Security Alerts and Updates

April, 2018  (Click listings for more information).
20  Internet Explorer zero-day exploited in the wild by APT group.
19   JavaScript trackers get data from “Login with Facebook” feature.
18   iOS Trustjacking attack exposes iPhones to remote hacking.
18   Microsoft Ports Anti-Phishing Tech. to Google Chrome Ext.
18   Facebook: three reasons we’re tracking non-users.
18   Malware Steals Facebook Credentials & Session Cookies.
18   Google Chrome 66 Released Today Focuses on Security.
16   Russian hackers exploit routers in homes, govs, & infrastructure.
16   How to protect your Facebook data [UPDATED].
16   Tracking protection in Firefox for iOS now on by default.
16   Hijacked router DNS settings redirect users to Android malware.
13   The Week in Ransomware – PUBG Ransomware, Matrix, etc.
13   Android OEMs Caught Lying About Security Patches.
13   Code Injection Technique Helps Malware Stay Undetected.
12   Cyber-espionage groups are using routers in their attacks.
12   Home Routers Are Proxying Bad Traffic for Botnets, APTs.
11    AMD Releases Spectre v2 Microcode Updates for CPUs.
11    Microsoft Half-Patches Old Outlook Vulnerability.
11    Microsoft Removes Antivirus Registry Key Check.
11    Thousands of hacked websites are infecting visitors.
10   Adobe Patches 6 Flash Player Security Bugs, 3 Critical.
10   Microsoft April Patch Tuesday Fixes 66 Security Issues.
10   Google, Microsoft, and Mozilla Back New WebAuthn API.
10   Firefox Also Blocks the Loading of Most FTP Resources.
10   How to Find Out Everything Facebook Knows About You.
08  Bing Chrome Download Ads Pushing Adware/PUP Installers.
06  Week in Ransomware – Office 365 File Restore & Decryptors.
06  Microsoft Adds Anti-Ransomware Features in Office 365.
05  Sears & Delta Airlines suffer card breaches via shared provider.
05  HTTPS Everywhere adds new rulesets without upgrading ext.
05  VirusTotal Launches Droidy, Its New Android Sandbox.
05  Intel Tells Users to Uninstall Remote Keyboard App.
04  Microsoft patches critical flaw in Malware Protection Engine.
04  Some Intel CPU models will never receive microcode updates.
04  macOS update breaks support for many external monitors.
03  Android malware records phone calls & steals private data.
03  Some Chrome VPN Extensions Leak DNS Queries.
03  Android trojan steals data from instant messaging clients.
02  Fake WhatsApp can steal info from your phone.
02 Leaks Millions of Customer Records.
02  Google bans Chrome extensions that mine cryptocurrencies.
01   Cloudflare’s DNS Service – Internet More Private & Faster.

Real-World Protection Test March 2018

March, 2018  (Click listings for more information).
30  150 million MyFitnessPal accounts compromised.
30  The Week in Ransomware  – Mostly Small Variants.
30  Test of over 200 security apps against Android malware (PDF).
29  Microsoft issues security update for Windows 7 & Server 2008.
29  Omitting the “o” in .com Could Be Costly.
29  Facebook Pulling “Partner Categories” Ad Targeting Product.
29  Apple iOS 11.3 includes “Battery Health” beta diagnostic tool.
29  Apple releases security updates for iOS, watchOS, tvOS, & Xcode.
28  Hajime Botnet Makes Massive Scan for MikroTik Routers.
27  QR code bug in Apple iOS 11 could lead you to malicious sites.
27  Firefox Add-On Isolates Facebook Tracking.
27  In-Browser Cryptojacking Is Getting Harder to Detect.
27  Academics Discover New CPU Side-Channel Attack.
27  Mozilla Releases Security Updates for Firefox.
26  Chrome extension detects URL Homograph (Unicode) attacks.
26  What Facebook’s Cambridge Analytica means for your data.
25  IETF Approves TLS 1.3 as Internet Standard.
24  Facebook collected call and SMS data from some smartphones.
23  The week in ransomware – Govt infections, Zenis, and more.
22  How Siri leaks your private iPhone messages, & how to stop her.
22  Opera 52 released with faster ad blocking & new tab features.
21   Firmware updates released for security camera Dumpster Fire.
20  Windows Remote Assistance tool usable for targeted attacks.
20  Orbitz says hacker stole two years’ worth of customer data.
19   One In Every 200 Google Search Suggestions Is Polluted.
18   Firefox master password system poorly secured for past 9 years.
16   Zenis Ransomware encrypts your data & deletes your backups.
16   Yet again, Google tricked into serving scam Amazon ads.
15   Malware attack on 400k PCs caused by a BitTorrent app.
15   Pre-Installed Malware Found On 5 Million Android Phones.
14   Intel Microcode Patches arrive on the Microsoft Update Catalog.
13   Critical vulnerability in CredSSP affects all versions of Windows.
13   Flaws in AMD chips makes bad hacks much, much worse.
13   Flash, Windows Users: It’s Time to Patch.
13   Mozilla Releases Security Updates for Firefox.
12   Ransomware being distributed using fake Craigslist Malspam.
11    Checked Your Credit Since the Equifax Hack?
09  Tech support scammers GeeksHelp caught again, 2 years later.
08  Look-Alike Domains and Visual Confusion.
08  MalwareBytes 3.4.4 release has user interface & engine updates.
07  An interactive malware analysis tool is now open to the public.
07  More Google Play apps attack users with Windows malware.
07  CIGslip attack bypasses Windows Code Integrity Guard (CIG).
06  Microsoft Releases Update to Fix Critical USB Driver Issue.
06  Google Releases Security Update for Chrome.
06  What Is Your Bank’s Security Banking On?
05  Researchers discover severe vulnerabilities in 4G LTE protocol.
03  SgxSpectre attack can extract data from Intel SGX Enclaves.
01   Microsoft to Deliver Intel CPU Fixes via Windows Updates.
01   Equifax finds another 2.4 million Americans hit by breach.
01   AdBlock Adds Feature to Cache Popular JavaScript Libraries.

