Google Security Expert Releases Proof-Of-Concept Code for iOS Jailbreak

Google security researcher Ian Beer has published proof-of-concept code for a rooting exploit that works both iOS and macOS devices. [...]

https://www.bleepingcomputer.com/news/apple/google-security-expert-releases-proof-of-concept-code-for-ios-jailbreak/

MoneyTaker Hacker Group Steals Millions from US and Russian Banks

A cyber-criminal group believed to be operating out of Russian-speaking territories has hit at least 20 banks and financial companies and stolen millions of US dollars in the process. [...]

https://www.bleepingcomputer.com/news/security/moneytaker-hacker-group-steals-millions-from-us-and-russian-banks/

Extended Validation (EV) Certificates Abused to Create Insanely Believable Phishing Sites

New research published yesterday reveals that putting your trust in Extended Validation ("EV") SSL certificates will not safeguard you from phishing sites and online fraud. [...]

https://www.bleepingcomputer.com/news/security/extended-validation-ev-certificates-abused-to-create-insanely-believable-phishing-sites/

Microsoft December Patch Tuesday Fixes 34 Security Issues

Microsoft has released security updates as part of its monthly Patch Tuesday release train, and this month, the company has patched 34 issues affecting eight products. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-december-patch-tuesday-fixes-34-security-issues/

Here's How to Enable the Built-In Windows 10 OpenSSH Client

With each new release of Windows 10, we see more and more useful tools being ported from Linux. First, we had the Windows Subsystem for Linux, which is awesome, and now we have a built-in OpenSSH client and server, which uses version 7.5p1 of OpenSSH. [...]

https://www.bleepingcomputer.com/news/microsoft/heres-how-to-enable-the-built-in-windows-10-openssh-client/

Variation of 19-Year-Old Cryptographic Attack Affects Facebook, PayPal, Others

Three security researchers have discovered a variation to an old cryptographic attack that can be exploited to obtain the private encryption key necessary to decrypt sensitive HTTPS traffic under certain conditions. [...]

https://www.bleepingcomputer.com/news/security/variation-of-19-year-old-cryptographic-attack-affects-facebook-paypal-others/

Quant Loader Is Now Bundled with Other Crappy Malware

Despite not being the most advanced or stealthy malware downloader on the market right now, the Quant Loader malware dropper is seeing increased activity in recent months. [...]

https://www.bleepingcomputer.com/news/security/quant-loader-is-now-bundled-with-other-crappy-malware/

Cryptojackers Found on Starbucks WiFi Network, GitHub, Pirate Streaming Sites

The cryptojacking trend is not showing any signs of stopping anytime soon, and recent reports highlight some peculiar new ways that miscreants have found for pushing in-browser miners down their users' throats. [...]

https://www.bleepingcomputer.com/news/security/cryptojackers-found-on-starbucks-wifi-network-github-pirate-streaming-sites/

Google Releases an Updated SEO Starter Guide

After many years, Google has finally released an updated version of their SEO Starter Guide. This guide is a resource for webmasters that contains Google's recommendations on how to make sure web sites are search-engine-friendly. [...]

https://www.bleepingcomputer.com/news/google/google-releases-an-updated-seo-starter-guide/

Trump Signs Bill Banning Kaspersky Products on Government Computers

President Donald Trump has signed a bill into law on Tuesday that also includes a clause that officially bans the use of Kaspersky products on US federal government computers. [...]

https://www.bleepingcomputer.com/news/government/trump-signs-bill-banning-kaspersky-products-on-government-computers/

WORK Cryptomix Ransomware Variant Released

Today, BleepingComputer discovered a new variant of the CryptoMix ransomware that appends the .WORK extension to encrypted files and changes the contact emails used by the ransomware.  [...]

https://www.bleepingcomputer.com/news/security/work-cryptomix-ransomware-variant-released/

