U-Boot's Trusted Boot Validation Bypassed

Memory handling issues in U-Boot open-source bootloader for embedded devices make possible multiple exploitation techniques that lead to arbitrary code execution. [...]

https://www.bleepingcomputer.com/news/security/u-boots-trusted-boot-validation-bypassed/

Apache Struts Team Urges Users for Library Update to Plug Years-Old Bugs

In an advisory yesterday, the Apache Software Foundation reiterates its recommendation for users of Struts to make sure their installations run a version of the Commons FileUpload library newer than 1.3.2, lest they expose their projects to possible remote code execution attacks. [...]

https://www.bleepingcomputer.com/news/security/apache-struts-team-urges-users-for-library-update-to-plug-years-old-bugs/

Hacking is the Lesser Evil for the U.S. Midterm Elections

The security of today's midterm elections in the US depend in part on the integrity of the electronic voting machines and the thwarting of foreign influence campaigns. As cyber attacks are expected, several government agencies have joined forces to combat influence efforts and help state and local officials secure the election. [...]

https://www.bleepingcomputer.com/news/security/hacking-is-the-lesser-evil-for-the-us-midterm-elections/

WordPress Design Flaw + WooCommerce Vulnerability Leads to Site Takeover

A design flaw in the WordPress permission system used by plugins and a file deletion vulnerability in a very popular eCommerce plugin called WooCommerce could allow attackers to gain full control over a WordPress site. [...]

https://www.bleepingcomputer.com/news/security/wordpress-design-flaw-woocommerce-vulnerability-leads-to-site-takeover/

HSBC Bank Data Breach Exposed Account Numbers, Balances, and More

A data breach at HSBC Bank has allowed attackers to gain access to a limited amount of customer's information such as account numbers, balances, addresses, transaction history, and much more. [...]

https://www.bleepingcomputer.com/news/security/hsbc-bank-data-breach-exposed-account-numbers-balances-and-more/

VirtualBox Zero-Day Vulnerability Details and Exploit Are Publicly Available

A Russian vulnerability researcher and exploit developer has published detailed information about a zero-day vulnerability in VirtualBox. His explanations include step-by-step instructions for exploiting the bug. [...]

https://www.bleepingcomputer.com/news/security/virtualbox-zero-day-vulnerability-details-and-exploit-are-publicly-available/

November Android Security Update Fixes Critical Bugs, Drops Media Library

Google released to all users and partners its November security bulletin for the Android operating system, with fixes for critical remote code execution (RCE) and privilege escalation vulnerabilities. [...]

https://www.bleepingcomputer.com/news/security/november-android-security-update-fixes-critical-bugs-drops-media-library/

Erratic Windows 10 Bug Breaks Changing of Default File Associations

For quite some time, users have been reporting an inconsistent bug in Windows 10 that prevents them from changing the default program that are associated with a file type. [...]

https://www.bleepingcomputer.com/news/microsoft/erratic-windows-10-bug-breaks-changing-of-default-file-associations/

Windows 10 19H1 Build 18277 Is Now Available With Action Center Improvements

Windows 10 19H1 preview build 18277 is now rolling out to the Insiders in the Fast and Skip Ahead Ring with some notable improvements. This test build improves Focus Assist feature, Action Center, introduces new Emojis and more. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-19h1-build-18277-is-now-available-with-action-center-improvements/

Beware of "Unofficial" Sites Pushing Notepad2 Adware Bundles

If you are looking to download the very popular Notepad replacement called Notepad2, be careful of sites created to look official, but actually distribute Notepad2 as an adware bundle. [...]

https://www.bleepingcomputer.com/news/security/beware-of-unofficial-sites-pushing-notepad2-adware-bundles/

Microsoft Releases Info on Protecting BitLocker From DMA Attacks

Soon after research was released that BitLocker drives could be decrypting using SSD hardware encryption flaws, Microsoft  released yesterday a support bulletin describing how to protect BitLocker from 1394 & Thunderbolt DMA attacks. [...]

https://www.bleepingcomputer.com/news/security/microsoft-releases-info-on-protecting-bitlocker-from-dma-attacks/

Microsoft Bug is Deactivating Windows 10 Pro Licenses and Downgrading to Home

A bug in what appears to be the Microsoft Windows activation service is causing Windows 10 Pro licenses to be downgraded to Windows 10 Home and then stating that Windows is not activated. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-bug-is-deactivating-windows-10-pro-licenses-and-downgrading-to-home/

Google’s File Go Storage Being Rebranded for Its 30 Million Users

Google announced today that their Android Files Go storage app is being rebranded to the new name of Files by Google and that in less than a year, they have 30 million monthly users all over the world. [...]

https://www.bleepingcomputer.com/news/google/google-s-file-go-storage-being-rebranded-for-its-30-million-users/

DJI Drone Flight Logs, Photos and Videos Exposed to Unauthorized Access

Popular drone maker DJI exposed user accounts to unauthorized access along with information that passes through the vendor's digital infrastructure; this includes flight logs, videos and images captured by the devices, live camera and microphone feed, and map. [...]

https://www.bleepingcomputer.com/news/security/dji-drone-flight-logs-photos-and-videos-exposed-to-unauthorized-access/

Notorious "DerpTrolling" Pleads Guilty to DDoS Attacks on EA & Sony

A Utah resident named Austin Thompson has pleaded guilty in federal court in San Diego for performing DDoS attacks against multiple victims from 2013 to 2014. These victims ranged from small Twitch streamers to major gaming companies such as EA, Sony, and Microsoft. [...]

https://www.bleepingcomputer.com/news/security/notorious-derptrolling-pleads-guilty-to-ddos-attacks-on-ea-and-sony/

Chrome 71 Will Warn Users about Deceptive Mobile Billing Pages

Starting in Chrome 71, Google will warn Chrome users when they are visiting pages that use deceptive forms to sign visitors up for mobile subscriptions. [...]

https://www.bleepingcomputer.com/news/google/chrome-71-will-warn-users-about-deceptive-mobile-billing-pages/

Linux CryptoMiners Are Now Using Rootkits to Stay Hidden

To make it harder to spot a cryptominer process that is utilizing all of the CPU, a new variant has been discovered for Linux that attempts to hide its presence by utilizing a rootkit. [...]

https://www.bleepingcomputer.com/news/security/linux-cryptominers-are-now-using-rootkits-to-stay-hidden/

The Week in Ransomware - November 9th 2018 - Mostly Dharma Variants

It was a very slow week for ransomware news. For the most part, it was mostly new Dharma ransomware variants and a few smaller variants being released. Stay vigilant, though, as a slow week does not mean ransomware is not a threat. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-9th-2018-mostly-dharma-variants/

Internal Chrome Page Shows All Google Interstitial Warnings

An internal Google Chrome page allows users to see all interstitial warnings or notifications that may be encountered while browsing the web with Chrome. [...]

https://www.bleepingcomputer.com/news/security/internal-chrome-page-shows-all-google-interstitial-warnings/

Cloudflare Brings its 1.1.1.1 DNS Service to Android & iOS Mobile Devices

This past April, Cloudflare and APNIC released a new 1.1.1.1 public DNS resolver service whose goal was not only to make looking up Internet addresses faster, but also make them more private. Today, Cloudflare has released a 1.1.1.1 app for Android and iOS to easily bring these same features to your mobile devices. [...]

https://www.bleepingcomputer.com/news/security/cloudflare-brings-its-1111-dns-service-to-android-and-ios-mobile-devices/