Security Alerts and Updates

January, 2018  (Click listings for more information).
21   A new information stealing Trojan called Evrial in wide use.
18   Chrome & Firefox extensions block their removal to hijack browsers.
17   Some Basic Rules for Securing Your IoT Stuff.
17   How to stop the Meltdown & Spectre patches from slowing down your PC.
16   How to check if your PC or phone is protected against Meltdown & Spectre.
16   Over 500,000 Users Impacted by 4 Malicious Chrome Extensions.
16   Skygofree — Powerful Android Spyware Discovered.
15   List of Links: BIOS Updates for the Meltdown and Spectre Patches.
12   AMD will release CPU microcode updates for Spectre flaw this week.
12   Intel Broadwell & Haswell CPUs experiencing reboots after updates.
12   The First Mac Malware of 2018 Is a DNS Hijacker Called MaMi.
11    Skype Adds End-to-End Encryption for Private Conversations.
10   Mac spyware stole millions of user images over 13 years.
10   macOS High Sierra’s App Store Can Be Unlocked With Any Password.
09  CoffeeMiner project lets you hack public Wi-Fi to mine cryptocoins.
09  Microsoft’s January Patch Tuesday and Adobe Flash Player  updates.
09  No More Windows Security Updates Unless AVs Set a Registry Key.
09  Microsoft Pauses Meltdown and Spectre Patches for AMD Devices.
09  How to Check if Your PC Is Protected Against Meltdown and Spectre.
08  WPA3 WiFi Standard Announced After Researchers KRACKed WPA2.
08  Meltdown and Spectre patches will come to 90%+ of Intel chips soon.
08  More stuff broken amid Microsoft’s efforts to fix Meltdown/Spectre.
08  Microsoft’s Spectre-fixer bricks some AMD PCs.
08  Apple releases iOS and macOS updates with a mitigation for Spectre.
06  HP Is Recalling Some Laptop Models Due to Slight Battery Melting.
06  Qualcomm  confirms its CPUs suffer hack bugs, too.
05  Meltdown CPU fixes are here. Spectre flaws will be around for years.
05  Scary Chip Flaws Raise Spectre of Meltdown.
05  All Mac systems & iOS devices are affected by Meltdown & Spectre flaws.
04  How to Protect Your Devices Against Meltdown and Spectre Attacks.
04  Intel to update firmware for most modern CPUs by the end of next week.
04  How to check & update Windows for the Meltdown and Spectre CPU flaws.
04  Microsoft Releases Updates to Fix Meltdown and Spectre CPU Flaws.
04  Mozilla pushes “Spectre” patch for Firefox.
03  Google Removes 36 Fake Android Security Apps Packed with Adware.
03  Meltdown and Spectre vulnerabilities discovered in modern processors.
03  Huge flaw found in Intel Processors; patch could hurt performance.
02  Security Summary: In Development Heropoint Ransomware.
02  Vulnerabilities Discovered in (GPS) Location Tracking Services.
02  macOS Exploit Published on the Last Day of 2017.
01   Flaw in major browsers allows scripts to steal your saved passwords.
01   Forever 21 confirms breach exposed customer credit card details.

