It’s been a rough week for security issues at Dell. A serious security vulnerability in the company’s SupportAssist software was disclosed by cybersecurity firm SafeBreach, and revealed to effect not only Dell machines but also other OEMs which used the rebranded software on their computers. Dell swiftly released a patch for the vulnerability which was made available on Friday. If you have a Dell machine, you should update it straight away…

https://www.digitaltrends.com/web/dell-supportassist-second-vulnerability/

The revelation that a Raspberry Pi helped enable an April 2018 hack of JPL arrived courtesy of the U.S. Office of the Inspector General (OIG) on June 18. OIG said in its report that JPL “has experienced several notable cybersecurity incidents that have compromised major segments of its IT network” in the last decade, with the April 2018 hack being “used to steal approximately 500 megabytes of data from one of its major mission systems.”..

https://www.tomshardware.com/news/nasa-hacked-raspberry-pi-cyber-security,39690.html

A new phishing campaign is underway that pretends to be a list undelivered email being held for you on your Outlook Web Mail service. Users are then prompted to decide what they wish to do with each mail, with the respective links leading to a fake login form…

https://www.bleepingcomputer.com/news/security/new-phishing-scam-asks-you-to-manage-your-undelivered-email/

A new cryptojacking campaign was spotted by experts at Trend Micro, crooks are using Shodan to scan for Docker hosts with exposed APIs.
Threat actors are using the popular Shodan search engine to find Docker hosts and abuse them in a crypojacking campaign. Attackers leverage self-propagating Docker images infected with Monero miners and scripts that use of Shodan to find other vulnerable installs and compromise them…

https://securityaffairs.co/wordpress/86417/malware/cryptojacking-campaign-docker.html

Around 20% of the top 1,000 most popular Docker containers on the Docker Hub portal are impacted by a misconfiguration that can expose users systems to attacks, under certain conditions.

The flaw is similar to the one that impacted the official Alpine Linux Docker container last week when Cisco Talos researchers found that Alpine Linux Docker images released in the past three years came with an active root account that used a blank password…

https://www.zdnet.com/article/root-account-misconfigurations-found-in-20-of-top-1000-docker-containers/

Microsoft patched today a critical Remote Code Execution (RCE) vulnerability found in the Remote Desktop Services (RDS) platform which can allow malicious actors to create malware designed to propagate between computers running vulnerable RDS installations…

https://www.bleepingcomputer.com/news/security/microsoft-fixes-critical-remote-desktop-flaw-blocks-worm-malware/

Google today disclosed a security bug in its Bluetooth Titan Security Key that could allow an attacker in close physical proximity to circumvent the security the key is supposed to provide. The company says the bug is due to a “misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols” and that even the faulty keys still protect against phishing attacks. Still, the company is providing a free replacement key to all existing users…

https://techcrunch.com/2019/05/15/google-recalls-its-bluetooth-titan-security-keys-because-of-a-security-bug/amp/#referrer=https%3A%2F%2Fwww.google.com&_tf=From%20%251%24s

Amazon’s Alexa Guard feature is now rolling out in the US, following an invite-only preview that lasted a few months. This free update lets your Echo speaker listen for signs of danger in your home while you’re away. Sounds like glass breaking (caused by a burglar or a moody cat) or a smoke alarm going off will trigger Alexa to send out Smart Alerts consisting of audio clips. If your Echo has a built-in camera, it will show a direct video feed into your home…

https://www.theverge.com/2019/5/14/18618098/alexa-guard-amazon-echo-speaker-security-feature