We've seen quite a few articles out there telling you to beware if you use the Safari browser, because attackers can spoof URLs!
CS Digest Section: Software Security
Microsoft Patches Recent ALPC Zero-Day in September 2018 Patch Tuesday Updates
The monthly Microsoft security updates --known as the Patch Tuesday updates-- are out, and this month, the OS maker has fixed 62 security flaws, including a recent zero-day vulnerability that was dumped on Twitter last month, and later adopted by a malware campaign.
The Chilling Reality of Cold Boot Attacks
Olle and his fellow cyber security consultant Pasi Saarinen recently discovered a new way to physically hack into PCs. According to their research, this method will work against nearly all modern computers. This includes laptops from some of the world's biggest vendors like Dell, Lenovo, and even Apple.
SpectreRSB: New Attack Targets CPU Return Stack Buffers
A new Spectre-class attack called SpectreRSB has been revealed by researchers.
https://www.zdnet.com/article/spectrersb-new-side-channel-attack-targets-cpu-components/
Hackers Reportedly Stole 600 Gallons of Gas From Detroit Gas Station
Police in Detroit are looking for two suspects who allegedly managed to hack a gas pump and steal over 600 gallons of gasoline, valued at about $1,800. The theft took place in the middle of the day and went on for about 90 minutes, with the gas station attendant unable to thwart the hackers.
https://gizmodo.com/hackers-reportedly-stole-600-gallons-of-gas-from-detroi-1827433411
Microsoft Blocks Embedding SettingContent-ms Files in Office 365 Docs
Microsoft has updated the list of dangerous files it blocks inside Office 365 documents, and has added the ".SettingContent-ms" file format to that list.
The Next Big Cyber-Attack Vector: APIs
With cyber-attacks on enterprise networks becoming more sophisticated, organizations have stepped up perimeter security by investing in the latest firewall, data and endpoint protection, as well as intrusion prevention technologies. In response, hackers are moving to the path of least resistance and looking for new avenues to exploit. Many security experts
https://www.securityweek.com/next-big-cyber-attack-vector-apis
Microsoft Edge Bug Exposes Content From Other Sites via HTML5 Audio Tag
A weird Edge bug that was fixed earlier this month, allows a malicious website to retrieve content from other sites by playing audio files in a malformed manner that produces unintended consequences.
Android P Will Encourage OEMs to Adopt Stronger Biometric Systems
Starting with Android P, device makers will have to pass new security-focused benchmarks for their biometric authentication systems if they want their customers to have a better biometric authentication experience.
https://www.tomshardware.com/news/android-p-strong-biometric-systems,37348.html
Google and Microsoft Reveal New Spectre Attack
Security researchers from Google and Microsoft have found two new variants of the Spectre attack that affects processors made by AMD, ARM, IBM, and Intel.
https://www.bleepingcomputer.com/news/security/google-and-microsoft-reveal-new-spectre-attack/
