Microsoft to Stop Supporting Cortana on Android and iOS

From bleepingcomputer.com

Cortana

Microsoft has announced that they will no longer support the Cortana digital personal assistant app on Android and iOS devices starting in 2020.

In support articles for the UK, Australian, and Canadian markets, Microsoft has stated that they will no longer support the Cortana digital assistant apps on iOS and Android stating on January 31st, 2020. Instead, Microsoft will be integrating Cortana into the Microsoft 365 productivity apps.

Read more…

Just-Released Checkra1n iPhone Jailbreak Stirs Security Concerns

From threatpost.com

Checkra1n iphone jailbreak

Now that the checkm8 BootROM vulnerability has a working exploit, security pros are warning of potential attacks.

With the checkra1n iPhone jailbreak now available, security experts are urging mobile-device managers to keep on their toes as the powerful new tool becomes available to hackers and iPhone users who may recklessly use it.

Jailbreaking is the process of hacking these devices to bypass DRM restrictions, allowing users to run unauthorized and custom software, and to make other tweaks to iOS.

The security concerns around checkra1n are multifaceted. One risk factor is users jailbreaking their own iOS devices, making them susceptible to rogue or unstable apps downloaded from outside of Apple’s curated App Store.

Read more…

Following the Latest YouTube Scam, Here’s What You Need to Know About Malware Attacks Delivered Through Videos

From cyware.com

youtube,video,iphone,computer,service,laptop,mac,business,phone,ios,cell,6,apple,blanco,cellphone,cellular,concept,device,display,editorial,frame,illustrative,inc.,internet,key,keyboard,macbook,media,message,mobile,modern,multimedia,network,notebook,pad,pda,photography,plus,retina,screen,shine,smart,smartphone,social,tab,tablet,technology,telephone,touch

The latest YouTube scam

Recently, researchers identified a new scam on YouTube that delivers information-stealing malware.

  • The particular video promotes a tool that can apparently generate a private key for a bitcoin address.
  • This key is claimed to offer access to the bitcoins in the address.
  • The video’s description provides links to download the tool. When users download from the link, Predator the Thief information-stealing Trojan is installed on the machine.

Read more…

MITRE ATT&CK October Update: Extending to the Cloud

From securityboulevard.com

MITRE’s ATT&CK framework is ever evolving. The latest October update extends enterprise coverage to the cloud and adds a considerable list of cloud-specific adversarial techniques. The cloud has seen phenomenal growth over the past few years, as it offers businesses flexibility, reliability and cost-savings. Along with this growth comes new security risks and high value targets for nation state actors and cyber criminals.

In 2014, source code hosting provider Code Spaces was forced to shut down after an attacker gained access to its AWS IAM and destroyed its entire cloud infrastructure. More recently, a software engineer was arrested after stealing sensitive data, including details pertaining to 106 million credit card applications, from Capital One though a misconfigured AWS S3 bucket.

Read more…

GoogleCrashHandler.exe – a file that normally is a part of Google Updater but has been flagged as suspicious or malicious by 36 AV engines

From 2-spyware.com

GoogleCrashHandler.exe

GoogleCrashHandler.exe technically is a regular component of Google Updater by Google that is a package management tool. This product holds the ability to automatically update, download, install, and delete various computer applications. Google Updater has been released in 2006 as an element of Google Pack but has no longer been supported since 2011. Currently, the program is no longer available and finding GoogleCrashHandler.exe on your computer system might be a sign of some type of potentially unwanted program, Trojan horse, or another type of infection secretly residing.

Read more…

TriNet sent remote workers an email that some thought was a phishing attack

From techcrunch.com

Envelope Shape Bokeh Backdrop

It was the one of the best phishing emails we’ve seen… that wasn’t.

Phishing remains one of the most popular attack choices for scammers. Phishing emails are designed to impersonate companies or executives to trick users into turning over sensitive information, typically usernames and passwords, so that scammers can log into online services and steal money or data. But detecting and preventing phishing isn’t just a user problem — it’s a corporate problem too, especially when companies don’t take basic cybersecurity precautions and best practices to hinder scammers from ever getting into a user’s inbox.

Read more…