Hacker "Alf" Stole 30GB of Data on Australia's Fighter Jets, Planes, Ships

Australia's foreign intelligence collection agency — the Australian Signals Directorate (ASD) — says a hacker stole over 30 GB of data on the country's military capabilities, including details on fighter jets, military aircraft, and naval ships. [...]

https://www.bleepingcomputer.com/news/government/hacker-alf-stole-30gb-of-data-on-australias-fighter-jets-planes-ships/

Microsoft Unveils 4 New XBox One S Bundles for the Holidays

As we start getting ready for the holiday shopping season, Microsoft announced today four new Xbox One S bundles that are going to be available this fall. These are Starter, Minecraft, Halo, and Rocket League bundles, which start at $279. Unfortunately, the Rocket League bundle is only coming to the UK and Europe. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-unveils-4-new-xbox-one-s-bundles-for-the-holidays/

Ransomware Dark Web Economy Increased by 2,502%

A report released today by US cyber-security firm Carbon Black highlights a 2,502% growth in the ransomware Dark Web economy, compared to the previous year. [...]

https://www.bleepingcomputer.com/news/security/ransomware-dark-web-economy-increased-by-2-502-percent/

Oculus Reveals the $199 Oculus Go Standalone VR Headset

Today at the Oculus Connect 4 keynote, Mark Zuckerberg announced that their goal is to get 1 billion people connected to virtual reality and the only way to do that is to make VR headsets more accessible. To facilitate this, they unveiled a standalone VR headset called the Oculus Go that will be available for $199 early next year.  [...]

https://www.bleepingcomputer.com/news/hardware/oculus-reveals-the-199-oculus-go-standalone-vr-headset/

New Payday BTCware Ransomware Variant Released

A new variant of what appears to be BTCWare ransomware is currently targeting victims and appending the .[email]-id-id.payday extension to encrypted files. This family of ransomware targets its victims by hacking into poorly protected remote desktop services and manually installing the ransomware. [...]

https://www.bleepingcomputer.com/news/security/new-payday-btcware-ransomware-variant-released/

PSA: The Pirate Bay Is Running an In-Browser Cryptocurrency Miner With No Opt-Out

The Pirate Bay, the Internet's largest torrent portal, is back at running a cryptocurrency miner after it previously ran a short test in mid-September. [...]

https://www.bleepingcomputer.com/news/security/psa-the-pirate-bay-is-running-an-in-browser-cryptocurrency-miner-with-no-opt-out/

Researcher Finds Unremovable Backdoor Accounts in FLIR Thermal Security Cameras

Gjoko Krstic, a security researcher with Zero Science Labs, has discovered secret hard-coded accounts in thermal security cameras manufactured by FLIR Systems, Inc., one of the largest vendor of such products. [...]

https://www.bleepingcomputer.com/news/software/researcher-finds-unremovable-backdoor-accounts-in-flir-thermal-security-cameras/

Microsoft Office Attack Runs Malware Without Needing Macros

Malware authors don't necessarily need to trick users to enable macros to run malicious code. An alternative technique exists, one that takes advantage of another legitimate Office feature. [...]

https://www.bleepingcomputer.com/news/security/microsoft-office-attack-runs-malware-without-needing-macros/

Akamai Identifies 14K-Strong Fast Flux Botnet

Researchers at Akamai have identified a botnet of over 14,000 IP addresses used in malware distribution operations. The botnet is still up and running, and experts believe it will be hard to take it down because its operators are employing a clever technique called Fast Flux. [...]

https://www.bleepingcomputer.com/news/security/akamai-identifies-14k-strong-fast-flux-botnet/

Android DoubleLocker Ransomware Activates Every Time You Hit Home Button

A new ransomware targeting Android devices has been spotted in the wild. Codenamed DoubleLocker, the ransomware abuses Android's Accessibility service and reactivates itself every time the user presses the phone's Home button. [...]

https://www.bleepingcomputer.com/news/security/android-doublelocker-ransomware-activates-every-time-you-hit-home-button/

