Microsoft Fixes Windows 10 Vulnerability But Doesn't

A Google security engineer says Microsoft has failed to properly patch a security flaw affecting Windows 10 and Windows Server 2016 distributions. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-vulnerability-but-doesnt/

The Many Hats Club: An InfoSec Group For All Skill Levels

The Many Hats Club is a group where members of the InfoSec community can share information, build connections, and get to know each other. This group caters to all experience levels and if you are interested in getting into InfoSec or want to have discussions with your peers, this group may be something you want to take a look at. [...]

https://www.bleepingcomputer.com/editorial/security/the-many-hats-club-an-infosec-group-for-all-skill-levels/

Here We Go Again: Intel Releases Updated Spectre Patches

In a press release on Tuesday, Intel announced it resumed the deployment of CPU microcode firmware updates. These updates are meant to mitigate the Spectre Variant 2 vulnerability —CVE-2017-5715. [...]

https://www.bleepingcomputer.com/news/hardware/here-we-go-again-intel-releases-updated-spectre-patches/

PHP Community Takes Steps to Stop Installation of Libraries with Unpatched Bugs

Some of the most influential voices in the PHP community have united on a project to improve the security of the PHP ecosystem. [...]

https://www.bleepingcomputer.com/news/security/php-community-takes-steps-to-stop-installation-of-libraries-with-unpatched-bugs/

After Intel & Equifax Incidents, SEC Warns Execs Not to Trade Stock While Investigating Security Incidents

The US Securities and Exchange Commission (SEC) released a statement yesterday, warning high-ranking executives not to trade stocks before the disclosing breaches, major vulnerabilities, and other cybersecurity related incidents. [...]

https://www.bleepingcomputer.com/news/business/after-intel-and-equifax-incidents-sec-warns-execs-not-to-trade-stock-while-investigating-security-incidents/

The Market of Stolen Code-Signing Certificates Is Too Expensive for Most Hackers

There's a thriving underground market for buying and selling code-signing certificates meant to help malware pass unnoticed by security scanners, but according to new research, the prices for such certificates are too high, and only a few hackers can afford one. [...]

https://www.bleepingcomputer.com/news/security/the-market-of-stolen-code-signing-certificates-is-too-expensive-for-most-hackers/

Botched npm Update Crashes Linux Systems, Forces Users to Reinstall

A bug in npm (Node Package Manager), the most widely used JavaScript package manager, will change ownership of crucial Linux system folders, such as /etc, /usr, /boot. [...]

https://www.bleepingcomputer.com/news/linux/botched-npm-update-crashes-linux-systems-forces-users-to-reinstall/

SamSam Ransomware Hits Colorado DOT, Agency Shuts Down 2,000 Computers

The Colorado Department of Transportation (DOT) has shut down over 2,000 computers after some systems got infected with the SamSam ransomware on Wednesday, February 21. [...]

https://www.bleepingcomputer.com/news/security/samsam-ransomware-hits-colorado-dot-agency-shuts-down-2-000-computers/

Android P Will Block Background Apps from Accessing Phone's Camera & Microphone

Android P, the next major version of the Android operating system, will block idle (background) applications from accessing a smartphone's camera or microphone. [...]

https://www.bleepingcomputer.com/news/mobile/android-p-will-block-background-apps-from-accessing-phones-camera-and-microphone/

PSA: Improperly Secured Linux Servers Targeted with Chaos Backdoor

Hackers are using SSH brute-force attacks to take over Linux systems secured with weak passwords and are deploying a backdoor named Chaos. [...]

https://www.bleepingcomputer.com/news/linux/psa-improperly-secured-linux-servers-targeted-with-chaos-backdoor/

Bitcoin Exchange Admin Charged for Lying About Hack

US authorities have arrested a Texas man who founded two Bitcoin-related platforms that got hacked. Officials charged the on accusations of lying to Securities Exchange Commission (SEC) officials in the subsequent investigation. [...]

https://www.bleepingcomputer.com/news/cryptocurrency/bitcoin-exchange-admin-charged-for-lying-about-hack/

