The Week in Ransomware - August 18th 2017 - SyncCrypt, GlobeImposter, & Locky

While the week was dominated by small little ransomware creations, we did have some interesting news. First, we have had a resurgence of Locky variants, then a constant stream of GlobeImposter variants variants, and finally the SynCrypt ransomware that utilizes an interesting distribution method. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-18th-2017-synccrypt-globeimposter-and-locky/

Secret Chips Can Be Hidden in Replacement Parts to Spy and Take Over Smartphones

At a recently concluded security conference, experts from an Israeli university have presented new research that describes a possible attack scenario which leverages replacement parts to carry out attacks on smartphones and other smart devices. [...]

https://www.bleepingcomputer.com/news/security/secret-chips-can-be-hidden-in-replacement-parts-to-spy-and-take-over-smartphones/

Researchers Win $100,000 for New Spear-Phishing Detection Method

Facebook has awarded this year's Internet Defense Prize worth $100,000 to a team of researchers from the University of California, Berkeley, who came up with a new method of detecting spear-phishing attacks in closely monitored enterprise networks. [...]

https://www.bleepingcomputer.com/news/security/researchers-win-100-000-for-new-spear-phishing-detection-method/

Google Algorithm Removes Watermarks From Stock Photos

Four Google researchers have uncovered a vulnerability in the way stock photography websites apply watermarks on their image portfolios. [...]

https://www.bleepingcomputer.com/news/technology/google-algorithm-removes-watermarks-from-stock-photos/

Couple Accused of Using Lowes Website Flaw to Steal Expensive Goods

A couple from the Brick Township in New Jersey stands accused of using a flaw in the Lowes online portal to receive goods for free at their home. [...]

https://www.bleepingcomputer.com/news/security/couple-accused-of-using-lowes-website-flaw-to-steal-expensive-goods/

Oracle Wants to Give Java EE to the Open-Source Community

Oracle said this week it plans to transfer management of the Java EE project to an open-source foundation, such as Apache or Eclipse. [...]

https://www.bleepingcomputer.com/news/technology/oracle-wants-to-give-java-ee-to-the-open-source-community/

Chrome Adds Warning for When Extensions Take Over Your Internet Connection

Google engineers have added two neat features to the Chrome browser that will alert users of extensions that hijack proxy settings or the new tab page. [...]

https://www.bleepingcomputer.com/news/security/chrome-adds-warning-for-when-extensions-take-over-your-internet-connection/

Plex Updates Privacy Policy So Users Can't Opt out of Data Collection

Plex, a popular supplier of multimedia streaming solutions, has updated its privacy policy and has removed the possibility that users could opt out of the company's data collection practices. [...]

https://www.bleepingcomputer.com/news/software/plex-updates-privacy-policy-so-users-cant-opt-out-of-data-collection/

US Army Will Implement Keystroke-Tracking Biometrics Authentication System

The US Department of Defense (DOD) is slowly adopting a biometrics-based system as a possible replacement for its classic card-based access and authentication solution. [...]

https://www.bleepingcomputer.com/news/government/us-army-will-implement-keystroke-tracking-biometrics-authentication-system/

Hacker Steals $475,000 Worth of Ethereum After Breaching Enigma Project

An unidentified hacker (or hackers) has taken control of the Enigma Project website, Slack channel, and mailing list, and tricked users into sending funds to a wrong Ethereum account. [...]

https://www.bleepingcomputer.com/news/security/hacker-steals-475-000-worth-of-ethereum-after-breaching-enigma-project/

Online Extortion Campaigns Target Users, Companies, Security Researchers

During the past week, there has been a sudden surge in online extortion campaigns, against regular users and security researchers alike. [...]

https://www.bleepingcomputer.com/news/security/online-extortion-campaigns-target-users-companies-security-researchers/

Google Releases Android 8.0 Oreo

Google has started the rollout process for the Android 8.0 mobile operating system, which in classic Google fashion will take the name of a sweet food, and it will be Oreo. [...]

https://www.bleepingcomputer.com/news/mobile/google-releases-android-8-0-oreo/

Ad Trackers on E-Commerce Sites Can Unmask Bitcoin Transactions

Research published last week reveals that cookies and other data collected by ad trackers on e-commerce sites can be used to de-anonymize Bitcoin transactions. [...]

https://www.bleepingcomputer.com/news/technology/ad-trackers-on-e-commerce-sites-can-unmask-bitcoin-transactions/

Cryptocurrency Miner Infects Windows PCs via EternalBlue and WMI

A new malware family detected under the name of CoinMiner is causing users and security firms alike loads of problems, being hard to stop or detect due to the combination of various unique features. [...]

https://www.bleepingcomputer.com/news/security/cryptocurrency-miner-infects-windows-pcs-via-eternalblue-and-wmi/

Chinese Advertising SDK Caught Stealing Data From Android Devices

An advertising software development kit (SDK) embedded in many legitimate apps has been secretly siphoning user data and sending it to the servers of a Chinese company. [...]

https://www.bleepingcomputer.com/news/security/chinese-advertising-sdk-caught-stealing-data-from-android-devices/

Brian Krebs Fan Creates New Cryptocurrency Miner for Linux Devices

A malware author has created a new cryptocurrency miner that infects Linux devices that use open or default Telnet credentials. [...]

https://www.bleepingcomputer.com/news/security/brian-krebs-fan-creates-new-cryptocurrency-miner-for-linux-devices/

AccuWeather iOS App Sends Location Data to Advertising Partner

Will Strafach, an independent security researcher, has discovered over the weekend that the AccuWeather iOS app sends location information to a data monetization firm named Reveal Mobile. [...]

https://www.bleepingcomputer.com/news/security/accuweather-ios-app-sends-location-data-to-advertising-partner/

Mozilla Testing New Default Opt-Out Setting for Firefox Telemetry Collection

Mozilla engineers are discussing plans to change the way Firefox collects usage data (telemetry), and the organization is currently preparing to test an opt-out clause an opt-out clause so they could collect more data relevant to the browser's usage. [...]

https://www.bleepingcomputer.com/news/software/mozilla-testing-new-default-opt-out-setting-for-firefox-telemetry-collection/

Google Launches Enterprise Version of Chrome OS

Google launched today an improved version of the Chrome OS specifically built for deployment in large-scale enterprises. [...]

https://www.bleepingcomputer.com/news/google/google-launches-enterprise-version-of-chrome-os/

ROPEMAKER Lets Attackers Change Your Emails After Delivery

A new email attack scenario nicknamed ROPEMAKER allows a threat actor to change the content of emails received by targets via remote CSS files. [...]

https://www.bleepingcomputer.com/news/security/ropemaker-lets-attackers-change-your-emails-after-delivery/

Google Play Store Security Scans Tricked by ...Sigh... In-Dev Malware

Google has yet to remove two apps infected with dangerous malware that are currently still available for download via the official Google Play Store. [...]

https://www.bleepingcomputer.com/news/security/google-play-store-security-scans-tricked-by-sigh-in-dev-malware/