Chrome Extension Uses Your Gmail to Register Domains Names & Injects Coinhive

A malicious Chrome extension is being used to inject the CoinHive browser miner, while registering domains for the extension developer using the victim's Gmail address. [...]

https://www.bleepingcomputer.com/news/security/chrome-extension-uses-your-gmail-to-register-domains-names-and-injects-coinhive/

Equifax Website Redirected Users to Adware, Scam Sites

On Wednesday, and probably the previous days, Equifax's credit report assistance website (aa.econsumer.equifax.com) was caught redirecting users to all sort of nasty websites that were peddling fake Flash Player update files laced with adware, fake Android and iOS updates, and scam sites offering products at cheap prices. [...]

https://www.bleepingcomputer.com/news/security/equifax-website-redirected-users-to-adware-scam-sites/

New x1881 CryptoMix Ransomware Variant Released

A new variant of the CryptoMix ransomware that is appending the .x1881 extension to encrypted file names. It's has been about three weeks since a new CryptoMix variant was released, which is quite long for this family of ransomware. [...]

https://www.bleepingcomputer.com/news/security/new-x1881-cryptomix-ransomware-variant-released/

IT Admin Trashes Railroad Company's Network Before He Leaves

A federal jury in Minneapolis, Minnesota found a local man guilty of intentionally damaging his former employer's network before leaving the company. [...]

https://www.bleepingcomputer.com/news/legal/it-admin-trashes-railroad-companys-network-before-he-leaves/

New Anubi Ransomware In the Wild

A new ransomware called Anubi was discovered by Malwarebytes security researcher S!Ri that appends the .[anubi@cock.li].anubi extension to encrypted files. While not much is known about how this ransomware is distributed, as it is in the wild I thought I would provide a brief summary of the ransomware. [...]

https://www.bleepingcomputer.com/news/security/new-anubi-ransomware-in-the-wild/

The Week in Ransomware - October 13th 2017 - DoubleLocker, Locky, and More

Like usual, this week has been dominated mostly by small variants that most likely will never make it into distribute. We did, though, see a new CryptoMix and Locky variant released, that are actively distributed. The biggest news was the discovery of a new Android ransomware called DoubleLocker. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-13th-2017-doublelocker-locky-and-more/

To Nobody's Surprise, Ships Are Just as Easy to Hack as Anything Else

Modern-day ships aren't that hard to hack according to Ken Munro, a security researcher at Pen Test Partners, a UK cyber-security company. Speaking at a conference in Athens, Greece, Munro detailed some of the most appalling security lapses he found while investigating naval ships that had equipment exposed online. [...]

https://www.bleepingcomputer.com/news/security/to-nobodys-surprise-ships-are-just-as-easy-to-hack-as-anything-else/

Kotlin Expected to Surpass Java as Android Default Programming Language for Apps

A new report released earlier this week estimates that Kotlin will surpass Java as the primary programming language used for Android apps by December 2018. [...]

https://www.bleepingcomputer.com/news/mobile/kotlin-expected-to-surpass-java-as-android-default-programming-language-for-apps/

Users Report Fraudulent Transactions After Pizza Hut Admits Card Breach

Pizza Hut has suffered a data breach, and a hacker has stolen payment card details for a small number of clients, the company admitted on Saturday in an email sent to affected customers. [...]

https://www.bleepingcomputer.com/news/security/users-report-fraudulent-transactions-after-pizza-hut-admits-card-breach/

TPM Chipsets Generate Insecure RSA Keys. Multiple Vendors Affected

Infineon TPM chipsets that come with many modern-day motherboards generate insecure RSA encryption keys that put devices at risk of attack. [...]

https://www.bleepingcomputer.com/news/security/tpm-chipsets-generate-insecure-rsa-keys-multiple-vendors-affected/

New KRACK Attack Breaks WPA2 WiFi Protocol

Mathy Vanhoef, a researcher from the University of Leuven (KU Leuven), has discovered a severe flaw in the Wi-Fi Protected Access II (WPA2) protocol that secures all modern protected Wi-Fi networks. [...]

https://www.bleepingcomputer.com/news/security/new-krack-attack-breaks-wpa2-wifi-protocol/