Mining Botnet Targeting Redis and OrientDB Servers Made Almost $1 Million

A Monero-mining botnet targeting Redis and OrientDB servers has infected nearly 4,400 servers and has mined over $925,000 worth of Monero since March 2017. [...]

https://www.bleepingcomputer.com/news/security/mining-botnet-targeting-redis-and-orientdb-servers-made-almost-1-million/

Microsoft Office 2019 Will Work on Windows 10 Exclusively

Microsoft announced yesterday that future versions of the standalone Office 2019 app will work on Windows 10 versions exclusively. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-office-2019-will-work-on-windows-10-exclusively/

Teen Arrested for Creating Malware That Steals Cryptocurrency Wallet Passwords

Japanese police have arrested a 17-year-old boy on suspicion of creating malware that steals private keys (passwords) that are used to access cryptocurrency wallets. He's also under investigation for using these passwords to steal funds from victims, albeit no charges have been filed. [...]

https://www.bleepingcomputer.com/news/cryptocurrency/teen-arrested-for-creating-malware-that-steals-cryptocurrency-wallet-passwords/

Scarabey Ransomware - A Scarab Version Targeting Enterprises

A new version of the Scarab ransomware has been spotted in the wild, but instead of being distributed via email spam campaigns, crooks are brute-forcing computers with weakly-secured RDP connections and are installing the ransomware manually on each system. [...]

https://www.bleepingcomputer.com/news/security/scarabey-ransomware-a-scarab-version-targeting-enterprises/

System Cryptomix Ransomware Variant Released

Michael Gillespie discovered a new Cryptomix variant uploaded to ID-Ransomware this week. Today, I was able to find a sample so we can see what has changed. For the most part, it is the same as previous variants except it now appends the .SERVER extension to encrypted files and changes the contact emails used by the ransomware.  [...]

https://www.bleepingcomputer.com/news/security/system-cryptomix-ransomware-variant-released/

The Week in Ransomware - February 2nd 2018 - TOR Sites Stealing Ransom Payments & GandCrab

This has been an interesting week in ransomware news. We had the GandCrab ransomware being released and distributed by exploit kits, TOR gateways stealing ransom payments from ransomware devs, and a bunch of towns getting hit with ransomware.  [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-2nd-2018-tor-sites-stealing-ransom-payments-and-gandcrab/

New JenX IoT DDoS Botnet Offered Part of Gaming Server Rental Scheme

The operators of a gaming server rental business are believed to have built an IoT DDoS botnet, which they are now offering as part of the server rental scheme. [...]

https://www.bleepingcomputer.com/news/security/new-jenx-iot-ddos-botnet-offered-part-of-gaming-server-rental-scheme/

Firefox 59 Will Add a New Privacy Feature That Strips Sensitive Data From URLs

Firefox 59 will strip referrer information from URLs while the user is in Private Browsing mode. The measure is meant to safeguard users from accidental data leaks of sensitive information. [...]

https://www.bleepingcomputer.com/news/software/firefox-59-will-add-a-new-privacy-feature-that-strips-sensitive-data-from-urls/

Scammers Steal Over $1 Million Worth of Ethereum From Bee Token ICO Participants

Hundreds of users fell victims to email scams over the past week, sending over $1 million worth of Ethereum to a scammer who sent fake emails posing as the Bee Token ICO (Initial Coin Offering). [...]

https://www.bleepingcomputer.com/news/cryptocurrency/scammers-steal-over-1-million-worth-of-ethereum-from-bee-token-ico-participants/

LKRG: Linux to Get a Loadable Kernel Module for Runtime Integrity Checking

Members of the open source community are working on a new security-focused project for the Linux kernel. Named Linux Kernel Runtime Guard (LKRG), this is a loadable kernel module that will perform runtime integrity checking of the Linux kernel. [...]

https://www.bleepingcomputer.com/news/linux/lkrg-linux-to-get-a-loadable-kernel-module-for-runtime-integrity-checking/

