A zero-day vulnerability in Windows 10 has just been made public, and it’s a hole that could potentially be exploited to take control of your PC.

The security flaw was revealed by Twitter user SandboxEscaper in controversial fashion – more on that later – and it’s a privilege escalation bug (with a proof of concept provided)…

http://feedproxy.google.com/~r/techradar/allnews/~3/RDcGflgEEnY/windows-10-zero-day-security-hole-gets-publicly-outed

According to a new project uploaded to the Chromium team’s code review site, users may soon be able to login into Windows 10 using their Google G Suite accounts. This new feature uses a “Google Credential Provider” that will allow Windows to authenticate enterprise users against their company’s G Suite account and possibly regular Google accounts…

https://www.bleepingcomputer.com/news/google/you-may-soon-be-able-to-log-into-windows-10-using-a-google-account/

Google Security Researchers discovered a Man-in-the-Disk (MitD) which allows other applications to Hijack Fortnite app’s installation process and install other malicious applications with root level permissions. The Fortnite Game Developer Epic Games have released patches for the vulnerability. Please Refer to the Man In The Disk Article for more information on how the attack works What is a MitD Attack? In layman’s terms, the MitD attacks are possible when Android apps store data in External Storage mediums rather than the provided highly secure internal storage space. The attacker can potentially tamper with the application data as it is shared by all the applications. The Fortnite app is vulnerable to this attack since the actual app in the play store does not contain the game but just the installer. Once the app is installed by the installer using the External Storage, users can play the game. “Any app with the WRITE_EXTERNAL_STORAGE permission can substitute the APK immediately after the download is finished and the fingerprint is verified. This is easily done using a FileObserver. The Fortnite Installer will continue to install the substituted (fake) APK,” a Google researcher wrote in a bug report recently made public…

https://latesthackingnews.com/2018/08/28/android-application-fortnite-vulnerable-to-man-in-the-disk-attack/

The sextortion email scam last month that invoked a real password used by each recipient and threatened to release embarrassing Webcam videos almost certainly was not the work of one criminal or even one group of criminals. Rather, it’s likely that additional spammers and scammers piled on with their own versions of the phishing email after noticing that some recipients were actually paying up. The truth is we may never find out who’s responsible, but it’s still fun to follow some promising leads and see where they take us…

https://krebsonsecurity.com/2018/08/whos-behind-the-screencam-extortion-scam/

Microsoft says it has taken down six malicious websites targeting American politics that had been maintained by the same Russian military intelligence agency that hacked and leaked Hillary Clinton’s emails during the 2016 election…

https://www.buzzfeednews.com/article/kevincollier/microsoft-just-took-down-six-phishing-domains-the-russian

Once again, a medical data breach has exposed thousands of patients. This time, the victims primarily include citizens of the state of Georgia. Reportedly, the Augusta University Health suffered data breach due to multiple phishing attacks over the year. Regretfully, the breach has exposed around 417,000 records…

https://latesthackingnews.com/2018/08/19/augusta-university-health-exposed-417k-records-due-to-phishing-attacks/