macOS Breaks Your OpSec by Caching Data From Encrypted Hard Drives

Apple's macOS surreptitiously creates and caches thumbnails for images and other file types stored on password-protected / encrypted containers (hard drives, partitions), according to Wojciech Reguła and Patrick Wardle, two macOS security experts. [...]

https://www.bleepingcomputer.com/news/apple/macos-breaks-your-opsec-by-caching-data-from-encrypted-hard-drives/

Vendor Patches Seven Vulnerabilities Across 392 Camera Models

Axis Communications AB, a Swedish manufacturer of network cameras for physical security and video surveillance, has patched seven security flaws across nearly 400 security camera models. [...]

https://www.bleepingcomputer.com/news/security/vendor-patches-seven-vulnerabilities-across-392-camera-models/

75% of Malware Uploaded on “No-Distribute” Scanners Is Unknown to Researchers

Three-quarters of malware samples uploaded to "no-distribute scanners" are never shared on "multiscanners" like VirusTotal, and hence, they remain unknown to security firms and researchers for longer periods of time. [...]

https://www.bleepingcomputer.com/news/security/75-percent-of-malware-uploaded-on-no-distribute-scanners-is-unknown-to-researchers/

Upcoming iOS 12 Will Share Emergency Location With 911 Services

Apple announced today that the next version of the iOS operating system —iOS 12— would automatically and securely share a caller's geo-location with 911 emergency services across the US. [...]

https://www.bleepingcomputer.com/news/apple/upcoming-ios-12-will-share-emergency-location-with-911-services/

Ex-CIA Employee Charged with Leak of Classified CIA Vault 7 Hacking Tools

The Department of Justice has announced new charges against former CIA software engineer Joshua Schulte for allegedly leaking classified CIA documents, software projects, and hacking utilities called Vault 7 to WikiLeaks. [...]

https://www.bleepingcomputer.com/news/government/ex-cia-employee-charged-with-leak-of-classified-cia-vault-7-hacking-tools/

Senate Votes to Reimpose ZTE Ban Despite President Trump's Efforts

The US Senate passed the National Defense Authorization Act (NDAA) yesterday that includes a clause to reinstate a ban on Chinese hardware vendor ZTE. [...]

https://www.bleepingcomputer.com/news/government/senate-votes-to-reimpose-zte-ban-despite-president-trumps-efforts/

Over 22,000 Container Orchestration Systems Connected to the Internet

The admin consoles of over 22,000 container orchestration and API management systems are currently exposed online, according to a report published on Monday by Lacework, a company specialized in cloud security. [...]

https://www.bleepingcomputer.com/news/security/over-22-000-container-orchestration-systems-connected-to-the-internet/

Malware That Hit Pyeongchang Olympics Deployed in New Attacks

Olympic Destroyer, the malware that hit Pyeongchang 2018 Winter Olympics, is still alive and infecting new victims, according to a report published earlier today by Russian antivirus vendor Kaspersky Labs. [...]

https://www.bleepingcomputer.com/news/security/malware-that-hit-pyeongchang-olympics-deployed-in-new-attacks/

TRON Cryptocurrency Founder Acquires BitTorrent

Jason Sun, the man behind the TRON (TRX) cryptocurrency, has reportedly agreed to buy the company behind the BitTorrent technology, the eponymous client, and the uTorrent client. [...]

https://www.bleepingcomputer.com/news/business/tron-cryptocurrency-founder-acquires-bittorrent/

ZeroFont Technique Lets Phishing Emails Bypass Office 365 Security Filters

Cyber-criminals are currently using a trick that allows them to bypass Microsoft's security filters and deliver spam and phishing emails to Office 365 email accounts. [...]

https://www.bleepingcomputer.com/news/security/zerofont-technique-lets-phishing-emails-bypass-office-365-security-filters/

Bumbling Hacker "Bitcoin Baron" Sentenced to 20 Months in Prison

A hacker once considered "the Internet's most inept criminal" received on Monday a prison sentence of 20 months in prison for launching DDoS attacks against the city of Madison, Wisconsin —attacks which caused delays and outages to various municipality services, including its 911 emergency call center. [...]

