Someone Published a List of Telnet Credentials for Thousands of IoT Devices

A list of thousands of fully working Telnet credentials has been sitting online on Pastebin since June 11, credentials that can be used by botnet herders to increase the size of their DDoS cannons. [...]

https://www.bleepingcomputer.com/news/security/someone-published-a-list-of-telnet-credentials-for-thousands-of-iot-devices/

Chinese Cyber-Espionage Group Uses Game of Thrones as Phishing Lure

A cyber-espionage unit is using the recent Game of Thrones episode leaks to lure targets into opening malicious documents sent via email. [...]

https://www.bleepingcomputer.com/news/security/chinese-cyber-espionage-group-uses-game-of-thrones-as-phishing-lure/

Lawsuit Filed Against Logitech for Delaying Warranty Claims, Hiding EOL Decision

A US man has filed a lawsuit against Logitech, a Swiss-based manufacturer of electronic devices, on accusations that Logitech had intentionally delayed and tried to discourage warranty claims for defective products, falsely advertised products, and even hid an End-Of-Life (EOL) announcement from customers. [...]

https://www.bleepingcomputer.com/news/hardware/lawsuit-filed-against-logitech-for-delaying-warranty-claims-hiding-eol-decision/

Google Error Causes Widespread Internet Outage in Japan

An error on Google's part has caused widespread Internet outages in Japan for about an hour, on Friday, August 25. [...]

https://www.bleepingcomputer.com/news/technology/google-error-causes-widespread-internet-outage-in-japan/

China to Impose Real Name Policy for Online Comments

The Cyberspace Administration of China has mandated that starting October 1, all online services will have to verify the identity of people posting comments on their platforms. [...]

https://www.bleepingcomputer.com/news/government/china-to-impose-real-name-policy-for-online-comments/

Unpatched Flaws Affect Chrome, Firefox, and Safari Browser Extension Systems

Security researchers have discovered two flaws that affect the extension systems embedded in today's browsers, such as Firefox, Safari, and all the Chromium-related offshoots, such as Chrome, Opera, and others. [...]

https://www.bleepingcomputer.com/news/security/unpatched-flaws-affect-chrome-firefox-and-safari-browser-extension-systems/

Security Firms Unite to Bring Down WireX Android DDoS Botnet

Security researchers from Akamai, Cloudflare, Flashpoint, Google, Oracle Dyn, RiskIQ, Team Cymru, and a few other companies have worked together to take down a DDoS botnet made up of Android devices. [...]

https://www.bleepingcomputer.com/news/security/security-firms-unite-to-bring-down-wirex-android-ddos-botnet/

New Nuclear BTCWare Ransomware Released

A new variant of the BTCWare ransomware was discovered that appends the .[affiliate_email].nuclear extension to encrypted files. The BTCWare family of ransomware is distributed by the developers hacking into remote computers with weak passwords using Remote Desktop services. [...]

https://www.bleepingcomputer.com/news/security/new-nuclear-btcware-ransomware-released/

Researchers Find a Way to Disable Much-Hated Intel ME Component Courtesy of the NSA

Researchers from Positive Technologies — a provider of enterprise security solutions — have found a way to disable the Intel Management Engine (ME), a much-hated component of Intel CPUs. [...]

https://www.bleepingcomputer.com/news/hardware/researchers-find-a-way-to-disable-much-hated-intel-me-component-courtesy-of-the-nsa/

Researchers Can't Explain Why WAP-Billing Trojans Are Making a Comeback

After years of silence, WAP-billing trojans are making a comeback, with four new strains becoming active in the second quarter of 2017, targeting Russia and India primarily. [...]

https://www.bleepingcomputer.com/news/security/researchers-cant-explain-why-wap-billing-trojans-are-making-a-comeback/

Bit Paymer Ransomware Hits Scottish Hospitals

Several hospitals part of the NHS Lanarkshire board were hit on Friday by a version of the Bit Paymer ransomware. The infection took root on late Friday, August 25. NHS Lanarkshire officials acknowledged the incident right away. [...]

https://www.bleepingcomputer.com/news/security/bit-paymer-ransomware-hits-scottish-hospitals/

Metadata From IoT Traffic Exposes In-Home User Activity

Metadata from web traffic generated by smart devices installed in a home can reveal quite a lot of information about the owner's habits and lifestyle. [...]

https://www.bleepingcomputer.com/news/technology/metadata-from-iot-traffic-exposes-in-home-user-activity/

IRS Warns of Emails Spreading Ransomware

The Internal Revenue Service (IRS) is warning US citizens of a new phishing scheme that poses as official IRS communications in the hopes that victims access a link, download a file, and hopefully get infected with ransomware. [...]

https://www.bleepingcomputer.com/news/security/irs-warns-of-emails-spreading-ransomware/

Windows Debug Tool WinDbg Gets a Major Facelift

Microsoft released a new version of the WinDbg debugger tool for Windows, a very popular utility among developers and system administrators working in investigating crash reports, and debugging BSODs and other errors. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-debug-tool-windbg-gets-a-major-facelift/

Today Microsoft released Insider Preview Build 16278 for PC to insiders on the fast ring. This release is all about bug fixes as Microsoft continues to focus on fixing bugs and increasing stability in the Windows 10 Fall Creators Update. At this point, it should be expected that all new releases will be improvements and bug fixes. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-16278-for-pc-released-with-only-bug-fixes/

Data of Two Million Users Stolen in CeX Security Breach

CeX, one of the Internet's biggest second-hand goods chains, has suffered a data breach, the company said in a statement on its website yesterday. [...]

https://www.bleepingcomputer.com/news/security/data-of-two-million-users-stolen-in-cex-security-breach/

It Still Takes 2 Minutes to Have Vulnerable IoT Devices Compromised Online

Almost a year after the emergence of the Mirai botnet, smart devices are still facing a barrage of credential attacks, and a device left connected to the Internet with default credentials will be hijacked in about two minutes. [...]

https://www.bleepingcomputer.com/news/security/it-still-takes-2-minutes-to-have-vulnerable-iot-devices-compromised-online/

Welcome to 2017: Pacemaker Patients Told to Visit Doctors to Receive Security Patches

Patients with pacemakers manufactured by Abbott — formerly St. Jude Medical's — are advised to reach out to their doctors and inquire about the availability of a security update for their implanted medical devices. [...]

https://www.bleepingcomputer.com/news/security/welcome-to-2017-pacemaker-patients-told-to-visit-doctors-to-receive-security-patches/

Upcoming Firefox 57 Gets New Protection Against Apps That Snoop on Users

Firefox 57, scheduled for release on November 14, will ship with a new protective measure that will prevent accessibility apps from accessing the web browser's data. [...]

https://www.bleepingcomputer.com/news/software/upcoming-firefox-57-gets-new-protection-against-apps-that-snoop-on-users/

Nearly 3,000 Bitcoin Miners Exposed Online via Telnet Ports, Without Passwords

Dutch security researcher Victor Gevers has discovered 2,893 Bitcoin miners left exposed on the Internet with no passwords on their Telnet port. [...]

https://www.bleepingcomputer.com/news/security/nearly-3-000-bitcoin-miners-exposed-online-via-telnet-ports-without-passwords/

Fake Roboto Condensed Font Pack Update Infects Users with Malware

A new social engineering attack is underway that pretends to be an alert from Chrome or Mozilla that tells you to install an updated font pack to properly see the site. Once downloaded and installed, this font pack will install various malware onto the computer. [...]

https://www.bleepingcomputer.com/news/security/fake-roboto-condensed-font-pack-update-infects-users-with-malware/