Threat Post

1. Wormable BlueKeep Bug Still Threatens Legions of Windows Systems

   Two months after the alarm sounded warning of a WannaCry-level event, progress in patching exposed Windows systems varies by country and industry.

2. Firmware Bugs Plague Server Supply Chain, 7 Vendors Impacted

   Lenovo, Acer and five additional server manufacturers are hit with supply-chain bugs buried in motherboard firmware.

3. Bluetooth Flaws Could Allow Global Tracking of Apple, Windows 10 Devices

   Identifying tokens and random addresses, meant to create anonymity, do not change in sync on some devices -- opening an attack vector.

4. Massive Malvertising Campaign Reaches 100M Ads, Manipulates Supply Chain

   A sophisticated and growing malvertising attacker is partnering with legitimate ad tech platforms to drop malware at scale.

5. StrongPity APT Returns with Retooled Spyware

   The group is using malicious versions of WinRAR and other legitimate software packages to infect targets, likely via watering-hole attacks.

6. LenovoEMC Storage Gear Leaks Sensitive Financial Data

   Lenovo patches enterprise and SMB network attached storage devices for a vulnerability that leaked data to the public internet.

7. The Future is Female: A Key to the Cybersecurity Workforce Challenge

   With cybersecurity worldwide facing a major applicant shortage, businesses should be courting women and supporting girls.

8. WhatsApp, Telegram Coding Blunders Can Expose Personal Media Files

   The issue, present on Android versions, is similar to the known man-in-the-disk attack vector.

9. JetBlue Bomb Scare Set Off with Apple AirDrop

   Someone AirDropped a picture of a suicide vest to multiple people on a JetBlue flight, prompting an evacuation.

10. Privacy Experts: Facebook’s $5B Fine Unlikely to Do Much

    The FTC has levied its biggest fine ever against the social network, but it's unlikely to have much effect.