Ukraine Fears Second Ransomware Outbreak as Another Accounting Firm Got Hacked

Ukrainian authorities and businesses are on alert after a local security firm reported that another accounting software maker got hacked and its servers were being used to spread malware. [...]

https://www.bleepingcomputer.com/news/security/ukraine-fears-second-ransomware-outbreak-as-another-accounting-firm-got-hacked/

CS:GO Cheat Delivers Cryptocurrency Miner on MacOS

Counter-Strike: Global Offensive (CS:GO) players looking to get a leg up on the competition by using the vHook cheating app for macOS were also infected with a cryptocurrency miner. [...]

https://www.bleepingcomputer.com/news/security/cs-go-cheat-delivers-cryptocurrency-miner-on-macos/

Germany: Microsoft Agrees to Stop Forcibly Downloading Windows Upgrades

After an 18-month legal battle with Germany's Baden-Würtenberg consumer rights center, Microsoft admitted to wrongdoing when it downloaded over 6GBs of data on user devices during its Windows 10 push in mid and late 2015. [...]

https://www.bleepingcomputer.com/news/microsoft/germany-microsoft-agrees-to-stop-forcibly-downloading-windows-upgrades/

You Can Now Run Different Google Chrome Versions Side-By-Side

Google announced on Monday that Chrome users can now run two different versions of Chrome side-by-side. [...]

https://www.bleepingcomputer.com/news/google/you-can-now-run-different-google-chrome-versions-side-by-side/

90% of Companies Get Attacked with Three-Year-Old Vulnerabilities

A Fortinet report released this week highlights the importance of keeping secure systems up to date, or at least a few cycles off the main release, albeit this is not recommended, but better than leaving systems unpatched for years. [...]

https://www.bleepingcomputer.com/news/security/90-percent-of-companies-get-attacked-with-three-year-old-vulnerabilities/

FSB Agents Arrested for Giving CIA Information About Russian Hackers

A Russian television station — TV Rain — claims to have obtained insider information about the arrests of Sergey Mikhailov, a Russian intelligence agent that lead the FSB's Center for Information Security, and Dmitry Dokuchayev, also an FSB agent and Mikhailov's deputy. [...]

https://www.bleepingcomputer.com/news/security/fsb-agents-arrested-for-giving-cia-information-about-russian-hackers/

Facebook Messenger Spam Leads to Adware, Malicious Chrome Extensions

A virulent spam campaign has hit Facebook Messenger during the past few days, according to recent warnings issued by Avira and Kaspersky Lab. [...]

https://www.bleepingcomputer.com/news/security/facebook-messenger-spam-leads-to-adware-malicious-chrome-extensions/

Researcher Releases Fully Working Exploit Code for iOS Kernel Vulnerability

Adam Donenfeld, a researcher with mobile security firm Zimperium, has published today proof-of-concept code for zIVA — a kernel exploit that affects iOS 10.3.1 and previous versions. [...]

https://www.bleepingcomputer.com/news/security/researcher-releases-fully-working-exploit-code-for-ios-kernel-vulnerability/

Watch Someone Buy a Laptop for $1 Thanks to a Severe POS Vulnerability

A vulnerability in the SAP POS Xpress Server allows attackers to alter configuration files for SAP Point-of-Sale systems, alter prices, and collect payment card data and send it to one of their servers. [...]

https://www.bleepingcomputer.com/news/security/watch-someone-buy-a-laptop-for-1-thanks-to-a-severe-pos-vulnerability/

New EMPTY CryptoMix Ransomware Variant Released

Today, MalwareHunterTeam discovered a new variant of the CryptoMix ransomware that is appending the .EMPTY extension to encrypted file names. Considering that the previous variant used ERROR as the previous extension and now uses EMPTY, it is clear that the developers are running out of extensions to use. [...]

https://www.bleepingcomputer.com/news/security/new-empty-cryptomix-ransomware-variant-released/

