Russian Authorities Announce Takedown of RAMP Dark Web Marketplace

Russian police acknowledged today that they were responsible for taking down RAMP [Russian Anonymous Marketplace] — a Tor-based market that primarily sold drugs — a Russian Interior Ministry official told Russian news agency TASS today. [...]

https://www.bleepingcomputer.com/news/security/russian-authorities-announce-takedown-of-ramp-dark-web-marketplace/

Chrome Extension Embeds In-Browser Monero Miner That Drains Your CPU

The authors of SafeBrowse, a Chrome extension with more than 140,000 users, have embedded a JavaScript library in the extension's code that mines for the Monero cryptocurrency using users' computers and without getting their consent. [...]

https://www.bleepingcomputer.com/news/security/chrome-extension-embeds-in-browser-monero-miner-that-drains-your-cpu/

Malware Uses Security Cameras With Infrared Capabilities to Steal Data

Proof-of-concept malware created by a team of Israeli researchers uses the infrared capabilities of modern security cameras as a channel for data exfiltration, but also to receive new commands from its operators. [...]

https://www.bleepingcomputer.com/news/security/malware-uses-security-cameras-with-infrared-capabilities-to-steal-data/

Windows 10 Insider Build 16291 for PC Lets you Finish Articles Started on Your Phone

Today Microsoft released Insider Preview Build 16291 for PC to insiders on the fast ring that includes the ability for Cortana to transfer the current spot you are on in news articles or news listings to your PC. This allows you to read an article when on your phone and then continue reading it on your computer. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-16291-for-pc-lets-you-finish-articles-started-on-your-phone/

iTerm2 Leaks Everything You Hover in Your Terminal via DNS Requests

iTerm2, a popular Mac application that comes as a replacement for Apple's official Terminal app, just received a security fix minutes ago for a severe security issue that leaked terminal content via DNS requests. [...]

https://www.bleepingcomputer.com/news/security/iterm2-leaks-everything-you-hover-in-your-terminal-via-dns-requests/

Apple Issues Security Updates for iOS, iTunes, Xcode, Others

Apple published security updates and bulletins for six products such as Xcode 9, tvOS 11, watchOS 4, Safari 11, iOS 11, and iTunes 12.7 (for both macOS and Windows). [...]

https://www.bleepingcomputer.com/news/apple/apple-issues-security-updates-for-ios-itunes-xcode-others/

Optionsbleed Bug Leaks Apache Server Memory

Certain Apache server configurations can leak server memory content via a vulnerability called Optionsbleed — tracked as CVE-2017-9798 — and detailed on Monday by security researcher Hanno Böck. [...]

https://www.bleepingcomputer.com/news/security/optionsbleed-bug-leaks-apache-server-memory/

Underground Hacking Forum Admins Having Second Thoughts About Selling Ransomware

Administrators of various underground hacking forums hosted on both the public Internet and Dark Web are having serious discussions about the ethics of allowing the sale of ransomware via their platforms. [...]

https://www.bleepingcomputer.com/news/security/underground-hacking-forum-admins-having-second-thoughts-about-selling-ransomware/

Attackers Can Use HVAC Systems to Control Malware on Air-Gapped Networks

Heating, ventilation, and air conditioning (HVAC) systems can be used as a means to bridge air-gapped networks with the outside world, allowing remote attackers to send commands to malware placed inside a target's isolated network. [...]

https://www.bleepingcomputer.com/news/security/attackers-can-use-hvac-systems-to-control-malware-on-air-gapped-networks/

The Shark CryptoMix Ransomware Variant Smells Blood in the Water

Today, I discovered a new variant of the CryptoMix ransomware that is appending the .SHARK extension to encrypted file names. This family of ransomware usually releases a new version almost every week, if not sooner, so it is a bit surprising to see them take almost three weeks to release this variant. [...]

https://www.bleepingcomputer.com/news/security/the-shark-cryptomix-ransomware-variant-smells-blood-in-the-water/

