Twitter Trackers Whitelisted by Brave Browser

The Brave Browser promotes itself on being built from the ground up to provide enhanced privacy to its users. Yet, users voiced concern today after finding a section of the browser's source code that shows tracking scripts for Facebook and Twitter are whitelisted so that they are not blocked by the browser. [...]

https://www.bleepingcomputer.com/news/security/facebook-twitter-trackers-whitelisted-by-brave-browser/

First CryptoCurrency Clipboard Hijacker Found on Google Play Store

Researchers last week found the first Android app on the Google Play store that monitors a device's clipboard for Bitcoin and Ethereum addresses and swaps them for addresses under the attacker's control. This allows the attackers to steal any payments you make without your knowledge that you sent it to the wrong address. [...]

https://www.bleepingcomputer.com/news/security/first-cryptocurrency-clipboard-hijacker-found-on-google-play-store/

New Offensive USB Cable Allows Remote Attacks over WiFi

Like a scene from a James Bond or Mission Impossible movie, a new offensive USB cable plugged into a computer could allow attackers to execute commands over WiFi as if they were using the computer's keyboard.  [...]

https://www.bleepingcomputer.com/news/security/new-offensive-usb-cable-allows-remote-attacks-over-wifi/

Adobe Reader Zero-Day Micropatch Stops Malicious PDFs from Calling Home

A micropatch is now available for a zero-day vulnerability in Adobe Reader which would allow maliciously crafted PDF documents to call home and send over the victim's NTLM hash to remote attackers in the form of an SMB request. [...]

https://www.bleepingcomputer.com/news/security/adobe-reader-zero-day-micropatch-stops-malicious-pdfs-from-calling-home/

RunC Vulnerability Gives Attackers Root Access on Docker, Kubernetes Hosts

A container breakout security flaw found in the runc container runtime allows malicious containers to overwrite the host runc binary and gain root-level code execution on the host machine. [...]

https://www.bleepingcomputer.com/news/security/runc-vulnerability-gives-attackers-root-access-on-docker-kubernetes-hosts/