December, 2017  (Click listings for more information).
30  Browser data leakage bug – Mozilla to delete info just in case.
29  Apple Will Discount Future Battery Replacements for iPhones.
29  Chrome Extension Caught Pushing Cryptocurrency Miner.
29  Critical Bypass Flaw Found in Samsung Android Browser.
28  Four Years After Target, the Little Guy is the Target.
27  Malicious apps could guess your phone’s PIN using sensors data.
27  Web Trackers Exploit Flaw in Browsers to Steal Usernames.
25  Vulnerability Affects Hundreds of Thousands of IoT Devices.
25  Mozilla Releases Security Update for Thunderbird.
23  Facebook will alert you when someone else uploads a photo of you.
22  Satori IoT Botnet Exploits Zero-Day to Zombify Huawei Routers.
22  NVIDIA Ends Driver Support for 32-Bit Operating Systems.
22  Opera 50 to Include Cryptojacking Protection.
22  Facebook phishers want you to “Connect with Facebook”.
21   New Facebook Feature Will Help Users Spot Phishing Attempts.
21   Digmine Malware Spreading via Facebook Messenger.
21   Apple Admits Deliberately Slowing Older iPhones — Here’s Why.
20  Amazon S3 Bucket Exposes Details on 123 Million US Households.
20  Windows 10 password manager bug is hiding good news.
20  Tech support scammers make browser lockers more resilient.
19   Microsoft Word slams the door on DDEAUTO malware attacks.
19   Buyers Beware of Tampered Gift Cards.
19   Currency-mining Android malware can physically harm phones.
18   Mobile Menace Monday: upping the ante on Adups.
15  Win 10 version of Keeper had bug allowing sites to steal passwords.
14   FCC Just Killed Net Neutrality—What Does This Mean?
14   Attack on Critical Infrastructure Site Causes Outage.
14   What’s in your Android’s December Security Update?
14   Google Releases Security Update for Chrome.
13   Remote ‘Root’ Exploit Disclosed in AT&T DirecTV WVB Devices.  
13   Apple Releases Security Updates.
12   Patch Tuesday, December 2017 Edition.
12   iOS Jailbreak Exploit Published by Google.
08  Pre-Installed Keylogger Found On Over 460 HP Laptop Models.
08  Android Flaw Lets Hackers Inject Malware Into Apps.
08  Phishing embraces HTTPS, hoping you’ll “check for the padlock”.
07  Microsoft Issues Emergency Windows Security Update.
07  New Malware Evasion Technique Works On All Windows Versions.
07  Mozilla Releases Security Update for Firefox.
06  Google Releases Security Update for Chrome.
06  Apple Releases Multiple Software Security Updates.
06  Use TeamViewer? Fix this dangerous permissions bug.
05  Email Spoofing Flaw Affects Over 30 Popular Email Clients.
05  Keyboard App collects personal data on its 31 million users.
04  Smile, you’re on hidden webcam Airbnb TV.
04  Yet another flaw in Apple’s “iamroot” bug fix.
02  Security vulnerabilities fixed in Firefox 57.0.1.
01   
PayPal phish asks to verify transactions—don’t do it.

Real-World Protection Test July – November 2017

November, 2017  (Click listings for more information).
30  HP installs telemetry bloatware on your PC-here’s how to remove it.
29  Websites mine cryptocurrency even when you close your browser.
29  Internet-paralyzing Mirai botnet comes back with new strain.
29  Apple Releases macOS High Sierra Security Update.
28  Hackers Exploit Recently Disclosed Microsoft Office Bug.
28  Bug in macOS lets you log in as admin with no password required.
27  Terror Exploit Kit Goes HTTPS All The Way.
26  Botnet Just Sent 12.5 Million Emails With Scarab Ransomware.
24  Imgur—Popular Image Sharing Site Was Hacked In 2014.
23  MS Office feature could be used to create self-replicating malware
21   Uber Paid Hackers to Delete Stolen Data on 57 Million People.
21   Critical flaws in Intel Processors leave millions of PCs vulnerable.
21   Android Location Data collected when Location Service is disabled.
20  Fund Targets Victims Scammed Via Western Union.
20  Windows ASLR Vulnerability.
20  Amazon to fix Key home security vulnerability.
20  OSX.Proton spreading through fake Symantec blog.
20  BankBot returns on Play Store – A recurring Android malware.
20  Amazon Echo and Google Home patched against BlueBorne threat.
20  No, you’re not paranoid. Sites really are watching your every move.
17   Banking Trojan can now steal Facebook, Twitter & Gmail accounts.
16   Security Tip – Securing the Internet of Things.
15   20 Million Amazon Echo & Google Home Devices Vulnerable.
15   Ransomware-spreading hackers sneak in through RDP.
14   Adobe, Microsoft Patch Critical Cracks.
14  Mozilla today launched Firefox 57, branded Firefox Quantum.
14  Mozilla Releases Security Updates.
14  Google takes strict steps against Apps abusing accessibility services.
14  Google study reveals how criminals break into Gmail accounts.
13   How to Opt Out of Equifax Revealing Your Salary History.
13   Hackers say they broke Apple’s Face ID.  We’re not convinced.
11    New Microsoft Word attacks infect PCs sans macros.
10   Microsoft introduces highly secure Windows 10 device standards.
10   How AV Can Open You to Attacks.
09  Microsoft Office Dynamic Data Exchange (DDE) Exploit.
08  Cryptojacking craze that drains your CPU now done by 2,500 sites.
06  Simple Banking Security Tip: Verbal Passwords.
06  Google Releases Security Update for Chrome.
03  Forgeries undermine the trust people place in digital certificates.
03  Smart Lock & iCloud Keychain, password managers for the rest of us.
03  Fake version of the WhatsApp messaging app for Android fools many.
02  iPhones get a KRACK patch and a Wi-Fi 0-day on the same day.
02  Equifax Reopens Salary Lookup Service.
01   Mind these digital crimes and arm yourself against them.

