AZORult Trojan Serving Aurora Ransomware by MalActor Oktropys

Towards the end of July 2018, we saw a new version of the AZORult trojan being used in malware campaigns targeting computers globally. In this article, we will dive into the malware and analyze its execution flow and payloads. [...]

https://www.bleepingcomputer.com/news/security/azorult-trojan-serving-aurora-ransomware-by-malactor-oktropys/

Zero-Day In Microsoft’s VBScript Engine Used By Darkhotel APT

A vulnerability in the VBScript engine has been used by hackers working for North Korea to compromise systems targeted by the Darkhotel operation. [...]

https://www.bleepingcomputer.com/news/security/zero-day-in-microsoft-s-vbscript-engine-used-by-darkhotel-apt/

HackNotice Alerts You When a Site is Hacked or Your Info is Leaked

HackNotice is a service that is designed to alert you when your information has been disclosed in leaked data breaches from hacked sites. HackNotice does this by collecting leaked information from data breaches and compiling it into a database that can be used to determine if your information has been obtained from a hack. [...]

https://www.bleepingcomputer.com/news/security/hacknotice-alerts-you-when-a-site-is-hacked-or-your-info-is-leaked/

Number of Third-Party Cookies on EU News Sites Dropped by 22% Post-GDPR

The number of tracking cookies on EU news sites has gone down by 22% according to a report by the Reuters Institute at the University of Oxford, who looked at cookie usage across EU news sites in two phases, in April 2018 and July 2018, pre and post the introduction of the new EU General Data Protection Regulation (GDPR). [...]

https://www.bleepingcomputer.com/news/technology/number-of-third-party-cookies-on-eu-news-sites-dropped-by-22-percent-post-gdpr/

Windows 10 Screen Sketch App Renamed to Snip & Sketch in Insider Builds

For Windows Insiders in the Skip Ahead ring, Microsoft has renamed their Windows 10 Screen Sketch app to Snip & Sketch.  This new build is not available to users running Windows 10 April 2018 Update or the latest Windows 10 Preview build 17741. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-screen-sketch-app-renamed-to-snip-and-sketch-in-insider-builds/

Canadian Telcos Patch Vulnerability in TRS Systems

All major Canadian internet service providers (ISPs) have patched a vulnerability this week in their telecommunications relay services (TRSs). [...]

https://www.bleepingcomputer.com/news/security/canadian-telcos-patch-vulnerability-in-trs-systems/

JavaScript Web Apps and Servers Vulnerable to ReDoS Attacks

JavaScript web apps and web servers are susceptible to a specific type of vulnerabilities/attacks known as regular expression (regex) denial of service (ReDoS). [...]

https://www.bleepingcomputer.com/news/security/javascript-web-apps-and-servers-vulnerable-to-redos-attacks/

Twitch Glitch Exposed Some Users' Private Messages

Twitch is warning users of a bug in one of its recently retired features that may have exposed some of their messages to other users. [...]

https://www.bleepingcomputer.com/news/security/twitch-glitch-exposed-some-users-private-messages/

New Fox Ransomware Matrix Variant Tries Its Best to Close All File Handles

A new variant of the Matrix Ransomware has been discovered that is renaming encrypted files and then appending the .FOX extension to the file name. Of particular interest, this ransomware could have the most exhaustive process of making sure each and every file is not opened and available for encrypting. [...]

https://www.bleepingcomputer.com/news/security/new-fox-ransomware-matrix-variant-tries-its-best-to-close-all-file-handles/

New "Turning Tables" Technique Bypasses All Windows Kernel Mitigations

Security researchers have discovered a new exploitation technique that they say can bypass the kernel protection measures present in the Windows operating systems. [...]

https://www.bleepingcomputer.com/news/security/new-turning-tables-technique-bypasses-all-windows-kernel-mitigations/

Google Chrome Reporting About Incompatible Applications

In order to eliminate crashes in Chrome, Google has implemented a new feature that reports "incompatible applications" to users after the browser crashes. These warnings are displayed for programs that inject code into the browser and prompt users to remove the incompatible applications. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-reporting-about-incompatible-applications/

Apple Cleans Chinese App Store of Thousands of Fake Apps

Apple has purged its Chinese App Store of fake gambling and lottery software. The company also banned a number of developers that tried to peddle these apps through its market. [...]

https://www.bleepingcomputer.com/news/security/apple-cleans-chinese-app-store-of-thousands-of-fake-apps/

Beware of Spam with Fake Invoices Pushing Hermes 2.1 Ransomware and AZORult

A malspam campaign is underway that pretends to be an invoice for an outstanding payment. When these invoices are opened they install the AZORult information stealing Trojan and the Hermes 2.1 Ransomware onto the recipient's computer. [...]

https://www.bleepingcomputer.com/news/security/beware-of-spam-with-fake-invoices-pushing-hermes-21-ransomware-and-azorult/

Windows 10 Photos App Gets New Image Editing UI in Fast Ring

Microsoft is rolling out a new version of Photos app for Insiders that comes with a slightly improved image editing panel. The new image editing interface features three different editing screens - crop & rotate, filters and adjustments. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-photos-app-gets-new-image-editing-ui-in-fast-ring/

Skype's End-to-End Encryption Goes Live

Support for end-to-end encrypted chats has landed in the stable versions of Skype for Windows, macOS, Linux, Android, and iOS. [...]

https://www.bleepingcomputer.com/news/microsoft/skypes-end-to-end-encryption-goes-live/

USBHarpoon Is a BadUSB Attack with A Twist

Several security experts have built a malicious version of a USB charging cable, one that can compromise a computer in just a few seconds. Once plugged in, it turns into a peripheral device capable of typing and launching commands. [...]

https://www.bleepingcomputer.com/news/security/usbharpoon-is-a-badusb-attack-with-a-twist/

Gmail's Confidential Mode Let's You Send Self-Destructing Emails

Gmail has released a new feature called Confidential Mode that allows you to send self-destructing emails to recipients that can't be forwarded to other users or printed. When using this mode, senders can configure an email to delete itself after a certain amount of time or even restrict access to an email after it was sent. [...]

https://www.bleepingcomputer.com/news/google/gmails-confidential-mode-lets-you-send-self-destructing-emails/

Google Sued Over Misleading Location Tracking Setting

A San Diego man filed a lawsuit against Google last week, on Friday, accusing the Mountain View company of violating his privacy by secretly tracking his phone's location despite his an account setting through which he explicitly forbade the company to do so. [...]

https://www.bleepingcomputer.com/news/google/google-sued-over-misleading-location-tracking-setting/

Microsoft Disrupts APT28 Hacking Campaign Aimed at US Midterm Elections

Microsoft revealed last night that it successfully disrupted a hacking campaign associated with the Russian military intelligence service GRU. [...]

https://www.bleepingcomputer.com/news/security/microsoft-disrupts-apt28-hacking-campaign-aimed-at-us-midterm-elections/

Ryuk Ransomware Crew Makes $640,000 in Recent Activity Surge

A new ransomware strain named Ryuk is making the rounds, and, according to current reports, the group behind it has already made over $640,000 worth of Bitcoin. [...]

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-crew-makes-640-000-in-recent-activity-surge/