Microsoft Provides Mitigations, Workarounds for PrivExchange Vulnerability

Microsoft released a security advisory with mitigation measures and workarounds for an elevation of privilege vulnerability affecting Microsoft Exchange 2013 and newer which was made public by security researcher Dirk-jan Mollema, together with a proof-of-concept tool named PrivExchange. [...]

https://www.bleepingcomputer.com/news/security/microsoft-provides-mitigations-workarounds-for-privexchange-vulnerability/

Wells Fargo Hit By Nationwide Outage, ATMs and Online Banking Down

Wells Fargo customers from all over the U.S. have been reporting that multiple services offered by the multinational financial services company's banking branch, with credit cards, ATMs, and the online banking system reportedly being down. [...]

https://www.bleepingcomputer.com/news/technology/wells-fargo-hit-by-nationwide-outage-atms-and-online-banking-down/

New Phishing Attack Uses Google Translate as Camouflage

A phishing campaign that attempts to steal Google account and Facebook credentials has been discovered that utilizes Google Translate as camouflage on mobile browsers. [...]

https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-google-translate-as-camouflage/

TWOSENSE.AI Awarded $2.42M Behavioral Biometrics Security Contract by DoD

New York AI startup TWOSENSE.AI was awarded a $2.42M contract by the U.S. Department of Defense (DoD) under which it will have to implement an uninterrupted multifactor authentication using deep neural networks which will eventually replace DoD's physical ID chip cards (CAC), with its continuous behavioral biometric authentication. [...]

https://www.bleepingcomputer.com/news/security/twosenseai-awarded-242m-behavioral-biometrics-security-contract-by-dod/

Like Microsoft Edge, Chrome is Getting Tab Hover Card Images

Recently Google added a new experimental feature that displays a small info card when you hover over a tab in Chrome. Similar to Microsoft Edge's tab hover card implementation, Chrome 74 will show a preview image of the associated web site when you hover over its tab. [...]

https://www.bleepingcomputer.com/news/security/like-microsoft-edge-chrome-is-getting-tab-hover-card-images/

Apple Patched Two Actively Exploited Zero-Days in iOS 12.1.4

As revealed by Project Zero team lead Ben Hawkes on Twitter, Apple fixed two zero-day vulnerabilities which were being exploited in the wild before the release of the iOS 12.1.4 security update. [...]

https://www.bleepingcomputer.com/news/security/apple-patched-two-actively-exploited-zero-days-in-ios-1214/

Coinminer Targets Linux, Kills Competition to Maximize Profits

A new coinminer malware strain which targets the Linux platform and installs the XMR-Stak Cryptonight cryptocurrency miner has been observed while searching for and killing other Linux malware and coin miners present on the compromised machine. [...]

https://www.bleepingcomputer.com/news/security/coinminer-targets-linux-kills-competition-to-maximize-profits/

Mail Attachment Builds Ransomware Downloader from Super Mario Image

A malicious spreadsheet has been discovered that builds a PowerShell command from individual pixels in a downloaded image of Mario from Super Mario Bros. When executed, this command will download and install malware such as the GandCrab Ransomware and other malware. [...]

https://www.bleepingcomputer.com/news/security/mail-attachment-builds-ransomware-downloader-from-super-mario-image/

Windows 10 Insider Preview Build 18334 Released With Gaming Improvements

Microsoft has released Windows 10 Insider Preview Build 18334 (19H1) to insiders in the Fast ring. This build adds numerous fixes, changes, and improvements, as well as "technology tailor-made for gaming to Windows." [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-preview-build-18334-released-with-gaming-improvements/

The Week in Ransomware - February 8th 2019 - Shady Data Recovery Companies

This week was mostly filled with new variants of existing ransomware such as STOP, Dharma, and Jigsaw ransomware. We did though have some interesting news, such as a ransomware downloader being created from the pixels of images and shady data recovery companies partnering with GandCrab to make extra profits. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-8th-2019-shady-data-recovery-companies/

Decompiled Undertale RPG Source Code Released on GitHub

The decompiled source code for the popular video game Undertale has been posted to GitHub. This decompilation contains what appears to be all of the game's assets, including its images, scripts, and audio files. [...]

https://www.bleepingcomputer.com/news/gaming/decompiled-undertale-rpg-source-code-released-on-github/

