Security

The Washington Post reported earlier today that Apple's relationship with third-party security researchers could use some additional fine tuning. Specifically, Apple's "bug bounty" program—a way companies encourage ethical security researchers to find and responsibly disclose security problems with its products—appears less researcher-friendly and slower to pay than the industry standard.

Security researchers have discovered a new campaign by cyber criminal gang TeamTNT that targets multiple operating systems and applications.

Dubbed Chimaera,  this campaign uses multiple shell/batch scripts, new open source tools, a cryptocurrency miner, the TeamTNT IRC bot, and more, according to AT&T Alien Labs. In an investigation of the group's command and control (C&C) server, researchers said the campaign has been running since July this year and is responsible for thousands of infections globally.

Microsoft has confirmed another Windows 10 vulnerability is being actively exploited, with attackers taking advantage of a security loophole that remains unpatched. Visiting a maliciously designed webpage or opening a compromised document could be enough to allow hackers to take control of your PC, Microsoft admits, though it has a number of threat mitigation suggestions to reduce the risk.

We already know that Windows 11 will officially require a TPM 2.0 module and Secure Boot support for installation when the operating system is released on October 5, but it looks like Riot Games' Vanguard anti-cheat software will be getting in on the fun, too. Users running Vanguard on Windows 11 systems have seen pop-ups notifying them that a TPM 2.0 module and Secure Boot support will both need to be present and enabled before Vanguard-protected games like Valorant will run on a Windows 11 PC.

Yesterday, independent newsroom ProPublica published a detailed piece examining the popular WhatsApp messaging platform's privacy claims. The service famously offers "end-to-end encryption," which most users interpret as meaning that Facebook, WhatsApp's owner since 2014, can neither read messages itself nor forward them to law enforcement.

This claim is contradicted by the simple fact that Facebook employs about 1,000 WhatsApp moderators whose entire job is—you guessed it—reviewing WhatsApp messages that have been flagged as "improper."

Cybersecurity researchers at the US Cyber Command (USCYBERCOM) have urged admins to immediately patch their on-premise Atlassian Confluence collaboration platform, which is at the receiving end of an ongoing attack.

USCYBERCOM put out a public notice on Twitter informing Atlassian users of an active large-scale exploitation campaign that it expects to accelerate.

A team of security researchers has published details this week about a suite of 16 vulnerabilities that impact the Bluetooth software stack that ships with System-on-Chip (SoC) boards from several popular vendors.

The vulnerabilities, collectively known as BrakTooth, allow attackers to crash or freeze devices or, in the worst-case scenarios, execute malicious code and take over entire systems.

Days before Christmas in 2015, Juniper Networks Inc. alerted users that it had been breached. In a brief statement, the company said it had discovered “unauthorized code” in one of its network security products, allowing hackers to decipher encrypted communications and gain high-level access to customers’ computer systems.

Further details were scant, but Juniper made clear the implications were serious: It urged users to download a software update “with the highest priority.”

Remember the Nintendo Wii Mini? It arrived on the market in 2012, after the original Wii had sold millions of units all over the world. With the shiny new Wii U hitting store shelves around the same time, the intention was for the Wii Mini to provide a cut-price, $99 option for gamers on a budget. The problem was that in reducing the cost of the system, Nintendo had to take away many key features, such as online connectivity and the ability to store and load data from a SD card.

A new Android Trojan has been identified by cybersecurity firm Zimperium, which released a report on Monday explaining how the malware has been able to hit more than 10,000 victims in 144 countries. The trojan -- named FlyTrap by Zimperium researchers -- has been able to spread through "social media hijacking, third-party app stores, and sideloaded applications" since March.