Android Users are Receiving Maps Notification Spam and No One Knows Why

Users are receiving spam notifications through the Google Maps app that asks them to share their location in order to get something for free and no one knows why. [...]

https://www.bleepingcomputer.com/news/security/android-users-are-receiving-maps-notification-spam-and-no-one-knows-why/

Apple Fixes Passcode Bypass, RCE Vulnerabilities, and More in Today's Updates.

Today Apple released updates for their core products that includes iCloud, Safari, iTunes, macOS Mojave, High Sierra, Sierra, Shortcuts for iOS 2.1.2, tvOS 12.1.1, and of course iOS 12.1.1. [...]

https://www.bleepingcomputer.com/news/apple/apple-fixes-passcode-bypass-rce-vulnerabilities-and-more-in-todays-updates/

HackerOne Offers Free Sandboxes To Replicate Real-World Security Bugs

HackerOne has announced that it makes available to hackers that want to test and hone their skills a set of five sandbox environments modeled after popular security bugs reported through its platform. [...]

https://www.bleepingcomputer.com/news/security/hackerone-offers-free-sandboxes-to-replicate-real-world-security-bugs/

Windows 10 Version 1809 Cumulative Update Build 17763.168 Released

Microsoft has rolled out a new cumulative update for Windows 10 October 2018 Update (version 1809). Windows 10 KB4469342 has been in testing for quite a while now and today it's rolling out to the general public. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-version-1809-cumulative-update-build-17763168-released/

Unprotected MongoDB Exposes Scraped Profile Data of 66 Million

Information belonging to more than 66 million individuals was discovered in an unprotected database, within anyone's reach, if they knew where to look on the web. The records look like scraped data from LinkedIn profiles. [...]

https://www.bleepingcomputer.com/news/security/unprotected-mongodb-exposes-scraped-profile-data-of-66-million/

Microsoft is Rebuilding Edge Browser using Chromium for Windows & macOS

Microsoft has officially confirmed that they are going to be gutting Edge and converting it into a Chromium based browser. While the engine will change, Microsoft has stated that they will continue utilizing the Microsoft Edge name and will now bring the browser to all supported Windows platforms. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-is-rebuilding-edge-browser-using-chromium-for-windows-and-macos/

Chinese Police Arrest Dev Behind UNNAMED1989 WeChat Ransomware

Chinese law enforcement have arrested the developer of the UNNAMED1989 / WeChat Ransomware that recently took China by storm and infected over 100K users in a few days. [...]

https://www.bleepingcomputer.com/news/security/chinese-police-arrest-dev-behind-unnamed1989-wechat-ransomware/

Mozilla Announces a Native ARM64 version of Firefox

Mozilla has announced that they are beginning development of a native ARM64 version of Firefox for the always on, always connected, multi-core Snapdragon platform with Windows 10. [...]

https://www.bleepingcomputer.com/news/software/mozilla-announces-a-native-arm64-version-of-firefox/

Botnet of 20,000 WordPress Sites Infecting Other WordPress Sites

A botnet consisting of over 20,000 WordPress sites is being used to attack and infect other WordPress sites. Once compromised, these new sites are added to the botnet so that they too can be used to perform commands for the attackers. [...]

https://www.bleepingcomputer.com/news/security/botnet-of-20-000-wordpress-sites-infecting-other-wordpress-sites/

Netbooks, RPis, & Bash Bunny Gear - Attacking Banks from the Inside

Multiple banks in Eastern Europe have been attacked from inside their network via various electronic devices connected directly to the company's own infrastructure, security researchers have discovered. [...]

https://www.bleepingcomputer.com/news/security/netbooks-rpis-and-bash-bunny-gear-attacking-banks-from-the-inside/

DNA Testing Kits & The Security Risks in Digitized DNA

The addition of digitized DNA provides hackers with another target to exploit and opens up a new and challenging frontier for cybersecurity professionals. There are significant implications involved in digitizing DNA.
"The cyber-physical nature of biotechnology raises unprecedented security concerns," coauthors Jean Peccoud, Jenna... [...]

https://www.bleepingcomputer.com/news/security/dna-testing-kits-and-the-security-risks-in-digitized-dna/

DanaBot Banking Trojan Gets into Spam Business

Authors of the DanaBot banking trojans updated the malware with new features that enabled it to harvest email addresses and send out spam straight from the victim's mailbox. [...]

https://www.bleepingcomputer.com/news/security/danabot-banking-trojan-gets-into-spam-business/

Windows 10 Testing New Conversational Date Format in File Explorer

Microsoft is testing a new feature in the Windows 10 19H1 Insider builds (Build 1903) that changes how dates are displayed in File Explorer to a more "conversational format" such as "minutes ago", "yesterday", "hours ago", etc. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-testing-new-conversational-date-format-in-file-explorer/

The Week in Ransomware - December 7th 2018 - WeChat Ransomware, Scammers, & More

This was a pretty interesting week in ransomware. First we had a Chinese ransomware that infected 100,000 victims and then we had research showing how a ransomware decryption service was just paying the ransom and tacking on a large fee. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-7th-2018-wechat-ransomware-scammers-and-more/

WebKit Vulnerability Affects Latest Versions of Apple Safari

A researcher published exploit code for a vulnerability in WebKit, the web browser engine that powers Apple's Safari, along with other apps on macOS, iOS, and Linux. [...]

https://www.bleepingcomputer.com/news/security/webkit-vulnerability-affects-latest-versions-of-apple-safari/

Sextortion Emails now Leading to Ransomware and Info-Stealing Trojans

Sextortion email scams have been a very successful way of generating money for criminals. A new Sextortion campaign is now taking it to the next level by tricking recipients into installing the Azorult information-stealing Trojan, which then downloads and installs the GandCrab ransomware. [...]

https://www.bleepingcomputer.com/news/security/sextortion-emails-now-leading-to-ransomware-and-info-stealing-trojans/

Pressing F7 in the Command Prompt Lists Previously Entered Commands

Did you know that pressing the F7 key while using the Windows command prompt will display a box containing a list of previously typed commands? If not, then these tips may help you use the Command Prompt more efficiently. [...]

https://www.bleepingcomputer.com/news/microsoft/pressing-f7-in-the-command-prompt-lists-previously-entered-commands/

Exploit Code for the Kubernetes Flaw Is Now Available

The recently disclosed critical-impact bug in Kubernetes created strong ripples in the security world of the container-orchestration system. Now, multiple demo exploits exist and come with easy-to-understand explanations. [...]

https://www.bleepingcomputer.com/news/security/exploit-code-for-the-kubernetes-flaw-is-now-available/

Microsoft's New Edge Browser to Support Chrome Extensions - Even Malicious Ones

Microsoft has confirmed that the upcoming Chromium-based Edge browser will also be able to run Chrome extensions. While this will greatly expand the functionality of the browser, it will also open it up to the increasing amount of malicious Chrome extensions that are seen on a daily basis. [...]

https://www.bleepingcomputer.com/news/security/microsofts-new-edge-browser-to-support-chrome-extensions-even-malicious-ones/

Android Clickfraud Op Impersonates iPhones to Bump Ad Premiums

A mobile clickfraud campaign used 22 Android apps to trick online advertisers into paying the higher price for advertising on iPhone 5 to 8 Plus devices. [...]

https://www.bleepingcomputer.com/news/security/android-clickfraud-op-impersonates-iphones-to-bump-ad-premiums/