SambaCry Vulnerability Used to Deploy Backdoors on NAS Devices

wSomeone is using the SambaCry vulnerability to install a backdoor trojan on Linux devices running older versions of the Samba file-sharing server. [...]

https://www.bleepingcomputer.com/news/security/sambacry-vulnerability-used-to-deploy-backdoors-on-nas-devices/

Two Iranians Charged With Hacking US Defense Contractor

The US Department of Justice (DOJ) unsealed an indictment on Monday against two Iranian nationals accused of hacking a US company and stealing software used in ammunition design. [...]

https://www.bleepingcomputer.com/news/security/two-iranians-charged-with-hacking-us-defense-contractor/

Mozilla Launches the First Open-Source Voice Recognition Engine

The Mozilla Foundation, makers of the Firefox browser, have launched a new project called Common Voice, which the organization hopes to become the first open-source voice recognition engine on the market. [...]

https://www.bleepingcomputer.com/news/technology/mozilla-launches-the-first-open-source-voice-recognition-engine/

"Bad Taste" Vulnerability Affects Linux Systems via Malicious Windows MSI Files

Because Windows executables haven't wreaked enough damage on Windows computers, now you can use malformed MSI files to run malicious code on Linux systems. [...]

https://www.bleepingcomputer.com/news/security/-bad-taste-vulnerability-affects-linux-systems-via-malicious-windows-msi-files/

Radio and TV Station Still Recovering From Ransomware Infection One Month Later

A month after it suffered a mysterious cyber attack, details emerged that San Francisco's public TV and radio station, KQED, was the victim of a ransomware incident from which it has yet to fully recover. [...]

https://www.bleepingcomputer.com/news/security/radio-and-tv-station-still-recovering-from-ransomware-infection-one-month-later/

Avast Buys Piriform, the Company Behind CCleaner and Recuva

Avast, today's largest vendor of security software, has acquired Piriform, a UK-based company that is behind many successful desktop and mobile apps, such as CCleaner, Recuva, Speccy, and Defraggler. [...]

https://www.bleepingcomputer.com/news/business/avast-buys-piriform-the-company-behind-ccleaner-and-recuva/

Hacker Uses Parity Wallet Vulnerability to Steal $30 Million Worth of Ethereum

An unknown hacker has used a vulnerability in an Ethereum wallet client to steal over 153,000 Ether, worth over $30 million dollars. [...]

https://www.bleepingcomputer.com/news/security/hacker-uses-parity-wallet-vulnerability-to-steal-30-million-worth-of-ethereum/

Security Flaws Are Everywhere. Even in Segway Hoverboards

Ninebot, the company behind Segway hoverboards, has issued new firmware to fix various security flaws that allow an attacker to connect to and take over users' devices. [...]

https://www.bleepingcomputer.com/news/security/security-flaws-are-everywhere-even-in-segway-hoverboards/

Apple Releases Security Updates, Fixes Broadpwn Bug

On July 19, Apple released security updates for seven of its products, such as iOS, macOS, watchOS, tvOS, Safari, iTunes for Windows and iCloud for Windows. [...]

https://www.bleepingcomputer.com/news/apple/apple-releases-security-updates-fixes-broadpwn-bug/

Online Course Teaches Russian-Speaking Hackers Latest Carding Tricks

Russian-speaking criminals are offering a six-week online course that teaches wannabe hackers all they need to know to enter the online fraud and carding scene. [...]

https://www.bleepingcomputer.com/news/security/online-course-teaches-russian-speaking-hackers-latest-carding-tricks/

Valve Patches Security Flaw That Allows Installation of Malware via Steam Games

A vulnerability in Valve's Source SDK, a library used by game vendors to support custom mods and other features, allows a malicious actor to execute code on a user's computer, and optionally install malware, such as ransomware, cryptocurrency miners, banking trojans, and others. [...]

https://www.bleepingcomputer.com/news/security/valve-patches-security-flaw-that-allows-installation-of-malware-via-steam-games/

Authorities Take Down Hansa Dark Web Market, Confirm AlphaBay Takedown

Today, in coordinated press releases, the US Department of Justice (DOJ) and Europol announced the takedown of two Dark Web marketplaces — AlphaBay and Hansa Market. [...]

https://www.bleepingcomputer.com/news/security/authorities-take-down-hansa-dark-web-market-confirm-alphabay-takedown/

Chrome Extension Hijacks Search Results While Filtering Trump from the Web

While doing my normal scan through various sites that are known to push unwanted programs, I ran across a new version of a Chrome extension family that hijacks searches done on Google and other search engines. In addition to hijacking searches, this new variant also tries to filter Trump from the web. [...]

https://www.bleepingcomputer.com/news/security/chrome-extension-hijacks-search-results-while-filtering-trump-from-the-web/

The ZAYKA and NOOB CryptoMix Ransomware Variants Released in Quick Succession

[...]

https://www.bleepingcomputer.com/news/security/the-zayka-and-noob-cryptomix-ransomware-variants-released-in-quick-succession/

Series of Monumental OpSec Mistakes Led to AlphaBay's Demise

It was a series of monumental OpSec (operational security) mistakes that led to AlphaBay's demise, according to a series of documents released today by the US Department of Justice. [...]

https://www.bleepingcomputer.com/news/security/series-of-monumental-opsec-mistakes-led-to-alphabays-demise/

Chromium to Get MP3 Support After MP3 Becomes Patent-Free

Chromium, the skeletal open-source browser at the core of Chrome, Opera, Vivaldi, Brave and a few other browsers will receive support for the automatic playback of MP3 files. [...]

https://www.bleepingcomputer.com/news/software/chromium-to-get-mp3-support-after-mp3-becomes-patent-free/

Sysadmin Gets 18 Months in Prison for Shutting Down Former Employer's Network

Joe Vito Venzor, 41, from El Paso, was sentenced this week to 18 months in prison for hacking and destroying the IT network of his former employee on the day he was let go. [...]

https://www.bleepingcomputer.com/news/security/sysadmin-gets-18-months-in-prison-for-shutting-down-former-employers-network/

Stantinko Modular Backdoor Infected Over 500,000 Computers

Over 500,000 users have had their computers infected with a stealthy malware named Stantinko, according to a 99-page report released yesterday by Slovak antivirus maker ESET. [...]

https://www.bleepingcomputer.com/news/security/stantinko-modular-backdoor-infected-over-500-000-computers/

Briar Tor-Based Messenger Passes Security Audit, Enters Beta Stage

Briar, an instant messaging service that works over the Tor network, has reached beta stage today, the app's creators announced. [...]

https://www.bleepingcomputer.com/news/security/briar-tor-based-messenger-passes-security-audit-enters-beta-stage/

The Week in Ransomware - July 21st 2017 - Decryptors, Reyptson, & CryptoMix

Really slow week, which is great. We did have some decryptors and updated decryptors released this week, which is always great. Of particular concern is the increase releasing of new CryptoMix variants. Thankfully, these variants do not seem to be netting to many victims at this time.. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-july-21st-2017-decryptors-reyptson-and-cryptomix/

New Version of DarkHotel Malware Spotted Going After Political Figures

The DarkHotel hacking group, a threat actor known to engage in advanced cyber-espionage tactics, has shifted operations from targeting CEOs and businessmen to political figures. [...]

https://www.bleepingcomputer.com/news/security/new-version-of-darkhotel-malware-spotted-going-after-political-figures/