Exploit Code for the Kubernetes Flaw Is Now Available

The recently disclosed critical-impact bug in Kubernetes created strong ripples in the security world of the container-orchestration system. Now, multiple demo exploits exist and come with easy-to-understand explanations. [...]

https://www.bleepingcomputer.com/news/security/exploit-code-for-the-kubernetes-flaw-is-now-available/

Microsoft's New Edge Browser to Support Chrome Extensions - Even Malicious Ones

Microsoft has confirmed that the upcoming Chromium-based Edge browser will also be able to run Chrome extensions. While this will greatly expand the functionality of the browser, it will also open it up to the increasing amount of malicious Chrome extensions that are seen on a daily basis. [...]

https://www.bleepingcomputer.com/news/security/microsofts-new-edge-browser-to-support-chrome-extensions-even-malicious-ones/

Android Clickfraud Op Impersonates iPhones to Bump Ad Premiums

A mobile clickfraud campaign used 22 Android apps to trick online advertisers into paying the higher price for advertising on iPhone 5 to 8 Plus devices. [...]

https://www.bleepingcomputer.com/news/security/android-clickfraud-op-impersonates-iphones-to-bump-ad-premiums/

Bug in Google+ API Puts at Risk Privacy of over 52 Million Users

Non-public details on about 52.5 million Google+ profiles were accessible to developers of apps requesting permission to view data the user had configured to remain private. [...]

https://www.bleepingcomputer.com/news/security/bug-in-google-api-puts-at-risk-privacy-of-over-52-million-users/

Windows 10 Insider Build 18298 Brings New Features and Improvements

Microsoft has released Windows 10 Insider Preview Build 18298 (19H1) to insiders in the Fast ring. This build contains numerous new features and improvements including the ability to setup a security key directly from the Sign-in options screen, a new file explorer icon, Start Menu changes, mouse cursor options, and more.  [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-18298-brings-new-features-and-improvements/

Seedworm Spy Gang Stores Malware on GitHub, Keeps Up with Infosec Advances

The relatively new espionage group Speedworm proves to be highly adaptive by using GitHub to keep their malware and by carefully observing the developments on the infosec scene via social networking services. [...]

https://www.bleepingcomputer.com/news/security/seedworm-spy-gang-stores-malware-on-github-keeps-up-with-infosec-advances/

Hackers Steal Over 40k Logins for Gov Services in 30 Countries

More than 40,000 users victims of phishing attacks had their credentials for unlocking online accounts for government services stolen. The information might have already been sold on underground hacker forums [...]

https://www.bleepingcomputer.com/news/security/hackers-steal-over-40k-logins-for-gov-services-in-30-countries/

Cobalt Bank Robbers Use New ThreadKit Malicious Doc Builder

The Cobalt hacking group specialized in breaching the networks financial institutions and banks is now using a new variant of the ThreadKit exploit builder kit for Microsoft Office documents. [...]

https://www.bleepingcomputer.com/news/security/cobalt-bank-robbers-use-new-threadkit-malicious-doc-builder/

Mozilla Firefox 64.0 Released - Here's What's New

Mozilla has released Firefox 64 and it comes with new features such as the Contextual Feature Recommender, multi-tab selections, an improved Task Manager, and native Windows 10 sharing support. [...]

https://www.bleepingcomputer.com/news/software/mozilla-firefox-640-released-heres-whats-new/

Windows 10 Cumulative Updates Released With Fix for Windows Media Player

The December 2018 cumulative updates are now available for supported versions of Windows 10. Today's update for Windows 10 has addressed the security and non-security issues. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-updates-released-with-fix-for-windows-media-player/

Microsoft December 2018 Patch Tuesday Fixes Actively Used Zero-Day Vulnerability

Today is Microsoft's December 2018 Patch Tuesday, which means it is time to update your computer so that you are protected from the latest threats to Windows and Microsoft products. Two of the patched critical vulnerabilities are known to have been used in the wild, so it is important that these updates are installed immediately. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-december-2018-patch-tuesday-fixes-actively-used-zero-day-vulnerability/

Updates Released For Critical Vulnerabilities in Adobe Acrobat and Reader

Today, Adobe released security updates that fix numerous critical vulnerabilities in Adobe Acrobat and Reader. This was a massive update, with over 87 vulnerabilities being patched by Adobe. [...]

https://www.bleepingcomputer.com/news/security/updates-released-for-critical-vulnerabilities-in-adobe-acrobat-and-reader/

Android Malware Tricks User to Log into PayPal to Steal Funds

An Android malware posing as a battery optimization app social engineers its way into stealing funds from PayPal users, despite two-factor authentication protection, by simply prompting them to log into the app. [...]

https://www.bleepingcomputer.com/news/security/android-malware-tricks-user-to-log-into-paypal-to-steal-funds/

Windows 10 Notepad is Getting Better UTF-8 Encoding Support

In the latest Windows 10 Insider build, Microsoft has released a new version of Notepad that includes changes that bring it closer to what we have come to expect from modern text file editors. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-notepad-is-getting-better-utf-8-encoding-support/

Op 'Sharpshooter' Uses Lazarus Group Tactics, Techniques, and Procedures

A new advanced threat actor has emerged on the radar, targeting organizations in the defense and the critical infrastructure sectors with fileless malware and an exploitation tool that borrows code from a trojan associated with the Lazarus group [...]

https://www.bleepingcomputer.com/news/security/op-sharpshooter-uses-lazarus-group-tactics-techniques-and-procedures/

Taxpayer ID Numbers for 120 Million Brazilians Exposed Online

A misconfigured server exposed the taxpayer identification numbers, or Cadastro de Pessoas Físicas (CPFs), for 120 million Brazilian nationals for an unknown period of time. [...]

https://www.bleepingcomputer.com/news/security/taxpayer-id-numbers-for-120-million-brazilians-exposed-online/

New LamePyre macOS Malware Sends Screenshots to Attacker

The world of macOS malware has a new member that makes no effort to keep appearances and looks rather like a bare-bones version that is still under development. [...]

https://www.bleepingcomputer.com/news/security/new-lamepyre-macos-malware-sends-screenshots-to-attacker/

Shamoon Disk-Wiping Malware Re-emerges with Two New Variants

Two new samples of the Shamoon data have been discovered in the wild, after a period of silence that lasted for about two years. [...]

https://www.bleepingcomputer.com/news/security/shamoon-disk-wiping-malware-re-emerges-with-two-new-variants/

New Bomb Threat Email Scam Campaign Demanding $20K in Bitcoin

A new twist in the scam extortion emails that have been so popular recently is a new email campaign that contains a bomb threat stating they will detonate a bomb if the recipient does not send a $20,000 USD bitcoin payment. [...]

https://www.bleepingcomputer.com/news/security/new-bomb-threat-email-scam-campaign-demanding-20k-in-bitcoin/

WordPress Security Patch Addresses Privacy Leak Bug

WordPress released a security patch for its software, fixing seven vulnerabilities in version 5.0.1. One of them stands out as it allows search engines to index email addresses and even passwords. [...]

https://www.bleepingcomputer.com/news/security/wordpress-security-patch-addresses-privacy-leak-bug/