US Border Agents Didn't Verify Any e-Passports Since 2007 Because They Didn't Have the Software

The United States of America, the country with one of the most draconian border crossing procedures in the world, hadn't verified the validity of chip-implanted e-passports since 2007, the time when foreigners were first required to have one. [...]

https://www.bleepingcomputer.com/news/government/us-border-agents-didnt-verify-any-e-passports-since-2007-because-they-didnt-have-the-software/

Data Keeper Ransomware Makes First Victims Two Days After Release on Dark Web RaaS

Two days after crooks started advertising the Data Keeper Ransomware-as-a-Service (RaaS) on the Dark Web, ransomware strains generated on this portal have already been spotted in the wild, infecting the computers of real-world users. [...]

https://www.bleepingcomputer.com/news/security/data-keeper-ransomware-makes-first-victims-two-days-after-release-on-dark-web-raas/

Ad Network Uses DGA Algorithm to Bypass Ad Blockers and Deploy In-Browser Miners

An advertising network is hiding in-browser cryptocurrency miners (cryptojacking scripts) in the ads it serves on customer sites, and has been doing so since December 2017, according to revelations made over the weekend by the Qihoo 360 Netlab team. [...]

https://www.bleepingcomputer.com/news/security/ad-network-uses-dga-algorithm-to-bypass-ad-blockers-and-deploy-in-browser-miners/

Nanocore RAT Author Gets 33 Months in Prison

US authorities have sentenced an Arkansas man to 33 months in prison and two years of supervised release for aiding and abetting hackers by creating and selling malware. [...]

https://www.bleepingcomputer.com/news/security/nanocore-rat-author-gets-33-months-in-prison/

Visa: EMV Cards Cut Down Counterfeit Card Fraud in the US by 70%

Visa said last week that two years after US retailers started deploying terminals that could read chip-based credit and debit cards, reports of counterfeit card fraud have dropped by 70%. [...]

https://www.bleepingcomputer.com/news/security/visa-emv-cards-cut-down-counterfeit-card-fraud-in-the-us-by-70-percent/

Hacker Returns $26 Million Worth of Ethereum Back to Hacked Company

A hacker has returned over $26,2 million worth of Ethereum to Coindash, the company it obtained the funds from in July 2017. [...]

https://www.bleepingcomputer.com/news/cryptocurrency/hacker-returns-26-million-worth-of-ethereum-back-to-hacked-company/

Thanatos Ransomware Is First to Use Bitcoin Cash. Messes Up Encryption

Ransomware developers continue to release infections that are clearly not tested well and contain bugs that may make it difficult, if not impossible, for victims to recover their files. Such is the case with the new in the wild ransomware called Thanatos that has been discovered by security research MalwareHunterTeam. [...]

https://www.bleepingcomputer.com/news/security/thanatos-ransomware-is-first-to-use-bitcoin-cash-messes-up-encryption/

The Rig Exploit Kit Has Forsaken Ransomware for Coinminers

The exploit kit landscape has continued its downfall started in the summer of 2016 and its leading player —the RIG exploit kit— has stopped delivering any ransomware strains in 2018, focusing now on spreading cryptocurrency miners (coinminers) and information-stealing trojans (infostealers). [...]

https://www.bleepingcomputer.com/news/security/the-rig-exploit-kit-has-forsaken-ransomware-for-coinminers/

Project Crostini: Chrome OS to Support Containerized Linux Apps

Google is in the process of adding support to Chrome OS for running containerized Linux applications, according to a commit spotted in the operating system's source code last week by Reddit users. [...]

https://www.bleepingcomputer.com/news/google/project-crostini-chrome-os-to-support-containerized-linux-apps/

New UpdateChecker Coinminer Package Also Displays Ads to Further Piss You Off

A new malware package masquerading as an Flash Player update installs a miner and displays advertisements every 60 minutes. [...]

https://www.bleepingcomputer.com/news/security/new-updatechecker-coinminer-package-also-displays-ads-to-further-piss-you-off/