WordPress-Related Vulnerabilities Tripled in 2018

WordPress-related vulnerabilities have seen a 300% increase in 2018 compared to the previous year, a recent study has found. Most of the bugs were in the plugins that extend the functionality of WordPress websites. [...]

https://www.bleepingcomputer.com/news/security/wordpress-related-vulnerabilities-tripled-in-2018/

Apple Orders 10 Percent Production Cut for New iPhone Models

Apple ordered its suppliers to cut down the number of new iPhone model units coming off their production lines right before Tim Cook published his letter to the Apple investors at the beginning of the month. [...]

https://www.bleepingcomputer.com/news/apple/apple-orders-10-percent-production-cut-for-new-iphone-models/

Windows 10 Build 18312 (19H1) Released With Reserved Storage Implementation

Windows 10 Preview Build 18312 is now available for Insiders in the Fast Ring and it comes with Reserved Storage implementation, improved Reset page UI, Windows Subsystem for Linux Command Line Tool improvements. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-build-18312-19h1-released-with-reserved-storage-implementation/

Using Google Knowledge Graph to Spoof Search Results

Google's Knowledge Graph, the informational panel displayed next to the results of popular search queries, can be spoofed to show arbitrary details, regardless of the input in the Google search box. [...]

https://www.bleepingcomputer.com/news/security/using-google-knowledge-graph-to-spoof-search-results/

Google Rolls Out Activity Cards to Help You Find Past Searches

Google is currently rolling out an activity cards feature teased in a September blog post and allowing users to see search results found in the past while searching for similar terms. Released for mobile web and Google app users. [...]

https://www.bleepingcomputer.com/news/google/google-rolls-out-activity-cards-to-help-you-find-past-searches/

Hyatt Launches Public Bug Bounty Program on HackerOne

Today Hyatt Hotels Corporation announced the release of their public bug bounty program on Hacker One. Using this program, researchers can be rewarded for reporting vulnerabilities on three Hyatt web sites and their mobile applications for Android and iOS. [...]

https://www.bleepingcomputer.com/news/security/hyatt-launches-public-bug-bounty-program-on-hackerone/

AMD Unveils 7nm Radeon VII GPU as Response to NVIDIA's RTX 2080

The AMD Radeon VII graphics chip is built using the enhanced second-generation Vega architecture and a 7nm process technology, and will come with DirectX 12 and Vulkan support, as well as a $699 price tag [...]

https://www.bleepingcomputer.com/news/hardware/amd-unveils-7nm-radeon-vii-gpu-as-response-to-nvidias-rtx-2080/

Google Adds DNS-over-TLS Support to Its Public DNS Service

Google's Public DNS service now comes with support for the DNS-over-TLS security protocol which wraps DNS queries and answers using the Transport Layer Security protocol [...]

https://www.bleepingcomputer.com/news/google/google-adds-dns-over-tls-support-to-its-public-dns-service/

Google Chrome Ad Blocker Expands Worldwide Starting July 9th

With the release of Chrome 71 last December, Google started to filter ads in North America and Europe on sites that repeatedly displayed abusive advertisements.  Today, Google has announced that they will be expanding their ad filter to the rest of the world starting on July 9th 2019. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-ad-blocker-expands-worldwide-starting-july-9th/

Reddit Users Locked Out of Their Accounts for Unusual Activity

Accounts of some Reddit users have been locked down due to irregular behavior that could suggest unauthorized access. The Reddit security team plans on allowing a password reset on affected accounts in a few hours' time. [...]

https://www.bleepingcomputer.com/news/security/reddit-users-locked-out-of-their-accounts-for-unusual-activity/

Microsoft Patches Remote Code Execution Vulnerability in Exchange Server

The security update applies to Microsoft Exchange Server 2019, 2016, and 2013 [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-remote-code-execution-vulnerability-in-exchange-server/

New ServHelper Backdoor and FlawedGrace RAT Pushed by Necurs Botnet

Malware researchers discovered two new malware families distributed through phishing campaigns last year from the Necurs botnet: ServHelper backdoor with two variants and FlawedGrace remote access trojan (RAT). [...]

https://www.bleepingcomputer.com/news/security/new-servhelper-backdoor-and-flawedgrace-rat-pushed-by-necurs-botnet/

Unprotected MongoDB Exposes Over 200 Millions Resumes

A huge MongoDB database containing over 200 million records with resumes from job seekers in China stayed accessible without authentication for at least one week to anyone able to locate it. The size of the cache weighed 854GB. [...]

https://www.bleepingcomputer.com/news/security/unprotected-mongodb-exposes-over-200-millions-resumes/

Firefox 65 to Show Certificates Used in Man-in-the-Middle SSL Attacks

In Firefox 61, Mozilla added a new error message called "MOZILLA_PKIX_ERROR_MITM_DETECTED" that warns a user that a program is attempting to perform a man-in-the-middle SSL attack. In Firefox 65, Mozilla has revised the accompanying info to explain that software, such as an antivirus program, could be the cause of this error. [...]

https://www.bleepingcomputer.com/news/security/firefox-65-to-show-certificates-used-in-man-in-the-middle-ssl-attacks/

Linux systemd Affected by Memory Corruption Vulnerabilities, No Patches Yet

Security researchers have disclosed three vulnerabilities that affect a system service part of 'systemd,' a core component in Linux that manages system processes after the boot process. [...]

https://www.bleepingcomputer.com/news/security/linux-systemd-affected-by-memory-corruption-vulnerabilities-no-patches-yet/

Criminals Grabbed at Least 4,3 Percent of All Monero Coins on the Market

Crooks earned roughly 57 million USD in a 4 year. period s by taking advantage of other people's hardware to mine for Monero and by using large botnets as a tool towards quick illegal monetary gains of more than $1 million per month [...]

https://www.bleepingcomputer.com/news/security/criminals-grabbed-at-least-4-3-percent-of-all-monero-coins-on-the-market/

Windows KB4480960 & KB4480970 Updates Causing Network and License Problems

On January 8th, Microsoft released the KB4480960 and KB4480970 updates for Windows 7 SP1 and Windows Server 2008 R2 SP1, which have been causing networking and licensing havok for users and organizations that have installed them. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-kb4480960-and-kb4480970-updates-causing-network-and-license-problems/

U.S. Government Shutdown Leaves Its Sites Insecure, TLS Certs Expired

The websites of the U.S. Department of Justice, NASA, and the Court of Appeals are some of the ones hit by the government's failure to extend around 80 TLS certificates used on .gov domains [...]

https://www.bleepingcomputer.com/news/security/us-government-shutdown-leaves-its-sites-insecure-tls-certs-expired/

Microsoft 365 Business Gets Self Service Password Reset Writeback

Microsoft 365 Business users can now change their passwords in the cloud using the SSPR feature and have it written back to on-premises directories in real time [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-365-business-gets-self-service-password-reset-writeback/

Microsoft Releases Cumulative Update KB4476976 To Fix Action Center Issues

At the moment this update is available for Windows Insiders in the Release Preview ring only and it appears as the 2019-01 Cumulative Update for Windows 10 Version 1809 in Windows Update [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-cumulative-update-kb4476976-to-fix-action-center-issues/