macOS High Sierra Logs Encryption Passwords in Plaintext for APFS External Drives

macOS High Sierra users are once again impacted by a major APFS bug after two other major vulnerabilities affected Apple's new filesystem format in the last five months. [...]

https://www.bleepingcomputer.com/news/apple/macos-high-sierra-logs-encryption-passwords-in-plaintext-for-apfs-external-drives/

Meltdown Patch Opened Bigger Security Hole on Windows 7

Microsoft's Meltdown patch has opened an even bigger security hole on Windows 7, allowing any user-level application to read content from the operating system's kernel, and even write data to kernel memory. [...]

https://www.bleepingcomputer.com/news/microsoft/meltdown-patch-opened-bigger-security-hole-on-windows-7/

Facebook Wants Security Researchers to Hunt Down Apps That Misuse User Data

In the wake of the Cambridge Analytica data misuse scandal, Facebook has announced important changes to its app platform, along with improvements to its official bug bounty program that will incentivize and reward security researchers for hunting down third-party Facebook apps that misuse user data. [...]

https://www.bleepingcomputer.com/news/security/facebook-wants-security-researchers-to-hunt-down-apps-that-misuse-user-data/

Hajime Botnet Makes a Comeback With Massive Scan for MikroTik Routers

If you've been following the infosec Twitter community for the last few days, you couldn't ignore the constant talk about the massive scans currently taking place online, carried out by a Hajime IoT botnet looking to mass-infect unpatched MikroTik devices. [...]

https://www.bleepingcomputer.com/news/security/hajime-botnet-makes-a-comeback-with-massive-scan-for-mikrotik-routers/

Microsoft Releases Tool for Running Any Linux OS on Windows 10

Microsoft has released a tool on Monday to help Linux aficionados in porting their favorite Linux distro to run on the Windows Subsystem for Linux (WSL), a Windows 10 component that sideloads Linux distros on modern Windows 10 PCs. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-tool-for-running-any-linux-os-on-windows-10/

Many VPN Providers Leak Customer's IP Address via WebRTC Bug

Around 20% of today's top VPN solutions are leaking the customer's IP address via a WebRTC bug known since January 2015, and which apparently some VPN providers have never heard of. [...]

https://www.bleepingcomputer.com/news/security/many-vpn-providers-leak-customers-ip-address-via-webrtc-bug/

Android Monero-Mining Malware Can Cause Device Failure

Trend Micro security experts have warned users today about a new type of Android malware that infects devices and untetheredly mines Monero in the phone's background until the battery is exhausted or the device gives out. [...]

https://www.bleepingcomputer.com/news/security/android-monero-mining-malware-can-cause-device-failure/

Facebook Reveals the "Access Your Information" Data Tool and New Privacy Shortcuts

In its first step to try and restore confidence in its platform after the Cambridge Analytica fiasco, Facebook has unveiled more organized privacy settings and a new data management tool called "Access Your Information".  [...]

https://www.bleepingcomputer.com/news/security/facebook-reveals-the-access-your-information-data-tool-and-new-privacy-shortcuts/

Angry Users Donate $120K to Cancer Research After Brian Krebs' Coinhive Article

The angry userbase of pr0gramm.com, a German image board similar to Imgur, has donated over €103,000 ($126,000) to local cancer research organizations as a way to protest against an article published by Brian Krebs, an IT security journalist. [...]

https://www.bleepingcomputer.com/news/security/angry-users-donate-120k-to-cancer-research-after-brian-krebs-coinhive-article/

Drupal Fixes Drupalgeddon2 Security Flaw That Allows Hackers to Take Over Sites

The Drupal CMS team has fixed a highly critical security flaw that allows hackers to take over a site just by accessing an URL. [...]

https://www.bleepingcomputer.com/news/security/drupal-fixes-drupalgeddon2-security-flaw-that-allows-hackers-to-take-over-sites/

Microsoft's Cloud Clipboard Feature Spotted in Windows 10 Redstone 5 Build

Windows sleuths found a string that references the Cloud Clipboard feature in the latest skip ahead build for Windows 10 Redstone 5. [...]