IT Contractor Tried to Extort Company by Redirecting Website to Porn Site

An Arizona court sentenced a local man to four years of federal probation after what the judge described as a "one-time lapse in judgment" when the man redirected a company's website to a gay porn portal after a failed extortion attempt. [...]

https://www.bleepingcomputer.com/news/legal/it-contractor-tried-to-extort-company-by-redirecting-website-to-porn-site/

CCleaner Hack Carried Out In Order to Target Big Tech Companies

The CCleaner hack that took place over the summer and came to light this week might have been carried out by an infamous cyber-espionage group believed to be operating out of China. [...]

https://www.bleepingcomputer.com/news/security/ccleaner-hack-carried-out-in-order-to-target-big-tech-companies/

Attackers Take Over WordPress, Joomla, JBoss Servers to Mine Monero

Attacks aimed at delivering cryptocurrency mining tools on enterprise networks have gone up as much as six times, according to telemetry data collected by IBM's X-Force team between January and August 2017. [...]

https://www.bleepingcomputer.com/news/security/attackers-take-over-wordpress-joomla-jboss-servers-to-mine-monero/

SEC Says Hackers Breached Its System, Might Have Used Stolen Data for Insider Trading

Yesterday, the US Securities and Exchange Commission (SEC) — the US government agency that regulates the financial sector — admitted in a statement that hackers breached one of its systems. [...]

https://www.bleepingcomputer.com/news/security/sec-says-hackers-breached-its-system-might-have-used-stolen-data-for-insider-trading/

CLKSCREW Attack Can Hack Modern Chipsets via Their Power Management Features

A team of three scientists from Columbia University has discovered that by attacking the combo of hardware and software management utilities embedded with modern chipsets, threat actors can take over systems via an attack surface found in almost all modern electronic devices. [...]

https://www.bleepingcomputer.com/news/security/clkscrew-attack-can-hack-modern-chipsets-via-their-power-management-features/

ISP Involvement Suspected in the Distribution of FinFisher Spyware

Security researchers have tracked a malware distribution campaign spreading the FinFisher spyware — also known as FinSpy — to the infrastructure of Internet Service Providers (ISPs) in at least two countries. [...]

https://www.bleepingcomputer.com/news/security/isp-involvement-suspected-in-the-distribution-of-finfisher-spyware/

Man Found Guilty for Placing "Logic Bomb" on US Army Database

Mittesh Das, a 48-year-old man from Atlanta, Georgia, was found guilty today by a federal grand jury for sabotaging one of the US Army's payroll databases with a "time bomb." [...]

https://www.bleepingcomputer.com/news/government/man-found-guilty-for-placing-logic-bomb-on-us-army-database/

IoT Botnet Retooled to Send Email Spam

Researchers have discovered that an IoT botnet known as ProxyM is being used to send email spam. [...]

https://www.bleepingcomputer.com/news/security/iot-botnet-retooled-to-send-email-spam/

DDoS Extortion Group Sends Ransom Demand to Thousands of Companies

A group of DDoS extortionists using the name of Phantom Squad has sent out a massive spam wave to thousands of companies all over the globe, threating DDoS attacks on September 30, if victims do not pay a ransom demand. [...]

https://www.bleepingcomputer.com/news/security/ddos-extortion-group-sends-ransom-demand-to-thousands-of-companies/

Multiple Spam Waves Detected Pushing New Locky Ransomware Version

Reports are coming in from multiple security researchers and security firms about increased activity from one of the groups spreading the Locky ransomware. [...]

https://www.bleepingcomputer.com/news/security/multiple-spam-waves-detected-pushing-new-locky-ransomware-version/

nRansom Joke Locker Demands Nude Pics as Payment.

A new joke screen locker called nRansomware was released that demands 10 nude pictures, which they will sell on under ground sites, in order to unlock the screen. This article will take a brief look at the malware and show how its nothing to be concerned about. [...]

https://www.bleepingcomputer.com/news/security/nransom-joke-locker-demands-nude-pics-as-payment-/