Real-World Protection Test – October 2017 (Graph)

Malware Removal Test 2017 (PDF)

October, 2017  (Click listings for more information).
31   Apple Releases Multiple Security Updates.
30  Firefox 58 to Block Canvas Browser Fingerprinting.
30  Sites and apps are exhausting your CPU to mine cryptocurrency.
30  Spoofing Links on Facebook.
27  Fear the Reaper, or Reaper Madness?
27  The iOS privacy loophole that’s staring you right in the face.
26  Please Don’t Buy This:  Smart Locks.
26  Google Releases Security Updates for Chrome.
25  Kaspersky says it didn’t knowingly help Russia steal NSA secrets.
24  Dell Lost Control of Key Customer Support Domain for a Month.
23  Reaper: Calm Before the IoT Security Storm?
22  Office DDE attack works in Outlook too – here’s what to do.
22  Google to add “DNS over TLS” security feature to Android OS.
20  Mac Malware OSX.Proton Strikes Again.
20  More Trouble in Google Play Land.
19   Microsoft Word DDE Exploit Being Used in Malware Attacks.
17   Impact of Security Software on System Performance (PDF).
17   Google Releases Security Updates for Chrome.
17   Yet more mobile adware found in Google Play.
16   Serious Crypto Flaw in Private RSA Keys Used in Billions of Devices.
16   List of Firmware & Driver Updates for KRACK WPA2 Vulnerability.
16   What You Should Know About the ‘KRACK’ WiFi Security Weakness.
16   Adobe Releases Security Updates for Flash Player.
16   Chrome & Firefox smoked by Edge in browser phishing test.
15   Flaw in WPA2 lets attackers intercept passwords and much more.
13   Google Embarrassed by Fake Adblocker That Served Ads.
12   Scam Alert: Your Trusted Friends Can Hack Your Facebook Account.
12   Equifax rival TransUnion also sends site visitors to malicious pages.
12   MS Office feature allows malware execution without macros enabled.
12   Equifax website borked again, redirects to fake Flash update.
11    Mozilla Releases Security Update for Thunderbird.
11    Watch out for these high-pressure Apple malware scams.
11    Microsoft’s October Patch Batch Fixes 62 Flaws.
10   Beware of sketchy iOS popups that want your Apple ID.
10   Kaspersky AV caught helping Russian hackers steal NSA secrets.
10   Equifax Hackers Also Stole Info on 693,665 UK Residents.
09  iPhone’s new “off” switch leaves Bluetooth and Wi-Fi turned on.
09  A week in security (October 02 – October 08).
08  Equifax Breach Fallout: Your Salary History.
06  Out of character: Homograph attacks explained.
06  Update your Androids, the October patches are out.
05  Chrome turns the screw ever tighter in Google’s encryption crusade.
05  Apple Releases macOS High Sierra 10.13 Supplemental Update.
04  Fear Not: You, Too, Are a Cybercrime Victim!
03  Code-execution flaws threaten users of routers, Linux, and other OSes.
03  Every Yahoo account that existed was compromised in 2013 hack.
03  Apple Releases Security Update for iOS.
03  The Google tracking feature you didn’t know you’d switched on.
02  Equifax says an additional 2.5 million impacted by data breach.
01   A week in security (September 25 – October 01).