Welcome to 2017: Pacemaker Patients Told to Visit Doctors to Receive Security Patches

Patients with pacemakers manufactured by Abbott — formerly St. Jude Medical's — are advised to reach out to their doctors and inquire about the availability of a security update for their implanted medical devices. [...]

https://www.bleepingcomputer.com/news/security/welcome-to-2017-pacemaker-patients-told-to-visit-doctors-to-receive-security-patches/

Upcoming Firefox 57 Gets New Protection Against Apps That Snoop on Users

Firefox 57, scheduled for release on November 14, will ship with a new protective measure that will prevent accessibility apps from accessing the web browser's data. [...]

https://www.bleepingcomputer.com/news/software/upcoming-firefox-57-gets-new-protection-against-apps-that-snoop-on-users/

Nearly 3,000 Bitcoin Miners Exposed Online via Telnet Ports, Without Passwords

Dutch security researcher Victor Gevers has discovered 2,893 Bitcoin miners left exposed on the Internet with no passwords on their Telnet port. [...]

https://www.bleepingcomputer.com/news/security/nearly-3-000-bitcoin-miners-exposed-online-via-telnet-ports-without-passwords/

Fake Roboto Condensed Font Pack Update Infects Users with Malware

A new social engineering attack is underway that pretends to be an alert from Chrome or Mozilla that tells you to install an updated font pack to properly see the site. Once downloaded and installed, this font pack will install various malware onto the computer. [...]

https://www.bleepingcomputer.com/news/security/fake-roboto-condensed-font-pack-update-infects-users-with-malware/

After Dodging Prison in Germany, Mirai Hacker "BestBuy" Charged in the UK

Daniel Kaye, a 29-year-old hacker known under the nicknames of BestBuy and Popopret, will appear in a UK court today to face hacking charges related to his activity as master of one of the biggest Mirai botnets ever assembled. [...]

https://www.bleepingcomputer.com/news/security/after-dodging-prison-in-germany-mirai-hacker-bestbuy-charged-in-the-uk/

New Backdoor Trojan Deployed in Cyber-Espionage Campaign Targeting Embassies

A cyber-espionage group believed to be operating out of Russia for the past two decades has deployed a new backdoor trojan on computers at embassies in Southeast Europe, former Soviet states, and some South American countries. [...]

https://www.bleepingcomputer.com/news/security/new-backdoor-trojan-deployed-in-cyber-espionage-campaign-targeting-embassies/

Three Hardcoded Backdoor Accounts Discovered in Arris Modems

Security researchers have found five gaping holes in the firmware running on Arris modems, three of which are hardcoded backdoor accounts. [...]

https://www.bleepingcomputer.com/news/security/three-hardcoded-backdoor-accounts-discovered-in-arris-modems/

CIA Developed Windows Malware That Alters Boot Sector to Load More Malware

WikiLeaks published today documentation on the CIA Angelfire project, a malware framework developed to infect Windows computers. [...]

https://www.bleepingcomputer.com/news/security/cia-developed-windows-malware-that-alters-boot-sector-to-load-more-malware/

Scan Campaign Detected Looking for Adminer Database Management Tool

Sucuri, a cyber security company recently acquired by GoDaddy, has detected a massive online scanning campaign that's searching for websites that use the Adminer database management script. [...]

https://www.bleepingcomputer.com/news/security/scan-campaign-detected-looking-for-adminer-database-management-tool/

Free Cobian RAT Offered on Underground Hacking Forums Comes With a Backdoor

A remote access trojan (RAT) offered as a free download on underground hacking forums comes with a secret backdoor that grants the original author access to all the victim data. [...]

https://www.bleepingcomputer.com/news/security/free-cobian-rat-offered-on-underground-hacking-forums-comes-with-a-backdoor/

Chinese Agency Linked to Cyber-Espionage Operations Will Review Source Code of Foreign Firms

According to a new law voted in 2016 and which came into effect starting June 1, 2017, foreign companies activating in China could be forced to provide access to their source code to a state agency that has been recently linked to China's nation-state cyber-espionage campaigns. [...]

https://www.bleepingcomputer.com/news/government/chinese-agency-linked-to-cyber-espionage-operations-will-review-source-code-of-foreign-firms/

Boobytrapped Word File Installs Locky Ransomware When You Close the Document

Summer vacation is over! During the past week, security researchers have discovered several distribution campaigns pushing the Locky ransomware via different methods, including a new variant that features one hell of a clever trick. [...]

https://www.bleepingcomputer.com/news/security/boobytrapped-word-file-installs-locky-ransomware-when-you-close-the-document/

Microsoft Confirms Windows 10 Fall Creators Update Release Date After Lenovo Blunder

On October 17, Microsoft will launch the next major version of Windows 10, nicknamed the Fall Creators Update (CFU). [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-windows-10-fall-creators-update-release-date-after-lenovo-blunder/

New Arena CryptoMix Ransomware Variant Released

A new variant of the CryptoMix ransomware has been released that appends the .empty extension to encrypted files. This article will provide information on what has changed and how to protect your computer from this ransomware. [...]

https://www.bleepingcomputer.com/news/security/new-arena-cryptomix-ransomware-variant-released/

DDoS Booter Service Suffers Security Breach

A dissatisfied customer has breached the server of TrueStresser, a DDoS-for-hire service, pilfered its database, and leaked some of the content online. [...]

https://www.bleepingcomputer.com/news/security/ddos-booter-service-suffers-security-breach/

The Week in Ransomware - September 1st 2017 - Locky, Exploit Kits, & More

This week has seen a big push by Locky using numerous distribution campaigns to try and claim a spot with the big boys. Other than the normal releases of small ransomware creations, we also saw the RIG exploit kit pushing the Princess Ransomware. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-1st-2017-locky-exploit-kits-and-more/

Radio Hacker Interrupts Police Chase in Australia

A pirate broadcaster posing as a police officer interfered in a police chase this week in Australia, forcing officers to call off the pursuit of two suspected armed robbers. [...]

https://www.bleepingcomputer.com/news/security/radio-hacker-interrupts-police-chase-in-australia/

Man Who Refused to Decrypt Hard Drives Still in Prison After Two Years

Francis Rawls, a former Philadelphia cop, will remain in jail for refusing to decrypt a hard drive federal investigators found in his home two years ago during a child abuse investigation. [...]

https://www.bleepingcomputer.com/news/legal/man-who-refused-to-decrypt-hard-drives-still-in-prison-after-two-years/

Vulnerabilities Discovered in Mobile Bootloaders of Major Vendors

Android bootloader components from five major chipset vendors are affected by vulnerabilities that break the CoT (Chain of Trust) during the boot-up sequence, opening devices to attacks. [...]

https://www.bleepingcomputer.com/news/security/vulnerabilities-discovered-in-mobile-bootloaders-of-major-vendors/

Banking Trojan Now Targets Coinbase Users, Not Just Banking Portals

The TrickBot banking trojan has added support for stealing funds stored in Coinbase.com accounts, according to a recent version spotted in a distribution campaign last week. [...]

https://www.bleepingcomputer.com/news/security/banking-trojan-now-targets-coinbase-users-not-just-banking-portals/

Police Seize Domain of Online Store That Stole User's Card Data

Canadian police have seized the domain of Fazny.ca, an online electronics store that stole users' payment card data and used it to make fraudulent purchases. [...]

https://www.bleepingcomputer.com/news/security/police-seize-domain-of-online-store-that-stole-users-card-data/