Summary:
The technology columnist for the Washington Post decided to seek help in understanding the network traffic emanating from his iPhone during nighttime hours. He found that many of his apps had relationships with multiple third-parties to collect data from his phone. It is hard to believe, but he found 5400 trackers sending 1.5 gigabytes per month. Some of the companies behind the apps were surprised and vowed to remove the trackers, but others said that they employed tracking services to improve their apps and had no particular responsibility for the frequency of data collection or the totality of its eventual uses.

The trackers are not limited to Apple devices, they also exist on Android phones.

Summary:
Some time ago NSA developed software to infiltrate Windows machines, and it was very successful, perhaps giving the US the ability to monitor the computers of terrorist organizations. With great power comes great responsibility, and somehow NSA blew it. The code was somehow released onto the Internet, and it became the basis for some serious ransomware. The city of Baltimore has been trying to re-establish its computer systems after being seriously damaged by a ransomware attack based on the NSA software.

The exploit is effective against older versions of Windows that have not been patched. That includes many, many machines that prop up aging IT infrastructure in city, county, and state governments. An unpatched system that is attacked by the ransomware can cause harm to more modern machines that it communicates with.

Summary:
The EternalBlue software mentioned above can be patched with free, downloadable software from Microsoft. Yet more than a million machines worldwide remain vulnerable, by some estimates. As a "public health" measure Microsoft strongly urges that Windows 2000 machines be patched immediately.

Summary:
A zero day exploit of Linux has been found embodied in active malware that evades most anti-virus detectors. Or, at least it did until it was revealed. Some think that the HiddenWasp malware is likely a later stage of software that gets served to targets of interest who have already been infected by an earlier stage.

Summary:
So you need a way to protect your digital currencies and you find something on github that is just the ticket. There seem to be two links for downloading the software, so you choose the first one on the page. That has a new function, SecureRandomAdvanced, which is an update of the SecureRandom function that is obtained through the other link. SecureRandomAdvanced uses an insecure random number generator that depends on hidden data in downloaded images. Only 120 unique keys can be generated from an image; but there are different images on different sites. Why? Who? No one knows. The code has been reverted, but if you downloaded it late last summer, you might want to replace it.

Summary:
A working exploit against a fully patched Windows 10 system is a disturbing discovery, but someone has anonymously revealed 7 such hacks this year. The attacks are serious and allow privilege escalation in some cases.