Chinese DIY App Allows Anyone to Create Android Ransomware

Chinese malware developers have created a specialized Android application that allows anyone to generate a fully-working Android ransomware just by filling in a form and pushing a few buttons. [...]

https://www.bleepingcomputer.com/news/security/chinese-diy-app-allows-anyone-to-create-android-ransomware/

AI Training Algorithms Susceptible to Backdoors, Manipulation

Three researchers from New York University (NYU) have published a paper this week describing a method that an attacker could use to poison deep learning-based artificial intelligence (AI) algorithms. [...]

https://www.bleepingcomputer.com/news/security/ai-training-algorithms-susceptible-to-backdoors-manipulation/

New Arena Crysis Ransomware Variant Released

A new variant of the Crysis Ransomware was released yesterdary that appends the .arena extension to encrypted files. This article will provide a brief description of the ransomware and how to protect your computer from ransomware. [...]

https://www.bleepingcomputer.com/news/security/new-arena-crysis-ransomware-variant-released/

The Week in Ransomware - August 25th 2017 - Crysis & Ransomware Builders

Not a lot out this week other than some new variants of CryptoMix, Crysis, and someone paying homage to security researcher Karsten Hahn. Of particular interest is an Android application that allows anyone to generate a fully-working Android ransomware just by filling in a form and pushing a few buttons. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-25th-2017-crysis-and-ransomware-builders/

US Arrests Chinese Man Involved With Sakula Malware Used in OPM and Anthem Hacks

The FBI has arrested a Chinese national on accusations of distributing and infecting US companies with the Sakula malware, the same malware used in the OPM and Anthem hacks. [...]

https://www.bleepingcomputer.com/news/security/us-arrests-chinese-man-involved-with-sakula-malware-used-in-opm-and-anthem-hacks/

Chrome Testing Option to Permanently Mute Audio on Annoying Websites

The Google Chrome team is currently testing a new option that will allow users to permanently mute audio coming from a website (URL). [...]

https://www.bleepingcomputer.com/news/software/chrome-testing-option-to-permanently-mute-audio-on-annoying-websites/

Someone Published a List of Telnet Credentials for Thousands of IoT Devices

A list of thousands of fully working Telnet credentials has been sitting online on Pastebin since June 11, credentials that can be used by botnet herders to increase the size of their DDoS cannons. [...]

https://www.bleepingcomputer.com/news/security/someone-published-a-list-of-telnet-credentials-for-thousands-of-iot-devices/

Chinese Cyber-Espionage Group Uses Game of Thrones as Phishing Lure

A cyber-espionage unit is using the recent Game of Thrones episode leaks to lure targets into opening malicious documents sent via email. [...]

https://www.bleepingcomputer.com/news/security/chinese-cyber-espionage-group-uses-game-of-thrones-as-phishing-lure/

Lawsuit Filed Against Logitech for Delaying Warranty Claims, Hiding EOL Decision

A US man has filed a lawsuit against Logitech, a Swiss-based manufacturer of electronic devices, on accusations that Logitech had intentionally delayed and tried to discourage warranty claims for defective products, falsely advertised products, and even hid an End-Of-Life (EOL) announcement from customers. [...]

https://www.bleepingcomputer.com/news/hardware/lawsuit-filed-against-logitech-for-delaying-warranty-claims-hiding-eol-decision/

Google Error Causes Widespread Internet Outage in Japan

An error on Google's part has caused widespread Internet outages in Japan for about an hour, on Friday, August 25. [...]

https://www.bleepingcomputer.com/news/technology/google-error-causes-widespread-internet-outage-in-japan/

China to Impose Real Name Policy for Online Comments

The Cyberspace Administration of China has mandated that starting October 1, all online services will have to verify the identity of people posting comments on their platforms. [...]

https://www.bleepingcomputer.com/news/government/china-to-impose-real-name-policy-for-online-comments/