UK Court Rules Not to Extradite Hacker Lauri Love to the US

The UK will not extradite Lauri Love to face hacking charges in the US, according to a court ruling announced today. [...]

https://www.bleepingcomputer.com/news/security/uk-court-rules-not-to-extradite-hacker-lauri-love-to-the-us/

UK Cops Shut Down LuminosityLink RAT Operation

UK police revealed today they were behind the abrupt shutdown of a popular website that peddled a commercial remote access trojan (RAT) known as LuminosityLink. [...]

https://www.bleepingcomputer.com/news/security/uk-cops-shut-down-luminositylink-rat-operation/

Fake Adobe Flash Update Sites Pushing CPU Miners

Sites telling you that Flash Player is out dated and then offering an update are installing CPU Miners are unsuspecting visitors. [...]

https://www.bleepingcomputer.com/news/security/fake-adobe-flash-update-sites-pushing-cpu-miners/

More UK Teens Involved in Hacking Than Gangs

UK teens aged 11 to 14 are more likely to be hacking than smoking, shoplifting, being part of a neighborhood gang, or even having sexual intercourse. [...]

https://www.bleepingcomputer.com/news/security/more-uk-teens-involved-in-hacking-than-gangs/

Analytics Firm Admits It Collected Password Data by Accident

Mixpanel, a web and mobile analytics provider, has notified customers last week via email that it accidentally collected data entered in password fields due to a bug introduced in its SDK. [...]

https://www.bleepingcomputer.com/news/security/analytics-firm-admits-it-collected-password-data-by-accident/

Ransomware Victims Hit on Average by Two Attacks per Year

A study of 2,700 IT professionals across the globe has revealed that 54% of organizations suffered a ransomware attack in the last year, and most organizations were hit more than twice, with the average number of ransomware per attacks being two. [...]

https://www.bleepingcomputer.com/news/security/ransomware-victims-hit-on-average-by-two-attacks-per-year/

CSS Code Can Be Abused to Collect Sensitive User Data

With the recent upgrades to the CSS language, CSS code has become a powerful tool that could be abused to track users on websites, extract and steal data from a web page, collect data entered inside form fields (including passwords), and even deanonymize Dark Web users in some scenarios. [...]

https://www.bleepingcomputer.com/news/security/css-code-can-be-abused-to-collect-sensitive-user-data/

Bitdefender Ironically Stopped Working on Safer Internet Day

Ironically on what has become known as Safer Internet Day, users of Bitdefender Antivirus are reporting today that the security software has suddenly stopped working. After installing an update, Bitdefender users are seeing errors that state "The Bitdefender Security Service (vsserv.exe) is unavailable". [...]

https://www.bleepingcomputer.com/news/security/bitdefender-ironically-stopped-working-on-safer-internet-day/

Researcher Bypasses Windows Controlled Folder Access Anti-Ransomware Protection

A security researcher has found a way to bypass the "Controlled Folder Access" feature added in Windows 10 in October 2017, which Microsoft has touted as a reliable anti-ransomware defensive measure. [...]

https://www.bleepingcomputer.com/news/security/researcher-bypasses-windows-controlled-folder-access-anti-ransomware-protection/

Scammers Use Download Bombs to Freeze Chrome Browsers on Shady Sites

The operators of some tech support scam websites have found a new trick to block visitors on their shady sites and scare non-technical users into paying for unneeded software or servicing fees. [...]

https://www.bleepingcomputer.com/news/security/scammers-use-download-bombs-to-freeze-chrome-browsers-on-shady-sites/

X.509 Certificates Can Be Abused for Data Exfiltration

Researchers say that threat actors looking for a covert channel for stealing data from a firewalled network can abuse X.509 certificates to hide and extract data without being detected. [...]

https://www.bleepingcomputer.com/news/security/x-509-certificates-can-be-abused-for-data-exfiltration/