US Charges Three Men with Creating and Running First-Ever Mirai Botnet

Three men have pleaded guilty for their role in the creation of the Mirai malware and the use of the subsequent Mirai botnet to launch DDoS attacks on multiple targets across the Internet, according to documents unsealed today by the US Department of Justice (DOJ). [...]

https://www.bleepingcomputer.com/news/security/us-charges-three-men-with-creating-and-running-first-ever-mirai-botnet/

Adware Maker Tries to Intimidate Security Firm with Cease and Desist Letters

Cyber-security firm Cybereason says it received multiple cease and desist letters from an Israeli company they suspect of being behind the OSX/Pirrit adware strain. [...]

https://www.bleepingcomputer.com/news/security/adware-maker-tries-to-intimidate-security-firm-with-cease-and-desist-letters/

Most Android-Based TV Set-Top Boxes Run Old and Insecure OS Versions

Android-based TV set-top boxes sold online are most likely running outdated operating systems that have not received security updates for at least a year, according to research published today by US cyber-security firm Tripwire. [...]

https://www.bleepingcomputer.com/news/security/most-android-based-tv-set-top-boxes-run-old-and-insecure-os-versions/

Data Breach at Website with 45 Million Users Discovered During Academic Research

A team of three researchers from the University of California, San Diego (UCSD) has created a tool that can detect when user-registration-based websites suffer a data breach. [...]

https://www.bleepingcomputer.com/news/security/data-breach-at-website-with-45-million-users-discovered-during-academic-research/

Fortinet VPN Client Exposes VPN Creds, Palo Alto Firewalls Allow Remote Attacks

It's been a bad week for two of the world's biggest vendors of enterprise hardware and software — Fortinet and Palo Alto Networks. Both companies fixed security issues this week affecting some of their most popular products, with some bugs being quite intrusive and dangerous. [...]

https://www.bleepingcomputer.com/news/security/fortinet-vpn-client-exposes-vpn-creds-palo-alto-firewalls-allow-remote-attacks/

TRITON Malware Used in Attacks Against Industrial Safety Equipment

Security researchers from FireEye's Mandiant investigative division have spotted a new form of malware that's capable of targeting industrial equipment. FireEye named this malware TRITON and said they've spotted a threat actor deploying it in live attacks. [...]

https://www.bleepingcomputer.com/news/security/triton-malware-used-in-attacks-against-industrial-safety-equipment/

How to Install the Built-In Windows 10 OpenSSH Server

For those who would like remote console access to their Windows 10 computers, the built-in Windows 10 OpenSSH Server may be what you are looking for. Even better, for those who are familiar with OpenSSH from using it in Linux, the Windows 10 version operates pretty much the same. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-install-the-built-in-windows-10-openssh-server/

Top Security Firm Admits to MitM Security Incident

Netherlands-based Fox-IT, one of the world's leading IT security providers, disclosed today a security breach during which an unknown attacker carried out a Man-in-the-Middle (MitM) attack and spied on a small number of Fox-IT customers. [...]

https://www.bleepingcomputer.com/news/security/top-security-firm-admits-to-mitm-security-incident/

FCC Kills Net Neutrality. What Does That Mean for You?

In a 3-2 vote along party lines, FCC chairman Ajit Pai and his two fellow Republican commissioners have voted to repeal Obama's Net Neutrality regulations. According to Pai, the repeal of Net Neutrality will only help consumers and promote competition among businesses that are currently being stifled by these regulations. [...]

https://www.bleepingcomputer.com/news/security/fcc-kills-net-neutrality-what-does-that-mean-for-you/

GlassWire 2.0 Released With VirusTotal Scanning, Evil Twin Detection, and More

GlassWire 2.0 has been released that comes with some new features such as VirusTotal scanning, Windows Firewall rules synchronization, WiFi evil twin discovery, multi-monitor support, and hi-res monitor support. [...]

https://www.bleepingcomputer.com/news/software/glasswire-2-0-released-with-virustotal-scanning-evil-twin-detection-and-more/