Mozilla to End All Firefox Support for XP and Vista in June 2018

Mozilla announced today plans to discontinue any support for the Firefox browser on Windows XP and Vista in June 2018. [...]

https://www.bleepingcomputer.com/news/software/mozilla-to-end-all-firefox-support-for-xp-and-vista-in-june-2018/

Sonic Confirms Malware Breach After Customer Card Data Lands on Carding Shops

Sonic Drive-In, a fast food chain with over 3,600 restaurants across the US, has acknowledged a malware breach that affected an yet unidentified number of locations. [...]

https://www.bleepingcomputer.com/news/security/sonic-confirms-malware-breach-after-customer-card-data-lands-on-carding-shops/

FormBook Infostealer Sold on Hacking Forums Is Becoming Quite a Threat

During the past few months, malware campaigns distributing a previously unknown infostealer have ramped up, according to reports by Arbor Networks, FireEye, and the Internet Storm Center (ISC SANS). [...]

https://www.bleepingcomputer.com/news/security/formbook-infostealer-sold-on-hacking-forums-is-becoming-quite-a-threat/

Video Streams Leak What You're Watching to Attackers With Over 95% Accuracy

Even if a video streaming service is using HTTPS to encrypt its traffic, an attacker can still determine with a very high accuracy what content a user might be watching. [...]

https://www.bleepingcomputer.com/news/security/video-streams-leak-what-youre-watching-to-attackers-with-over-95-percent-accuracy/

Malicious CHM Files Being Used to Install Brazilian Banking Trojans

A new spam campaign is using malicious CHM files to download and install Brazilian banking Trojans. [...]

https://www.bleepingcomputer.com/news/security/malicious-chm-files-being-used-to-install-brazilian-banking-trojans/

Hundreds of Printers Expose Backend Panels and Password Reset Functions Online

A security researcher has found nearly 700 Brother printers left exposed online, allowing access to the password reset function to anyone who knows what to look for. [...]

https://www.bleepingcomputer.com/news/security/hundreds-of-printers-expose-backend-panels-and-password-reset-functions-online/

Microsoft Edge Released for iOS and Coming Soon to Android

Today Microsoft released Edge for iOS and announced that the Android version will be coming soon. Windows Insiders can get access to the Microsoft Edge preview, which supports transferring content you are reading on your phone to a PC via the "Continue on PC" option. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-released-for-ios-and-coming-soon-to-android/

Apple Issues Emergency Patch to Fix Password Leak in Disk Encryption Utility

Earlier today, Apple has issued an emergency update for macOS High Sierra to address a bug that exposed the passwords of encrypted APFS volumes via the password hint feature. [...]

https://www.bleepingcomputer.com/news/apple/apple-issues-emergency-patch-to-fix-password-leak-in-disk-encryption-utility/

PoCs for Two Magento Bugs Released

Security researchers from DefenseCode have released on Wednesday proof-of-concept code for two Magento vulnerabilities patched last month. [...]

https://www.bleepingcomputer.com/news/security/pocs-for-two-magento-bugs-released/

Hackers Hijack Ongoing Email Conversations to Insert Malicious Documents

A group of hackers is using a sophisticated technique of hijacking ongoing email conversations to insert malicious documents that appear to be coming from a legitimate source and infect other targets participating in the same conversational thread. [...]

https://www.bleepingcomputer.com/news/security/hackers-hijack-ongoing-email-conversations-to-insert-malicious-documents/

Browsers Will Store Credit Card Details Similar to How They Save Passwords

A new W3C standard is slowly creeping into current browser implementations, a standard that will simplify the way people make payments online. [...]

https://www.bleepingcomputer.com/news/technology/browsers-will-store-credit-card-details-similar-to-how-they-save-passwords/

Couple of Sassy Comments Reopen Topic of Encryption Backdoors in the US, UK

Officials reminded everyone this week that governments in the US and UK have not given up on their efforts to force tech companies to provide encryption backdoors, despite previous attempts being shut down following public outcry. [...]

https://www.bleepingcomputer.com/news/government/couple-of-sassy-comments-reopen-topic-of-encryption-backdoors-in-the-us-uk/

AOL Will Discontinue AIM on December 15, 2017

AOL will be shutting down AIM after 20 years of existence, on December 15, 2017, the company announced today. [...]

https://www.bleepingcomputer.com/news/software/aol-will-discontinue-aim-on-december-15-2017/

The Week in Ransomware - October 6th 2017 - Slowest Week in A Long Time

Since I started writing these weekly ransomware articles back in May 2016, this is the first time that we had an article with only six stories in it!  I am hoping that this means people are getting bored of ransomware and things will calm down, but I am also worried that this may be just a lull in the storm. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-6th-2017-slowest-week-in-a-long-time/

Google: Microsoft Is Putting Users at Risk by Not Patching Windows the Same Way

Project Zero, Google's top security team, says that Microsoft is putting customers at risk by not patching Windows OS versions in the same way and with the same consistency. [...]

https://www.bleepingcomputer.com/news/security/google-microsoft-is-putting-users-at-risk-by-not-patching-windows-the-same-way/

Disqus Confirms 2012 Data Breach That Exposed Details for 17.5 Million Users

Earlier today, on a late Friday evening, Disqus confirmed a data breach that appears to have taken place in the summer of 2012, and during which an unknown attacker(s) made off with details for at least 17.5 million user accounts. [...]

https://www.bleepingcomputer.com/news/security/disqus-confirms-2012-data-breach-that-exposed-details-for-17-5-million-users/

Some Motherboards Plagued by BIOS Firmware Implementation Flaws

Alex Matrosov, a security researcher for Cylance, has discovered several flaws in how some motherboard vendors implemented Intel's UEFI BIOS firmware into their products. [...]

https://www.bleepingcomputer.com/news/security/some-motherboards-plagued-by-bios-firmware-implementation-flaws/

Cyberstalking Suspect Arrested After VPN Providers Shared Logs With the FBI

VPN providers often advertise their products as a method of surfing the web anonymously, claiming they never store logs of user activity, but a recent criminal case shows that at least some, do store user activity logs. [...]

https://www.bleepingcomputer.com/news/security/cyberstalking-suspect-arrested-after-vpn-providers-shared-logs-with-the-fbi/

Market Research Firm Forrester Says Hackers Stole Sensitive Reports

Forrester, one of the world's leading market research and investment advisory firms, admitted late Friday afternoon to a security breach that took place during the past week. [...]

https://www.bleepingcomputer.com/news/security/market-research-firm-forrester-says-hackers-stole-sensitive-reports/

Malvertising Group Spreading Kovter Malware via Fake Browser Updates

A malvertising group nicknamed KovCoreG by security researchers has been using fake browser and Flash updates to trick users into installing the Kovter malware. [...]

https://www.bleepingcomputer.com/news/security/malvertising-group-spreading-kovter-malware-via-fake-browser-updates/

Office Depot, Best Buy Pull Kaspersky Products From Shelves

Both Office Depot and Best Buy have removed Kaspersky Lab products from shelves. The ban has been in effect since mid-September, and the two chains are offering existing Kaspersky customers replacement security software. [...]

https://www.bleepingcomputer.com/news/software/office-depot-best-buy-pull-kaspersky-products-from-shelves/