Windows95 v2.0 Let's You Play DOOM, Wolfenstein 3D, and More

Looking for a sense of nostalgia by running Windows 95 and using it to play DOOM, Wolfenstein 3D, and other games? Now you can with the release of a new version of a Windows 95 Electron application that gives you the full experience. [...]

https://www.bleepingcomputer.com/news/security/windows95-v20-lets-you-play-doom-wolfenstein-3d-and-more/

Facebook, Twitter Trackers Whitelisted by Brave Browser

The Brave Browser promotes itself on being built from the ground up to provide enhanced privacy to its users. Yet, users voiced concern today after finding a section of the browser's source code that shows tracking scripts for Facebook and Twitter are whitelisted so that they are not blocked by the browser. [...]

https://www.bleepingcomputer.com/news/security/facebook-twitter-trackers-whitelisted-by-brave-browser/

First CryptoCurrency Clipboard Hijacker Found on Google Play Store

Researchers last week found the first Android app on the Google Play store that monitors a device's clipboard for Bitcoin and Ethereum addresses and swaps them for addresses under the attacker's control. This allows the attackers to steal any payments you make without your knowledge that you sent it to the wrong address. [...]

https://www.bleepingcomputer.com/news/security/first-cryptocurrency-clipboard-hijacker-found-on-google-play-store/

New Offensive USB Cable Allows Remote Attacks over WiFi

Like a scene from a James Bond or Mission Impossible movie, a new offensive USB cable plugged into a computer could allow attackers to execute commands over WiFi as if they were using the computer's keyboard.  [...]

https://www.bleepingcomputer.com/news/security/new-offensive-usb-cable-allows-remote-attacks-over-wifi/

Adobe Reader Zero-Day Micropatch Stops Malicious PDFs from Calling Home

A micropatch is now available for a zero-day vulnerability in Adobe Reader which would allow maliciously crafted PDF documents to call home and send over the victim's NTLM hash to remote attackers in the form of an SMB request. [...]

https://www.bleepingcomputer.com/news/security/adobe-reader-zero-day-micropatch-stops-malicious-pdfs-from-calling-home/

RunC Vulnerability Gives Attackers Root Access on Docker, Kubernetes Hosts

A container breakout security flaw found in the runc container runtime allows malicious containers to overwrite the host runc binary and gain root-level code execution on the host machine. [...]

https://www.bleepingcomputer.com/news/security/runc-vulnerability-gives-attackers-root-access-on-docker-kubernetes-hosts/

Microsoft States Windows Update DNS Issues are Finally Fixed

In an updated Windows 10 and Windows Server 2019 update history support article, Microsoft has stated that the Windows Update DNS issue should now be fully resolved as all local ISPs have refreshed their DNS servers and are now using the correct DNS records. [...]

https://www.bleepingcomputer.com/news/security/microsoft-states-windows-update-dns-issues-are-finally-fixed/

Privacy Protection Bypass Flaw in macOS Gives Access to Browsing History

A macOS privacy protection bypass flaw could allow potential attackers to access data stored in restricted folders on all macOS Mojave release up to the 10.14.3 Supplemental Update released on February 7.. [...]

https://www.bleepingcomputer.com/news/security/privacy-protection-bypass-flaw-in-macos-gives-access-to-browsing-history/

Coalition of State Attorney Generals Urge FTC to Update Identity Theft Rules

A coalition of 31 state attorneys general responded to an FTC request for public comment on its Identity Theft Rules review with an appeal to update them to allow banks and creditors to keep up with new tech designed to block identity theft attempts. [...]

https://www.bleepingcomputer.com/news/security/coalition-of-state-attorney-generals-urge-ftc-to-update-identity-theft-rules/

Hackers Wipe VFEmail Servers, May Shut Down After Catastrophic Data Loss

The U.S. servers of privacy-focused e-mail provider VFEmail were hacked into on February 11 and all the data was destroyed, on both the main and the backup systems. According to VFEmail's owner, the hackers did not leave a ransom note and, given the extent of the destruction, the service will most likely go offline to never return. [...]

https://www.bleepingcomputer.com/news/security/hackers-wipe-vfemail-servers-may-shut-down-after-catastrophic-data-loss/