DHS Team Hacks a Boeing 757

A team of academics and private industry experts, led by DHS officials, remotely hacked a Boeing 757 airplane parked at an airport in Atlantic City, New Jersey. [...]

https://www.bleepingcomputer.com/news/security/dhs-team-hacks-a-boeing-757/

Computer Glitch Keeps Inmate in Prison for Five Extra Months

A glitch in the Louisville Metro Department of Corrections (LMDC) computer system kept an inmate in prison for five extra months. Human error was also involved. [...]

https://www.bleepingcomputer.com/news/government/computer-glitch-keeps-inmate-in-prison-for-five-extra-months/

Google Addresses Android's Biggest Security Problem: Accessibility Services

Google has emailed Android app developers and has informed them of plans to remove all apps that misuse the Accessibility service from the Play Store. [...]

https://www.bleepingcomputer.com/news/security/google-addresses-androids-biggest-security-problem-accessibility-services/

New IcedID Banking Trojan Discovered

Malware experts have spotted a new player on the banking trojan scene that they named IcedID and which is currently in its first stages of development. [...]

https://www.bleepingcomputer.com/news/security/new-icedid-banking-trojan-discovered/

Firefox 57 Brings Better Sandboxing on Linux

Firefox 57, set to be released tomorrow, will ship with improvements to the browser's sandbox security feature for Linux users. [...]

https://www.bleepingcomputer.com/news/security/firefox-57-brings-better-sandboxing-on-linux/

Apple FaceID Tricked With $150 Mask

Security researchers have broken Apple's FaceID security system using a mask they said takes around a few days to make and costs only $150. [...]

https://www.bleepingcomputer.com/news/apple/apple-faceid-tricked-with-150-mask/

XZZX Cryptomix Ransomware Variant Released

A new CryptoMix Ransomware variant has been discovered that appends the .XZZX extension to encrypted files. This article will discuss the changes found in this new variant. [...]

https://www.bleepingcomputer.com/news/security/xzzx-cryptomix-ransomware-variant-released/

All Major Browsers Now Support WebAssembly

It took only two years for all browser vendors to get on the same page regarding the new WebAssembly standard, and as of October 2017, all major browsers support it. [...]

https://www.bleepingcomputer.com/news/security/all-major-browsers-now-support-webassembly/

Cookie Consent Script Drops In-Browser Cryptocurrency Miner

A free-to-use script that helps website owners show EU cookie consent popups is dropping an in-browser cryptocurrency miner on websites that use it. [...]

https://www.bleepingcomputer.com/news/security/cookie-consent-script-drops-in-browser-cryptocurrency-miner/

OnePlus Phones Come Preinstalled With a Factory App That Can Root Devices

Some OnePlus devices, if not all, come preinstalled with an application named EngineerMode that can be used to root the device and may be converted into a fully-fledged backdoor by clever attackers. [...]

https://www.bleepingcomputer.com/news/security/oneplus-phones-come-preinstalled-with-a-factory-app-that-can-root-devices/

Windows Control Panel Links Abused in Cyber-Espionage Campaign

A cyber-espionage group believed to be operating out of China has been deploying malware in the past two years that disguises as control panel link (CPL) files. [...]

https://www.bleepingcomputer.com/news/security/windows-control-panel-links-abused-in-cyber-espionage-campaign/

Adobe Patches Security Bugs in Flash Player and Eight Other Products

Earlier today, Adobe has released its monthly security bulletin, and for the month of November 2017, the company patched nine products. [...]

https://www.bleepingcomputer.com/news/security/adobe-patches-security-bugs-in-flash-player-and-eight-other-products/

Browse-Secure Extension Harvests Contact Info from Facebook and LinkedIn

A new Chrome extension called Browse-Secure is taking your contact info from LinkedIn and Facebook accounts and uploading it to the developer without your permission. [...]

https://www.bleepingcomputer.com/news/security/browse-secure-extension-harvests-contact-info-from-facebook-and-linkedin/

Microsoft November Patch Tuesday Fixes 53 Security Issues

Microsoft has released security updates for several products as part of the company's November 2017 Patch Tuesday, the company's monthly update train. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-november-patch-tuesday-fixes-53-security-issues/

Upgrading to Firefox Quantum? Expect Some Add-ons to No Longer Work

Mozilla Firefox Quantum was released today and it's definitely better, but it also caused many popular add-ons to no longer work. This is because Quantum, or Firefox 57, switched to only supporting extensions designed under the WebExtensions API, which caused older extensions designed using other APIs to no longer be compatible. [...]

https://www.bleepingcomputer.com/news/security/upgrading-to-firefox-quantum-expect-some-add-ons-to-no-longer-work/

Russia's "Irrefutable Evidence" That US Aided ISIS Is Actually a Video Game Screengrab

The Russian Defense Ministry made a fool of itself today when it posted on Twitter and Facebook "irrefutable evidence" that the US aided ISIS, which turned out to be screengrabs from a well-known video game and a video published online by the Iraqi military in 2016. [...]

https://www.bleepingcomputer.com/news/government/russias-irrefutable-evidence-that-us-aided-isis-is-actually-a-video-game-screengrab/

Office Equation Editor Security Bug Runs Malicious Code Without User Interaction

Microsoft has patched today a huge security hole in Microsoft Office that could be exploited to run malicious code without user interaction on all Windows versions released in the past 17 years. [...]

https://www.bleepingcomputer.com/news/security/office-equation-editor-security-bug-runs-malicious-code-without-user-interaction/

Google Play Store Sees Sudden Surge of Malicious Apps

The Google Play Store is seeing a wave of malware-infested apps like never before. Four separate security companies have reported —or are preparing to release reports— on malware campaigns currently underway via Android apps available on the Play Store. [...]

https://www.bleepingcomputer.com/news/security/google-play-store-sees-sudden-surge-of-malicious-apps/

BlueBorne Vulnerability Also Affects 20Mil Amazon Echo and Google Home Devices

Over 20 million Amazon Echo and Google Home devices running on Android and Linux are vulnerable to attacks via the BlueBorne vulnerability, IoT cyber-security firm Armis announced today. [...]

https://www.bleepingcomputer.com/news/security/blueborne-vulnerability-also-affects-20mil-amazon-echo-and-google-home-devices/

Blizzard Makes StarCraft 2 Free to Play, Learn How to Get It

Yesterday, the immensely popular real-time strategy game StarCraft II was released as free-to-play. Learn how you can get it and what features are available. [...]

https://www.bleepingcomputer.com/news/security/blizzard-makes-starcraft-2-free-to-play-learn-how-to-get-it/

Second OnePlus Factory App Discovered. This One Dumps Photos, WiFi & GPS Logs

A security researcher has found a second factory app that was included on OnePlus devices delivered to customers, and this one can be abused to dump the user's photos and videos, but also GPS, WiFi, Bluetooth, and various other logs. [...]

https://www.bleepingcomputer.com/news/security/second-oneplus-factory-app-discovered-this-one-dumps-photos-wifi-and-gps-logs/