DDoS Attacks Go Down 60% Across Europe Following WebStresser's Takedown

Link11, a DDoS mitigation firm, says that DDoS attacks fell 60% across Europe following the takedown of WebStresser, the largest DDoS-for-hire portal on the market. [...]

https://www.bleepingcomputer.com/news/security/ddos-attacks-go-down-60-percent-across-europe-following-webstressers-takedown/

New MassMiner Malware Targets Web Servers With an Assortment of Exploits

Security researchers have detected a new wave of cryptocurrency-mining malware infecting servers across the web, and this one is using multiple exploits to gain access to vulnerable and unpatched systems to install a Monero miner. [...]

https://www.bleepingcomputer.com/news/security/new-massminer-malware-targets-web-servers-with-an-assortment-of-exploits/

VirusTotal Releases VTZilla 2.0 Extension For Firefox Quantum

VirusTotal has released version 2.0 of their VTZilla Firefox extension so that it now supports Mozilla Quantum and includes additional features. With this release, VirusTotal added new features such as the ability to scan downloaded files automatically, scan links or pages, or enter a hash to pull up an existing report. [...]

https://www.bleepingcomputer.com/news/security/virustotal-releases-vtzilla-20-extension-for-firefox-quantum/

Researcher Finds a Way to Bypass Meltdown Patches on Windows 10

Microsoft's patches for the Meltdown vulnerability have had a fatal flaw all these past months, according to Alex Ionescu, a security researcher with cyber-security firm Crowdstrike. [...]

https://www.bleepingcomputer.com/news/security/researcher-finds-a-way-to-bypass-meltdown-patches-on-windows-10/

Newark's New Mass Surveillance Program Criticized by Civil Liberties Org

A network of surveillance cameras in various locations throughout Newark, NJ will enable people to monitor these locations for criminal activity. The program, the Citizen Virtual Patrol, has been described by local leaders as "a block watch on steroids". [...]

https://www.bleepingcomputer.com/news/legal/newarks-new-mass-surveillance-program-criticized-by-civil-liberties-org/

Microsoft Is No Longer Providing Offline MSI Symbol Packages

Microsoft has stated that they are no longer offering offline symbol packages as a downloadable MSI. For those who need to download symbols to debug their applications or Windows, you will now need to connect directly to their symbol server or use the symchk utility to download them. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-is-no-longer-providing-offline-msi-symbol-packages/

Pretty Serious Security Flaw Fixed in Popular ICS Software

Schneider Electric, one of the largest makers of hardware and software products used across critical industry verticals has patched a vulnerability in two software products —InduSoft Web Studio and InTouch Machine Edition. [...]

https://www.bleepingcomputer.com/news/security/pretty-serious-security-flaw-fixed-in-popular-ics-software/

Somebody Tried to Hide a Backdoor in a Popular JavaScript npm Package

The Node Package Manager (npm) team avoided a disaster today when it discovered and blocked the distribution of a cleverly hidden backdoor mechanism inside a popular —albeit deprecated— JavaScript package. [...]

https://www.bleepingcomputer.com/news/security/somebody-tried-to-hide-a-backdoor-in-a-popular-javascript-npm-package/

GLitch Technique Enrolls Graphics Cards in Rowhammer Attacks on Android Phones

A team of academics from the Vrije University in Amsterdam has developed a new hacking technique that uses embedded graphics processing units (GPUs) and support for WebGL to carry out a Rowhammer attack. [...]

https://www.bleepingcomputer.com/news/security/glitch-technique-enrolls-graphics-cards-in-rowhammer-attacks-on-android-phones/

Facebook's Phishing Detection Tool Now Recognizes Homograph Attacks

Facebook has updated a phishing detection toolkit it developed two years ago. The update now allows webmasters who sign up for the tool to detect homograph (Unicode-based lookalike) domains created for their websites. [...]

https://www.bleepingcomputer.com/news/security/facebooks-phishing-detection-tool-now-recognizes-homograph-attacks/

Twitter Admits Recording Plaintext Passwords in Internal Logs, Just Like GitHub

Following an internal audit, Twitter admitted today that due to a bug in its password storage mechanism it accidentally logged some users' passwords in internal logs. [...]

