Wednesday, December 11, 2019

Microsoft details the most clever phishing techniques it saw in 2019

This year's most clever phishing tricks include hijacking Google search results and abusing 404 error pages.

FBI shares security advice for online shopping

FBI: Use credit cards rather than debit cards, don't use public WiFi, keep your devices updated, and more.

DNA firm GEDmatch now operated by company with police ties, privacy worries surface

Opinion: Now operated by Verogen, will GEDmatch become a treasure trove of data for law enforcement?

TrickBot gang is now a malware supplier for North Korean hackers

North Korean state hackers spotted using Anchor, a new side-project developed by the infamous TrickBot malware gang.

DoJ arrests Ponzi operators planning to retire ‘RAF’ through cryptocurrency scam

It’s not that easy to retire “rich as f*ck” when the police become involved.

Adobe patches 17 critical code execution bugs in Photoshop, Reader, Brackets

Other vulnerabilities resolved include privilege escalation and information leaks.

455,000 Turkish card details put up for sale, web skimmers suspected

Biggest dump of Turkish payment card details recorded in recent years.

Microsoft December 2019 Patch Tuesday plugs Windows zero-day

The December 2019 Patch Tuesday fixes 36 vulnerabilities, of which seven are rated "Critical."

New Plundervolt attack impacts Intel CPUs

Intel desktop, server, and mobile CPUs are impacted. Intel has released firmware patches today.

Chrome 79 released with tab freezing, back-forward caching, and loads of security features

Chrome 79 also ships with support for predictive phishing, for real-time Safe Browsing detections, and a built-in Password Checkup tool.

Google Maps Incognito Mode rolled out for Apple iOS

iOS users will be able to take advantage of the privacy feature already available on Android handsets.

NordVPN launches promised bug bounty program

NordVPN was galvanized into action after an attacker compromised one of its servers.

Snatch ransomware reboots PCs in Windows Safe Mode to bypass antivirus apps

Unlike most ransomware strains, the Snatch ransomware also steals files from infected networks.

Ryuk ransomware contains a bug causing data loss for some victims

Cyber-security firm Emsisoft said it found a bug in Ryuk's decrypter app that makes file recovery impossible, even after paying the ransom demand.

Microsoft to help Office 365 customers track entire phishing campaigns, not just lone emails

Microsoft rolls out Campaign Views in public preview for Office 365 ATP customers.

Reveton ransomware schemer stripped of six years of freedom, £270,000, and a Rolex

UK prosecutors say 25-year-old computer science student needs to pay up or face more time behind bars.

Fortnite on Google Play: Is a 30% cut worth the security benefits?

Opinion: Google says there are no exceptions. Should Epic Games bite the bullet?

Chinese government to replace foreign hardware and software within three years

New Beijing "5-3-2" policy to give local tech scene a boost to the detriment of foreign companies.

Bypass discovered to allow Windows 7 Extended Security Updates on all systems

Windows hobbyists discover a way to enable (paid) Windows 7 Extended Security Updates on all systems.

Interview with one of the world’s best competitive bug hunters

Meet Amat Cama, winner of three consecutive Pwn2Own competitions.
SC Magazine

Pensacola confirms ransomware attack

Pensacola officials confirmed that an ongoing cyberattack that began early Saturday morning is a ransomware attack. While the city did not release any additional details, the Pensacola News Journal said city spokeswoman Kaycee Lagarde confirmed the attack included a ransom, something that...

Trickbot Operators Now Selling Attack Tools to APT Actors

North Korea's Lazarus Group - of Sony breach and WannaCry fame - is among the first customers.
Brian Krebs

The Great $50M African IP Address Heist

A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions...

Intel Issues Fix for ‘Plundervolt’ SGX Flaw

Researchers were able to extract AES encryption key using SGX's voltage-tuning function.

How to stop spam calls right now

Spam calls drive us all crazy. Here are four ways to stop robocalls and other unsolicited phone calls.