Real-World Protection Test – February 2018

February, 2018  (Click listings for more information).
28  How to Fight Mobile Number Port-out Scams.
28  EITest Scam Distributing GandCrab & Netsupport Manager.
28  Free Decrypter Available for GandCrab Ransomware Victims.
27  How to protect your computer from malicious cryptomining.
26  Ad network bypasses ad blockers and deploys in-browser miners.
26  USPS starts notifying you if someone is scanning your mail online.
23  FBI warns taxpayers to beware of new scams to steal W-2 info.
22  Here We Go Again: Intel Releases Updated Spectre Patches.
22  Chase ‘Glitch’ Exposed Customer Accounts.
21   Microsoft Fixes Windows 10 Vulnerability, But Doesn’t.
21   uTorrent Client Affected by Some Pretty Severe Security Flaws.
19   Apple Releases Fix for Indian Telugu Character Crash Bug.
19   IRS scam leverages hacked tax preparers, client bank accounts.
18   macOS May Lose Data Due to APFS Filesystem Bug.
17   Google Discloses Microsoft Edge Security Feature Bypass.
16   The Week in Ransomware – February 16th 2018.
15   Using the Chrome Task Manager to Find In-Browser Miners.
15   Mountain of sensitive FedEx customer data exposed.
14   On Feb 15, Chrome will begin to block certain types of online ads.
14   A botnet is exploiting a critical router bug that may never be fixed.
14   Websites use notifications to spam your browser instead of email.
13   Microsoft won’t patch a severe Skype vulnerability anytime soon.
13   Microsoft Patch Tuesday, February 2018 Edition.
13   Panic attack: Apple scams apply pressure.
12   Rapid Ransomware Being Spread Using Fake IRS Malspam.
12   The drive-by currency mining scourge shows no signs of abating.
11    macOS App screenshot feature exposes passwords, tokens & keys.
09  The Week in Ransomware – February 9th, 2018.
09  Free Decryption Tool Released for Cryakl Ransomware.
08  Ransomware Being Distributed Via Malspam Disguised as Receipts.
08  Intel Releases New Spectre Patch Update for Skylake Processors.
07  Lenovo to Recall ThinkPad X1 Carbon Laptops Due to Fire Hazard.
06  CSS Code Can Be Abused to Collect Sensitive User Data.
06  Bitdefender Ironically Stopped Working on Safer Internet Day.
06  Tech-support scammers have a new trick for Chrome users.
06  Adobe Releases Security Updates for Flash Player.

05  Fake Adobe Flash Update Sites Pushing CPU Miners.
02  New Mac cryptominer distributed via a MacUpdate hack.
02  Malicious Chrome Extensions are using Session Replay Scripts.

