Windows 10 Screen Sketch App Renamed to Snip & Sketch in Insider Builds

For Windows Insiders in the Skip Ahead ring, Microsoft has renamed their Windows 10 Screen Sketch app to Snip & Sketch.  This new build is not available to users running Windows 10 April 2018 Update or the latest Windows 10 Preview build 17741. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-screen-sketch-app-renamed-to-snip-and-sketch-in-insider-builds/

Canadian Telcos Patch Vulnerability in TRS Systems

All major Canadian internet service providers (ISPs) have patched a vulnerability this week in their telecommunications relay services (TRSs). [...]

https://www.bleepingcomputer.com/news/security/canadian-telcos-patch-vulnerability-in-trs-systems/

JavaScript Web Apps and Servers Vulnerable to ReDoS Attacks

JavaScript web apps and web servers are susceptible to a specific type of vulnerabilities/attacks known as regular expression (regex) denial of service (ReDoS). [...]

https://www.bleepingcomputer.com/news/security/javascript-web-apps-and-servers-vulnerable-to-redos-attacks/

Twitch Glitch Exposed Some Users' Private Messages

Twitch is warning users of a bug in one of its recently retired features that may have exposed some of their messages to other users. [...]

https://www.bleepingcomputer.com/news/security/twitch-glitch-exposed-some-users-private-messages/

New Fox Ransomware Matrix Variant Tries Its Best to Close All File Handles

A new variant of the Matrix Ransomware has been discovered that is renaming encrypted files and then appending the .FOX extension to the file name. Of particular interest, this ransomware could have the most exhaustive process of making sure each and every file is not opened and available for encrypting. [...]

https://www.bleepingcomputer.com/news/security/new-fox-ransomware-matrix-variant-tries-its-best-to-close-all-file-handles/

New "Turning Tables" Technique Bypasses All Windows Kernel Mitigations

Security researchers have discovered a new exploitation technique that they say can bypass the kernel protection measures present in the Windows operating systems. [...]

https://www.bleepingcomputer.com/news/security/new-turning-tables-technique-bypasses-all-windows-kernel-mitigations/

Google Chrome Reporting About Incompatible Applications

In order to eliminate crashes in Chrome, Google has implemented a new feature that reports "incompatible applications" to users after the browser crashes. These warnings are displayed for programs that inject code into the browser and prompt users to remove the incompatible applications. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-reporting-about-incompatible-applications/

Apple Cleans Chinese App Store of Thousands of Fake Apps

Apple has purged its Chinese App Store of fake gambling and lottery software. The company also banned a number of developers that tried to peddle these apps through its market. [...]

https://www.bleepingcomputer.com/news/security/apple-cleans-chinese-app-store-of-thousands-of-fake-apps/

Beware of Spam with Fake Invoices Pushing Hermes 2.1 Ransomware and AZORult

A malspam campaign is underway that pretends to be an invoice for an outstanding payment. When these invoices are opened they install the AZORult information stealing Trojan and the Hermes 2.1 Ransomware onto the recipient's computer. [...]

https://www.bleepingcomputer.com/news/security/beware-of-spam-with-fake-invoices-pushing-hermes-21-ransomware-and-azorult/

Windows 10 Photos App Gets New Image Editing UI in Fast Ring

Microsoft is rolling out a new version of Photos app for Insiders that comes with a slightly improved image editing panel. The new image editing interface features three different editing screens - crop & rotate, filters and adjustments. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-photos-app-gets-new-image-editing-ui-in-fast-ring/

Skype's End-to-End Encryption Goes Live

Support for end-to-end encrypted chats has landed in the stable versions of Skype for Windows, macOS, Linux, Android, and iOS. [...]

https://www.bleepingcomputer.com/news/microsoft/skypes-end-to-end-encryption-goes-live/

USBHarpoon Is a BadUSB Attack with A Twist

Several security experts have built a malicious version of a USB charging cable, one that can compromise a computer in just a few seconds. Once plugged in, it turns into a peripheral device capable of typing and launching commands. [...]

https://www.bleepingcomputer.com/news/security/usbharpoon-is-a-badusb-attack-with-a-twist/

Gmail's Confidential Mode Let's You Send Self-Destructing Emails

Gmail has released a new feature called Confidential Mode that allows you to send self-destructing emails to recipients that can't be forwarded to other users or printed. When using this mode, senders can configure an email to delete itself after a certain amount of time or even restrict access to an email after it was sent. [...]

https://www.bleepingcomputer.com/news/google/gmails-confidential-mode-lets-you-send-self-destructing-emails/

Google Sued Over Misleading Location Tracking Setting

A San Diego man filed a lawsuit against Google last week, on Friday, accusing the Mountain View company of violating his privacy by secretly tracking his phone's location despite his an account setting through which he explicitly forbade the company to do so. [...]

https://www.bleepingcomputer.com/news/google/google-sued-over-misleading-location-tracking-setting/

Microsoft Disrupts APT28 Hacking Campaign Aimed at US Midterm Elections

Microsoft revealed last night that it successfully disrupted a hacking campaign associated with the Russian military intelligence service GRU. [...]

https://www.bleepingcomputer.com/news/security/microsoft-disrupts-apt28-hacking-campaign-aimed-at-us-midterm-elections/

Ryuk Ransomware Crew Makes $640,000 in Recent Activity Surge

A new ransomware strain named Ryuk is making the rounds, and, according to current reports, the group behind it has already made over $640,000 worth of Bitcoin. [...]

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-crew-makes-640-000-in-recent-activity-surge/

Microsoft Office 2016 Updated on Windows Desktop With New Features for Insiders

Microsoft has just rolled out a new Insider update for Office 2016 productivity suite on Windows desktop. The Office 2016 Build 10813.20004 for Windows desktop comes with new features for Word, Excel and PowerPoint [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-office-2016-updated-on-windows-desktop-with-new-features-for-insiders/

MongoDB Server Exposes Babysitting App's Database

The makers of Sitter, a popular app for connecting babysitters with parents, have involuntarily exposed the personal details of over 93,000 users. [...]

https://www.bleepingcomputer.com/news/security/mongodb-server-exposes-babysitting-apps-database/

TLS Certs Outliving Domain Ownership Open Door to MitM and DoS

Digital certificates that allow secure data exchange over the internet can survive domain ownership transfer and can open the door for malicious actions to the previous holder. [...]

https://www.bleepingcomputer.com/news/security/tls-certs-outliving-domain-ownership-open-door-to-mitm-and-dos/

Cloud Product Accidentally Exposes Users' TLS Certificate Private Keys

A severe issue was addressed on Monday, an issue that under certain conditions could be used to expose the private keys for TLS certificates used by companies running their infrastructure on cloud servers. [...]

https://www.bleepingcomputer.com/news/security/cloud-product-accidentally-exposes-users-tls-certificate-private-keys/