https://www.bleepingcomputer.com/news/security/bumbling-hacker-bitcoin-baron-sentenced-to-20-months-in-prison/

VirusTotal Monitor Alerts You When Your Program Has False Positives

VirusTotal announced today a new paid service called "VirusTotal Monitor" that will alert subscribers when their program have been detected by antivirus vendors as malware. This allows developers & the antivirus vendor to be immediately notified in order to quickly clean up the incorrect detection, or false positive, in the program. [...]

https://www.bleepingcomputer.com/news/security/virustotal-monitor-alerts-you-when-your-program-has-false-positives/

Chinese Hackers Target Satellite, Geospatial Imaging, Defense Companies

A cyber-espionage group believed to be operating out of China hacked companies who develop satellite communications, geospatial imaging, and defense contractors from both United States and Southeast Asia. [...]

https://www.bleepingcomputer.com/news/security/chinese-hackers-target-satellite-geospatial-imaging-defense-companies/

OpenBSD Disables Intel CPU Hyper-Threading Due to Security Concerns

The OpenBSD project announced today plans to disable support for Intel CPU hyper-threading due to security concerns regarding the theoretical threat of more "Spectre-class bugs." [...]

https://www.bleepingcomputer.com/news/security/openbsd-disables-intel-cpu-hyper-threading-due-to-security-concerns/

Bithumb Hacked Second Time in a Year. Hackers Steal $31 Million

For the second time in a year, South Korean cryptocurrency exchange Bithumb has been hacked, and this time around, hackers stole the equivalent of 35 billion won ($31.6 million) worth of cryptocurrency. [...]

https://www.bleepingcomputer.com/news/security/bithumb-hacked-second-time-in-a-year-hackers-steal-31-million/

Bithumb Hacked Second Time in a Year. Hackers Steal $31 Million

For the second time in a year, South Korean cryptocurrency exchange Bithumb has been hacked, and this time around, hackers stole the equivalent of 35 billion won ($31.6 million) worth of cryptocurrency. [...]

https://www.bleepingcomputer.com/news/security/bithumb-hacked-second-time-in-a-year-hackers-steal-31-million/

Google, Roku, Sonos to Fix DNS Rebinding Attack Vector

The developer teams from Google Home, Roku TV, and Sonos, are preparing security patches to prevent DNS rebinding attacks on their devices. Roku has already started deploying updates, while Google and Sonos are expected to deploy patches next month. [...]

https://www.bleepingcomputer.com/news/security/google-roku-sonos-to-fix-dns-rebinding-attack-vector/

Hacking Forum Ad Peddles New Kardon Loader Malware

Security researchers have spotted a new commercial malware product that's been put up for sale on hacking forums for the lowly price of only $50, paid in Bitcoin. Named Kardon Loader, this is a new malware strain, currently still under development, in a "beta" stage according to its author. [...]

https://www.bleepingcomputer.com/news/security/hacking-forum-ad-peddles-new-kardon-loader-malware/

Steam Blocks Dutch Users from Trading CS:GO and Dota 2 Items To Avoid Legal Action

As of yesterday, Dutch owners of Counter-Strike: Global Offensive and Dota 2 are being greeted with a news message on Steam stating that they are no longer allowed to trade or perform marketplace transfers for items related to these games. This is due to Dutch law that found certain Loot Boxes to be considered gambling. [...]

https://www.bleepingcomputer.com/news/security/steam-blocks-dutch-users-from-trading-cs-go-and-dota-2-items-to-avoid-legal-action/

Google Updates File Signature Checks for Android Apps

Google is changing how the Play Store app is verifying the authenticity of Android apps before installation. The company plans to modify the header of APK (Android app) files to include a new metadata field that contains the app's file signature. [...]

https://www.bleepingcomputer.com/news/microsoft/google-updates-file-signature-checks-for-android-apps/