01   PSA: Beware of Sites Pretending to be Manual Firefox Updates.
01   New Adobe Flash Zero-Day Spotted in the Wild.

January, 2018  (Click listings for more information).
31   First Firefox Addon that Injects an In-Browser Miner?
30  Mozilla Releases Security Update for Firefox.
29  Hard-coded Password Bypasses Lenovo’s Fingerprint Scanner.
29  File Your Taxes Before Scammers Do It For You.
28  Microsoft issues Windows update that disables Spectre Mitigations.
27  Malwarebytes Update Released to Fix High CPU & Memory Usage.
26  Android botnet still thrives 16 months after coming to light.
26  28 Fake Ad Agencies created for Massive Malvertising Campaign.
26  Registered at SSA.GOV? Good for You, But Keep Your Guard Up.
26  Now YouTube serves ads with CPU-draining cryptocurrency miners.
25  Security vulnerabilities fixed in Thunderbird 52.6.
25  Monero Mining Campaigns Are Becoming a Real Problem.
25  Undetectable malware targets Windows, MacOS, and Linux systems.
24  Chrome 64 Released With Strong Popup Blocker, Spectre Mitigations.
23  Dell Advising All Customers To Not Install Spectre BIOS Updates.
23  Apple Releases Security Updates for Multiple Products.
23  Mozilla Fixes Security Vulnerabilities in Firefox 58.
22  Opera blocks in-browser CryptoCurrency mining in mobile browser.
22  Linus Torvalds Thinks the Linux Spectre Patches are UTTER GARBAGE.
21   A new information stealing Trojan called Evrial in wide use.
19   OnePlus confirms up to 40,000 customers affected by credit card breach.
18   Chrome & Firefox extensions block their removal to hijack browsers.
18   Facebook Password Stealing Apps Found on Android Play Store.
17   Some Basic Rules for Securing Your IoT Stuff.
17   How to stop the Meltdown & Spectre patches from slowing down your PC.
16   How to check if your PC or phone is protected against Meltdown & Spectre.
16   Over 500,000 Users Impacted by 4 Malicious Chrome Extensions.
16   Skygofree — Powerful Android Spyware Discovered.
15   List of Links: BIOS Updates for the Meltdown and Spectre Patches.
12   AMD will release CPU microcode updates for Spectre flaw this week.
12   Intel Broadwell & Haswell CPUs experiencing reboots after updates.
12   The First Mac Malware of 2018 Is a DNS Hijacker Called MaMi.
11    Skype Adds End-to-End Encryption for Private Conversations.
10   Mac spyware stole millions of user images over 13 years.
10   macOS High Sierra’s App Store Can Be Unlocked With Any Password.
09  CoffeeMiner project lets you hack public Wi-Fi to mine cryptocoins.
09  Microsoft’s January Patch Tuesday and Adobe Flash Player  updates.
09  No More Windows Security Updates Unless AVs Set a Registry Key.
09  Microsoft Pauses Meltdown and Spectre Patches for AMD Devices.
09  How to Check if Your PC Is Protected Against Meltdown and Spectre.
08  WPA3 WiFi Standard Announced After Researchers KRACKed WPA2.
08  Meltdown and Spectre patches will come to 90%+ of Intel chips soon.
08  More stuff broken amid Microsoft’s efforts to fix Meltdown/Spectre.
08  Microsoft’s Spectre-fixer bricks some AMD PCs.
08  Apple releases iOS and macOS updates with a mitigation for Spectre.
06  HP Is Recalling Some Laptop Models Due to Slight Battery Melting.
06  Qualcomm  confirms its CPUs suffer hack bugs, too.
05  Meltdown CPU fixes are here. Spectre flaws will be around for years.
05  Scary Chip Flaws Raise Spectre of Meltdown.
05  All Mac systems & iOS devices are affected by Meltdown & Spectre flaws.
04  How to Protect Your Devices Against Meltdown and Spectre Attacks.
04  Intel to update firmware for most modern CPUs by the end of next week.
04  How to check & update Windows for the Meltdown and Spectre CPU flaws.
04  Microsoft Releases Updates to Fix Meltdown and Spectre CPU Flaws.
04  Mozilla pushes “Spectre” patch for Firefox.
03  Google Removes 36 Fake Android Security Apps Packed with Adware.
03  Meltdown and Spectre vulnerabilities discovered in modern processors.
03  Huge flaw found in Intel Processors; patch could hurt performance.
02  Security Summary: In Development Heropoint Ransomware.
02  Vulnerabilities Discovered in (GPS) Location Tracking Services.
02  macOS Exploit Published on the Last Day of 2017.
01   Flaw in major browsers allows scripts to steal your saved passwords.
01   Forever 21 confirms breach exposed customer credit card details.