Litecoin, Not Monero, Is the Second Most Dominant Dark Web Currency

A study of 150 of the most prominent Dark Web message boards, marketplaces, and illicit services reveals that Litecoin is currently the second most widespread cryptocurrency among cyber-criminals, and not Monero or Ethereum, as most users would have guessed. [...]

https://www.bleepingcomputer.com/news/cryptocurrency/litecoin-not-monero-is-the-second-most-dominant-dark-web-currency/

Black Ruby Ransomware Skips Victims in Iran and Adds a Miner for Good Measure

A new ransomware was discovered this week by MalwareHunterTeam called Black Ruby. This ransomware will encrypt the files on a computer, scramble the file name, and then append the BlackRuby extension. To make matters worse, Black Ruby will also install a Monero miner on the computer that utilizes as much of the CPU as it scan. [...]

https://www.bleepingcomputer.com/news/security/black-ruby-ransomware-skips-victims-in-iran-and-adds-a-miner-for-good-measure/

DexCrypt MBRLocker Demands 30 Yuan To Gain Access to Computer

A new Chinese MBRLocker called DexLocker has been discovered that asks for 30 Yuan to get access to a computer. First discovered by security researcher JAMESWT, this ransomware will modify the master boot record of the victim's computer so that it shows a ransom note before Windows starts. [...]

https://www.bleepingcomputer.com/news/security/dexcrypt-mbrlocker-demands-30-yuan-to-gain-access-to-computer/

The Week in Ransomware - February 9th 2018 - Black Ruby, GandCrab, & Decryptors

Lots of small variants released this week, but surprisingly most are actually active and being distributed. The big stories are new distribution methods for GandCrab, decryptors for Cryakl variants and MoneroPay, and a new ransomware called Black Ruby. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-9th-2018-black-ruby-gandcrab-and-decryptors/

Half of All Cryptojacking Scripts Found on Porn Sites

Almost 50% of all cryptojacking scripts (in-browser miners) are deployed on adult-themed sites, according to new numbers released this week by Qihoo 360's Netlab division. [...]

https://www.bleepingcomputer.com/news/security/half-of-all-cryptojacking-scripts-found-on-porn-sites/

BitGrail Cryptocurrency Exchange Becomes Insolvent After Losing $170 Million

Italian cryptocurrency exchange BitGrail announced it lost 17 million Nano cryptocurrency (XRB, formerly known as RaiBlocks), currently worth over $170 million. [...]

https://www.bleepingcomputer.com/news/cryptocurrency/bitgrail-cryptocurrency-exchange-becomes-insolvent-after-losing-170-million/

Russian Nuke Scientists, Ukrainian Professor Arrested for Bitcoin Mining

Authorities in Russia and Ukraine have arrested suspects this past week on accusations of using work computers to mine Bitcoin. [...]

https://www.bleepingcomputer.com/news/cryptocurrency/russian-nuke-scientists-ukrainian-professor-arrested-for-bitcoin-mining/

Researcher Uses macOS App Screenshot Feature to Steal Passwords, Tokens, Keys

Malicious app developers can secretly abuse a macOS API function to take screenshots of the user's screen and then use OCR (Optical Character Recognition) to programmatically read the text found in the image. [...]

https://www.bleepingcomputer.com/news/apple/researcher-uses-macos-app-screenshot-feature-to-steal-passwords-tokens-keys/

U.S. & UK Govt Sites Injected With Miners After Popular Script Was Hacked

Thousands of sites were injected with a in-browser Monero miner today after a popular accessibility script was compromised. With 4, 275 sites affected, this included government websites such as uscourts.gov, ico.org.uk, & manchester.gov.uk. [...]

https://www.bleepingcomputer.com/news/security/u-s-and-uk-govt-sites-injected-with-miners-after-popular-script-was-hacked/

Former Employee Arrested for Trying to Sell Company's Database for $4,000

Officers from Ukraine's Cyber Police Department arrested a suspect last week for attempting to sell customer data belonging to his former employer. [...]

https://www.bleepingcomputer.com/news/security/former-employee-arrested-for-trying-to-sell-companys-database-for-4-000/