Android Devices Targeted by New Monero-Mining Botnet

A new botnet appeared over the weekend, and it's targeting Android devices by scanning for open debug ports so it can infect victims with malware that mines the Monero cryptocurrency. [...]

https://www.bleepingcomputer.com/news/security/android-devices-targeted-by-new-monero-mining-botnet/

NSA Exploits Ported to Work on All Windows Versions Released Since Windows 2000

A security researcher has ported three leaked NSA exploits to work on all Windows versions released in the past 18 years, starting with Windows 2000. [...]

https://www.bleepingcomputer.com/news/security/nsa-exploits-ported-to-work-on-all-windows-versions-released-since-windows-2000/

UK Court Rules Not to Extradite Hacker Lauri Love to the US

The UK will not extradite Lauri Love to face hacking charges in the US, according to a court ruling announced today. [...]

https://www.bleepingcomputer.com/news/security/uk-court-rules-not-to-extradite-hacker-lauri-love-to-the-us/

UK Cops Shut Down LuminosityLink RAT Operation

UK police revealed today they were behind the abrupt shutdown of a popular website that peddled a commercial remote access trojan (RAT) known as LuminosityLink. [...]

https://www.bleepingcomputer.com/news/security/uk-cops-shut-down-luminositylink-rat-operation/

Fake Adobe Flash Update Sites Pushing CPU Miners

Sites telling you that Flash Player is out dated and then offering an update are installing CPU Miners are unsuspecting visitors. [...]

https://www.bleepingcomputer.com/news/security/fake-adobe-flash-update-sites-pushing-cpu-miners/

More UK Teens Involved in Hacking Than Gangs

UK teens aged 11 to 14 are more likely to be hacking than smoking, shoplifting, being part of a neighborhood gang, or even having sexual intercourse. [...]

https://www.bleepingcomputer.com/news/security/more-uk-teens-involved-in-hacking-than-gangs/

Analytics Firm Admits It Collected Password Data by Accident

Mixpanel, a web and mobile analytics provider, has notified customers last week via email that it accidentally collected data entered in password fields due to a bug introduced in its SDK. [...]

https://www.bleepingcomputer.com/news/security/analytics-firm-admits-it-collected-password-data-by-accident/

Ransomware Victims Hit on Average by Two Attacks per Year

A study of 2,700 IT professionals across the globe has revealed that 54% of organizations suffered a ransomware attack in the last year, and most organizations were hit more than twice, with the average number of ransomware per attacks being two. [...]

https://www.bleepingcomputer.com/news/security/ransomware-victims-hit-on-average-by-two-attacks-per-year/

CSS Code Can Be Abused to Collect Sensitive User Data

With the recent upgrades to the CSS language, CSS code has become a powerful tool that could be abused to track users on websites, extract and steal data from a web page, collect data entered inside form fields (including passwords), and even deanonymize Dark Web users in some scenarios. [...]

https://www.bleepingcomputer.com/news/security/css-code-can-be-abused-to-collect-sensitive-user-data/

Bitdefender Ironically Stopped Working on Safer Internet Day

Ironically on what has become known as Safer Internet Day, users of Bitdefender Antivirus are reporting today that the security software has suddenly stopped working. After installing an update, Bitdefender users are seeing errors that state "The Bitdefender Security Service (vsserv.exe) is unavailable". [...]

https://www.bleepingcomputer.com/news/security/bitdefender-ironically-stopped-working-on-safer-internet-day/

Researcher Bypasses Windows Controlled Folder Access Anti-Ransomware Protection

A security researcher has found a way to bypass the "Controlled Folder Access" feature added in Windows 10 in October 2017, which Microsoft has touted as a reliable anti-ransomware defensive measure. [...]

https://www.bleepingcomputer.com/news/security/researcher-bypasses-windows-controlled-folder-access-anti-ransomware-protection/