Windows 10 Cumulative Update KB4467708, KB4464455 and KB4467702 Released

Windows 10 cumulative updates for Windows 10 October 2018 Update, Windows 10 April 2018 Update and Windows 10 Fall Creators Update is now rolling out to compatible devices. Today's update for Windows 10 has addressed the security and non-security issues. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-update-kb4467708-kb4464455-and-kb4467702-released/

Microsoft November 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities

Today is Microsoft's November 2018 Patch Tuesday, which means we get a ton of security updates to install for Windows and other Microsoft products. As these updates are commonly exploited by attackers, malware, and exploit kits, it is strongly advised that all users install these updates as soon as possible. [...]

https://www.bleepingcomputer.com/news/security/microsoft-november-2018-patch-tuesday-fixes-12-critical-vulnerabilities/

Microsoft Releases Windows 7 & 8.1 Cumulative Updates KB4467107 & KB4467697

After releasing cumulative updates for all supported versions of Windows 10, Microsoft has also released a new patch for Windows 7 and 8.1 with security and general fixes.  [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-7-and-81-cumulative-updates-kb4467107-and-kb4467697/

Adobe Releases Security Update for Acrobat Vulnerability with Public PoC

Adobe has published their monthly Patch Tuesday updates for the month of November 2018. These updates are for Flash Player, Adobe Acrobat and Reader, and Photoshop CC. [...]

https://www.bleepingcomputer.com/news/security/adobe-releases-security-update-for-acrobat-vulnerability-with-public-poc/

The US Office of Personnel Management Systems Are Still Insecure

The security posture of the Office of Personnel Management has improved drastically and by the end of the year, the agency is on track to meeting almost all recommendations the US Government Accountability Office (GAO) made over the past two years. Full compliance is expected by the end of 2019. [...]

https://www.bleepingcomputer.com/news/security/the-us-office-of-personnel-management-systems-are-still-insecure/

Microsoft Patches Windows Zero-Day Exploited in Cyber Attacks

A zero-day vulnerability in certain editions of Windows operating system helped at least one advanced threat group increase their privileges on compromised machines until Microsoft patched it with this month's release of security updates. [...]

https://www.bleepingcomputer.com/news/security/microsoft-patches-windows-zero-day-exploited-in-cyber-attacks/

State-Sponsored Actors Focus Attacks on Asia

Southeast Asia is the most actively attacked region, accordingly to Cyber Security firm, Group-IB. Their annual Hi-Tech Crime Trends Report 2018 advises: "In just one year, 21 state-sponsored groups were detected in this area, which is more than in the United States and Europe." [...]

https://www.bleepingcomputer.com/news/security/state-sponsored-actors-focus-attacks-on-asia/

Infowars Store Affected by Magecart Credit Card Stealing Hack

A MageCart credit card skimming attack has been discovered on the online store for the Infowars web site. Visitors who purchased anything on the store while the malicious code was present, would have had their payment information sent to the attacker's server in Lithuania. [...]

https://www.bleepingcomputer.com/news/security/infowars-store-affected-by-magecart-credit-card-stealing-hack/

iPhone X, Galaxy S9, Xiaomi Mi6 Fall at Pwn2Own Tokyo

iPhone X, Samsung Galaxy S9, and Xiaomi Mi6 all fell at the hands of hackers that found bugs in various components and crafted exploits that allowed complete take over of the targeted device. [...]

https://www.bleepingcomputer.com/news/security/iphone-x-galaxy-s9-xiaomi-mi6-fall-at-pwn2own-tokyo/

Windows 10 Build 18282 Released To Insiders With New Light Theme

Windows 10 19H1 Build 18282 is now available to Insiders in Fast and Skip Ahead Rings. Today's preview update for Windows 10 brings a light theme to Start Menu, Taskbar, Action Center and other elements. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-build-18282-released-to-insiders-with-new-light-theme/

Misconfigured Docker Services Actively Exploited in Cryptojacking Operation

Adversaries looking for an easy way to mine for cryptocurrency are actively targeting publicly exposed Docker services. They use a malicious script capable to scan the network in search of vulnerable hosts and compromise them. [...]

https://www.bleepingcomputer.com/news/security/misconfigured-docker-services-actively-exploited-in-cryptojacking-operation/

Firefox Now Shows Warnings On Sites with Data Breaches

Mozilla's has added a new feature to their desktop Quantum Browser that displays a warning from Firefox Monitor when visiting a site that previously had a data breach. These warnings are designed to alert people about possible concerns and to suggest they check their email to see if it was part of the breach. [...]

https://www.bleepingcomputer.com/news/security/firefox-now-shows-warnings-on-sites-with-data-breaches/

New Gmail Bug Allows Sending Messages Anonymously

A new bug discovered in Gmail affects the web app's user experience by hiding the source address of an email, a situation that comes with an obvious potential for abuse. [...]

https://www.bleepingcomputer.com/news/security/new-gmail-bug-allows-sending-messages-anonymously/

Vulnerability in AMP for WP Plugin Allowed Admin Access to WordPress

A vulnerability for the very popular AMP for WP WordPress plugin with a 100 thousand active installations was discovered that allows any registered users to escalate their privileges to gain administrative access to the site. [...]

https://www.bleepingcomputer.com/news/security/vulnerability-in-amp-for-wp-plugin-allowed-admin-access-to-wordpress/

Hands-Free Skype Calling Now Available using Amazon Alexa

Microsoft today confirmed that Skype calling is coming to Amazon Echo devices but the feature doesn't appear to be available just yet. You will need to install the Skype integration to access Microsoft's calling functionality. [...]

https://www.bleepingcomputer.com/news/microsoft/hands-free-skype-calling-now-available-using-amazon-alexa/

VisionDirect Data Breach Caused by MageCart Attack

VisionDirect, a popular contact lens online merchant in Europe, has posted an advisory stating that their web site had a data breach that led to the theft of credit card and account information. [...]

https://www.bleepingcomputer.com/news/security/visiondirect-data-breach-caused-by-magecart-attack/

Emotet Banking Trojan Loves U.S.A Internet Providers

According to new data by TrendMicro, attackers utilizing the Emotet banking Trojan predominantly used internet provides in the U.S.A. to host their Command & Control infrastructure. [...]

https://www.bleepingcomputer.com/news/security/emotet-banking-trojan-loves-usa-internet-providers/

Fake Apps in Google Play Get over Half a Million Installs

At least a dozen mobile apps with no legitimate functionality made it into Google Play and have been installed over half a million times. They would silently install another app and trick the user into approving its installation. [...]

https://www.bleepingcomputer.com/news/security/fake-apps-in-google-play-get-over-half-a-million-installs/

Holding Down Any iOS Keyboard Button Turns It Into a Mouse

A new tip was spreading around Twitter today that blew my mind and a lot of others; simply pressing and holding any key on the keyboard allows you to easily move the text cursor around like a mouse. [...]

https://www.bleepingcomputer.com/news/apple/holding-down-any-ios-keyboard-button-turns-it-into-a-mouse/

New Cannon Trojan Is the Latest Asset of Sofacy APT Group

Advanced threat group Sofacy delivers a new malware sample dubbed Cannon in a spear-phishing attack that targets government organizations in North America, Europe and in a former Soviet state. [...]

https://www.bleepingcomputer.com/news/security/new-cannon-trojan-is-the-latest-asset-of-sofacy-apt-group/