https://www.bleepingcomputer.com/news/security/microsofts-cloud-clipboard-feature-spotted-in-windows-10-redstone-5-build/

Boeing Is Dealing With a Suspected WanaCry Ransomware Outbreak

In a baffling turn of events, computers at Boeing have allegedly been infected with the WannaCry Ransomware. According to the Seattle Times, a memo was sent out by a Boeing employee that states that systems have been affected and that their were concerns the ransomware would "spread to airplane software". [...]

https://www.bleepingcomputer.com/news/security/boeing-is-dealing-with-a-suspected-wanacry-ransomware-outbreak/

Cisco Removes Backdoor Account from IOS XE Software

Cisco removed today a backdoor account from its IOS XE operating system that would have allowed a remote attacker to log into Cisco routers and switches with a high-privileged account. [...]

https://www.bleepingcomputer.com/news/security/cisco-removes-backdoor-account-from-ios-xe-software/

QR Code Bug in Apple iOS 11 Can Lead Users to Malicious Sites

Scammers and malware authors can abuse the QR code reading function added the default camera app of iOS 11, and they can use this bug to redirect users to malicious URLs. [...]

https://www.bleepingcomputer.com/news/apple/qr-code-bug-in-apple-ios-11-can-lead-users-to-malicious-sites/

Facebook Pulling "Partner Categories" Ad Targeting Product to Increase Privacy

Facebook has announced that they are shutting down access to the "Partner Categories" targeting feature for Facebook advertisers. Partner Categories is a product that allowed Facebook advertisers to directly target the social site's users based on data provided by third-party providers, rather than data compiled directly by Facebook. [...]

https://www.bleepingcomputer.com/news/technology/facebook-pulling-partner-categories-ad-targeting-product-to-increase-privacy/

81% of Recent ICOs Were Scams, Research Finds

Four out of five initial coin offerings (ICOs) that have taken place in the last year have been classified as scams, according to a recent study by Satis Group, an ICO advisory firm. [...]

https://www.bleepingcomputer.com/news/cryptocurrency/81-percent-of-recent-icos-were-scams-research-finds/

Power Company in India Hacked and Billing Data Ransomed for 10 Million Rupees

Last week hackers gained access to the computer systems of the Uttar Haryana Bijli Vitran Nigam (UHBVN) power company in India and stole the billing data of their customers. In order to get the data back, the attackers are demanding 1 RS Core, or 10 million Rupess, for the stolen data. This is equivalent to approximately $150,000 USD [...]

https://www.bleepingcomputer.com/news/security/power-company-in-india-hacked-and-billing-data-ransomed-for-10-million-rupees/

Apple Releases Security Updates for iOS, watchOS, tvOS, and Xcode

Today Apple has released security updates for iOS, watchOS, tvOS, and Xcode. Many of the resolved vulnerabilities allow for privilege escalation, remote code execution, and information disclosure.  Due to the nature of these vulnerabilities, it is strongly advised that all users update their devices as soon as possible. [...]

https://www.bleepingcomputer.com/news/apple/apple-releases-security-updates-for-ios-watchos-tvos-and-xcode/

Apple Releases The "Battery Health" Beta Diagnostic Tool in iOS 11.3

As part of today's mega iOS 11.3 update, Apple has finally unveiled their promised Battery Health tool. Using the Battery Health tool, owners of iPhone 6 and later can check whether their battery is performing optimally, if the speed of the phone has been decreased due to the battery, and if it needs to be replaced. [...]

https://www.bleepingcomputer.com/news/apple/apple-releases-the-battery-health-beta-diagnostic-tool-in-ios-113/

Mole66 Cryptomix Ransomware Variant Released

Today MalwareHunterTeam discovered a new variant of the Cryptomix Ransomware that appends the .MOLE66 extension to encrypted files, changes the contact email, and slightly changes the ransom note's name. In the past, we used to see new variants a few times a month, but this time it has been almost 2 months since the previous variant. [...]

https://www.bleepingcomputer.com/news/security/mole66-cryptomix-ransomware-variant-released/