https://www.bleepingcomputer.com/news/security/twitter-admits-recording-plaintext-passwords-in-internal-logs-just-like-github/

Microsoft Released Hyper-V Debug Symbols for the Hyper-V Bug Bounty Program

Microsoft has released debugging symbols for many of the core components of Hyper-V. Using these debugging symbols, security researchers can analyze them for vulnerabilities in order to submit them to the Hyper-V bug bounty program. [...]

https://www.bleepingcomputer.com/news/security/microsoft-released-hyper-v-debug-symbols-for-the-hyper-v-bug-bounty-program/

Windows Insider Build 17661 Introduces a Modern Screenshot Feature

Today Microsoft released Windows 10 Insider Preview Build 17661 to insiders in the fast and skip-ahead rings. In this build, Microsoft renamed Windows Defender Security Center to Windows Security, introduced a new screenshot feature, and continued with the Sets experiment. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-insider-build-17661-introduces-a-modern-screenshot-feature/

Chinese Cyberspies Appear to be Preparing Supply-Chain Attacks

Chinese cyberspies are evolving their tactics, focusing on IT staffers, relying more and more on spear-phishing instead of malware, and gathering code signing certificates from hacked software companies in the preparation of future supply-chain attacks. [...]

https://www.bleepingcomputer.com/news/security/chinese-cyberspies-appear-to-be-preparing-supply-chain-attacks/

Vulnerabilities Affecting Over One Million Dasan GPON Routers Are Now Under Attack

Two vulnerabilities affecting over one million routers, and disclosed earlier this week, are now under attack by botnet herders, who are trying to gather the vulnerable devices under their control. [...]

https://www.bleepingcomputer.com/news/security/vulnerabilities-affecting-over-one-million-dasan-gpon-routers-are-now-under-attack/

GandCrab Version 3 Released With Autorun Feature and Desktop Background

GandCrab version 3 was released earlier this week with a few noticeable changes. The most noticeable change is the addition of a desktop background and an autorun that causes the ransomware to start automatically when you reboot the computer. [...]

https://www.bleepingcomputer.com/news/security/gandcrab-version-3-released-with-autorun-feature-and-desktop-background/

Kaspersky Details New ZooPark APT Targeting Android Users

Security researchers from Kaspersky Lab published yesterday a report detailing the operations of a new cyber-espionage group that's been active in the Middle East region for the past three years. [...]

https://www.bleepingcomputer.com/news/security/kaspersky-details-new-zoopark-apt-targeting-android-users/

Google Says Chrome Now Blocks "About Half of Unwanted Autoplays"

Google said this week that Chrome 66 now blocks "about half" of the videos that feature auto-playing sound. Engineers added this feature in Chrome 66, released in mid-April. [...]

https://www.bleepingcomputer.com/news/google/google-says-chrome-now-blocks-about-half-of-unwanted-autoplays/

Firefox 60 to Show Sponsored Content for US Users

Mozilla announced this week plans to show sponsored content to US users starting with the release of Firefox 60. The sponsored content will appear as suggested stories inside Firefox New Tab page. The stories will be pulled from Pocket's recommendation list. [...]

https://www.bleepingcomputer.com/news/software/firefox-60-to-show-sponsored-content-for-us-users/

Knox County Tennessee Election Site Hit With DDOS Attack During Primary

On Tuesday the web site used to display the voting results for the Knox County, Tennessee mayoral primary was taken offline by a distributed denial-of-service attack. This prevented voters from being able to access the site and view the results of the primary. [...]

https://www.bleepingcomputer.com/news/security/knox-county-tennessee-election-site-hit-with-ddos-attack-during-primary/

New Service Blocks EU Users So Companies Can Save Thousands on GDPR Compliance

A new service called GDPR Shield is making the rounds this week and for all the wrong reasons. The service, advertised as a piece of JavaScript that webmasters embed on their sites, blocks EU-based users from accessing a website, just so the parent company won't have to deal with GDPR compliance. [...]

https://www.bleepingcomputer.com/news/security/new-service-blocks-eu-users-so-companies-can-save-thousands-on-gdpr-compliance/