Brian Krebs Fan Creates New Cryptocurrency Miner for Linux Devices

A malware author has created a new cryptocurrency miner that infects Linux devices that use open or default Telnet credentials. [...]

https://www.bleepingcomputer.com/news/security/brian-krebs-fan-creates-new-cryptocurrency-miner-for-linux-devices/

AccuWeather iOS App Sends Location Data to Advertising Partner

Will Strafach, an independent security researcher, has discovered over the weekend that the AccuWeather iOS app sends location information to a data monetization firm named Reveal Mobile. [...]

https://www.bleepingcomputer.com/news/security/accuweather-ios-app-sends-location-data-to-advertising-partner/

Mozilla Testing New Default Opt-Out Setting for Firefox Telemetry Collection

Mozilla engineers are discussing plans to change the way Firefox collects usage data (telemetry), and the organization is currently preparing to test an opt-out clause an opt-out clause so they could collect more data relevant to the browser's usage. [...]

https://www.bleepingcomputer.com/news/software/mozilla-testing-new-default-opt-out-setting-for-firefox-telemetry-collection/

Google Launches Enterprise Version of Chrome OS

Google launched today an improved version of the Chrome OS specifically built for deployment in large-scale enterprises. [...]

https://www.bleepingcomputer.com/news/google/google-launches-enterprise-version-of-chrome-os/

ROPEMAKER Lets Attackers Change Your Emails After Delivery

A new email attack scenario nicknamed ROPEMAKER allows a threat actor to change the content of emails received by targets via remote CSS files. [...]

https://www.bleepingcomputer.com/news/security/ropemaker-lets-attackers-change-your-emails-after-delivery/

Google Play Store Security Scans Tricked by ...Sigh... In-Dev Malware

Google has yet to remove two apps infected with dangerous malware that are currently still available for download via the official Google Play Store. [...]

https://www.bleepingcomputer.com/news/security/google-play-store-security-scans-tricked-by-sigh-in-dev-malware/

Ukraine Fears Second Ransomware Outbreak as Another Accounting Firm Got Hacked

Ukrainian authorities and businesses are on alert after a local security firm reported that another accounting software maker got hacked and its servers were being used to spread malware. [...]

https://www.bleepingcomputer.com/news/security/ukraine-fears-second-ransomware-outbreak-as-another-accounting-firm-got-hacked/

CS:GO Cheat Delivers Cryptocurrency Miner on MacOS

Counter-Strike: Global Offensive (CS:GO) players looking to get a leg up on the competition by using the vHook cheating app for macOS were also infected with a cryptocurrency miner. [...]

https://www.bleepingcomputer.com/news/security/cs-go-cheat-delivers-cryptocurrency-miner-on-macos/

Germany: Microsoft Agrees to Stop Forcibly Downloading Windows Upgrades

After an 18-month legal battle with Germany's Baden-Würtenberg consumer rights center, Microsoft admitted to wrongdoing when it downloaded over 6GBs of data on user devices during its Windows 10 push in mid and late 2015. [...]

https://www.bleepingcomputer.com/news/microsoft/germany-microsoft-agrees-to-stop-forcibly-downloading-windows-upgrades/

You Can Now Run Different Google Chrome Versions Side-By-Side

Google announced on Monday that Chrome users can now run two different versions of Chrome side-by-side. [...]

https://www.bleepingcomputer.com/news/google/you-can-now-run-different-google-chrome-versions-side-by-side/

90% of Companies Get Attacked with Three-Year-Old Vulnerabilities

A Fortinet report released this week highlights the importance of keeping secure systems up to date, or at least a few cycles off the main release, albeit this is not recommended, but better than leaving systems unpatched for years. [...]

https://www.bleepingcomputer.com/news/security/90-percent-of-companies-get-attacked-with-three-year-old-vulnerabilities/

FSB Agents Arrested for Giving CIA Information About Russian Hackers

A Russian television station — TV Rain — claims to have obtained insider information about the arrests of Sergey Mikhailov, a Russian intelligence agent that lead the FSB's Center for Information Security, and Dmitry Dokuchayev, also an FSB agent and Mikhailov's deputy. [...]

https://www.bleepingcomputer.com/news/security/fsb-agents-arrested-for-giving-cia-information-about-russian-hackers/

Facebook Messenger Spam Leads to Adware, Malicious Chrome Extensions

A virulent spam campaign has hit Facebook Messenger during the past few days, according to recent warnings issued by Avira and Kaspersky Lab. [...]

https://www.bleepingcomputer.com/news/security/facebook-messenger-spam-leads-to-adware-malicious-chrome-extensions/

Researcher Releases Fully Working Exploit Code for iOS Kernel Vulnerability

Adam Donenfeld, a researcher with mobile security firm Zimperium, has published today proof-of-concept code for zIVA — a kernel exploit that affects iOS 10.3.1 and previous versions. [...]

https://www.bleepingcomputer.com/news/security/researcher-releases-fully-working-exploit-code-for-ios-kernel-vulnerability/

Watch Someone Buy a Laptop for $1 Thanks to a Severe POS Vulnerability

A vulnerability in the SAP POS Xpress Server allows attackers to alter configuration files for SAP Point-of-Sale systems, alter prices, and collect payment card data and send it to one of their servers. [...]

https://www.bleepingcomputer.com/news/security/watch-someone-buy-a-laptop-for-1-thanks-to-a-severe-pos-vulnerability/

New EMPTY CryptoMix Ransomware Variant Released

Today, MalwareHunterTeam discovered a new variant of the CryptoMix ransomware that is appending the .EMPTY extension to encrypted file names. Considering that the previous variant used ERROR as the previous extension and now uses EMPTY, it is clear that the developers are running out of extensions to use. [...]

https://www.bleepingcomputer.com/news/security/new-empty-cryptomix-ransomware-variant-released/

Chinese DIY App Allows Anyone to Create Android Ransomware

Chinese malware developers have created a specialized Android application that allows anyone to generate a fully-working Android ransomware just by filling in a form and pushing a few buttons. [...]

https://www.bleepingcomputer.com/news/security/chinese-diy-app-allows-anyone-to-create-android-ransomware/

AI Training Algorithms Susceptible to Backdoors, Manipulation

Three researchers from New York University (NYU) have published a paper this week describing a method that an attacker could use to poison deep learning-based artificial intelligence (AI) algorithms. [...]

https://www.bleepingcomputer.com/news/security/ai-training-algorithms-susceptible-to-backdoors-manipulation/

New Arena Crysis Ransomware Variant Released

A new variant of the Crysis Ransomware was released yesterdary that appends the .arena extension to encrypted files. This article will provide a brief description of the ransomware and how to protect your computer from ransomware. [...]

https://www.bleepingcomputer.com/news/security/new-arena-crysis-ransomware-variant-released/

The Week in Ransomware - August 25th 2017 - Crysis & Ransomware Builders

Not a lot out this week other than some new variants of CryptoMix, Crysis, and someone paying homage to security researcher Karsten Hahn. Of particular interest is an Android application that allows anyone to generate a fully-working Android ransomware just by filling in a form and pushing a few buttons. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-25th-2017-crysis-and-ransomware-builders/

US Arrests Chinese Man Involved With Sakula Malware Used in OPM and Anthem Hacks

The FBI has arrested a Chinese national on accusations of distributing and infecting US companies with the Sakula malware, the same malware used in the OPM and Anthem hacks. [...]

https://www.bleepingcomputer.com/news/security/us-arrests-chinese-man-involved-with-sakula-malware-used-in-opm-and-anthem-hacks/