Mozilla Adds 2FA Support for Firefox Accounts

Mozilla is rolling out support for a two-step authentication process for Firefox Accounts, the credentials system that protects bookmarks, passwords, open tabs and other data synchronized between devices via the Firefox Sync feature. [...]

https://www.bleepingcomputer.com/news/security/mozilla-adds-2fa-support-for-firefox-accounts/

Backdoor Account Found in D-Link DIR-620 Routers

Security researchers have found a backdoor account in the firmware of D-Link DIR-620 routers that allows hackers to take over any device reachable via the Internet. [...]

https://www.bleepingcomputer.com/news/security/backdoor-account-found-in-d-link-dir-620-routers/

Nation-State Group Hacked 500,000 Routers to Prepare a Cyber-Attack on Ukraine

Security researchers from Cisco said today that they've detected a giant botnet of hacked routers that appears to be preparing for a cyber-attack on Ukraine. [...]

https://www.bleepingcomputer.com/news/security/nation-state-group-hacked-500-000-routers-to-prepare-a-cyber-attack-on-ukraine/

CryptON Ransomware Installed Using Hacked Remote Desktop Services

A new and active campaign for the CryptON Ransomware is currently underway where attackers are hacking into computers with Internet accessible Remote Desktop Services. Once the attackers gain access to the computer they manually execute the ransomware and encrypt your files. [...]

https://www.bleepingcomputer.com/news/security/crypton-ransomware-installed-using-hacked-remote-desktop-services/

Hackers Find New Method of Installing Backdoored Plugins on WordPress Sites

Hackers have come up with a never-before-seen method of installing backdoored plugins on websites running the open-source WordPress CMS, and this new technique relies on using weakly protected WordPress.com accounts and the Jetpack plugin. [...]

https://www.bleepingcomputer.com/news/security/hackers-find-new-method-of-installing-backdoored-plugins-on-wordpress-sites/

Verge Cryptocurrency Network Falls Victim to Same Attack Even After Hard-Fork

A hacker found a way around a previous patch in the Verge cryptocurrency source code and took advantage of the flaw to monopolize mining operations and create Verge coins (XVG) at a rapid pace. [...]

https://www.bleepingcomputer.com/news/security/verge-cryptocurrency-network-falls-victim-to-same-attack-even-after-hard-fork/

Hacker Makes Over $18 Million in Double-Spend Attack on Bitcoin Gold Network

An unidentified hacker has mounted several "double spend" attacks on the infrastructure of the Bitcoin Gold cryptocurrency and has managed to amass over $18 million worth of BTG (Bitcoin Gold) coins in the process. [...]

https://www.bleepingcomputer.com/news/security/hacker-makes-over-18-million-in-double-spend-attack-on-bitcoin-gold-network/

FBI Takes Control of APT28's VPNFilter Botnet

The US Federal Bureau of Investigation (FBI) has obtained court orders and has taken control of the command and control servers of a massive botnet of over 500,000 devices, known as the VPNFilter botnet. [...]

https://www.bleepingcomputer.com/news/security/fbi-takes-control-of-apt28s-vpnfilter-botnet/

Microsoft Will Extend GDPR Privacy Protections to All Users, Not Just Europeans

Microsoft said this week it plans to extend and enforce the new GDPR privacy protections to all of its customers, not just those based in EU countries. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-will-extend-gdpr-privacy-protections-to-all-users-not-just-europeans/

Firefox 63 to Get Improved Tracking Protection That Blocks In-Browser Miners

Mozilla developers are working on an improved Tracking Protection system for the Firefox browser that will land in version 63, scheduled for release in mid-October. [...]

https://www.bleepingcomputer.com/news/software/firefox-63-to-get-improved-tracking-protection-that-blocks-in-browser-miners/

Microsoft Releases KB4100403 to Fix Windows 10 Intel & Toshiba SSD Issues

Earlier today, Microsoft released cumulative update KB4100403 that fixes several bugs, including the issues some users reported with Intel and Toshiba solid-state drives (SSDs). [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-kb4100403-to-fix-windows-10-intel-and-toshiba-ssd-issues/

Amazon Alexa Recorded a Conversation and Sent It to a Contact Without Permission

As much as people enjoy their virtual assistants, sometimes they do things that are downright creepy. Such is the case for a family in Portland who discovered that Amazon Alexa recorded a conversation without permission and sent it to a random person in their contact list. [...]

https://www.bleepingcomputer.com/news/technology/amazon-alexa-recorded-a-conversation-and-sent-it-to-a-contact-without-permission/

Malware Found in the Firmware of 141 Low-Cost Android Devices

Two years after being ousted, a criminal operation that has been inserting malware in the firmware of low-cost Android devices is still up and running, and has even expanded its reach. [...]

https://www.bleepingcomputer.com/news/security/malware-found-in-the-firmware-of-141-low-cost-android-devices/

Z-Shave Attack Could Impact Over 100 Million IoT Devices

The Z-Wave wireless communications protocol used for some IoT/smart devices is vulnerable to a downgrade attack that can allow a malicious party to intercept and tamper with traffic between smart devices. [...]

https://www.bleepingcomputer.com/news/security/z-shave-attack-could-impact-over-100-million-iot-devices/

Windows 10 Gains Ground in Enterprise Environments While Windows 7 Crashes Out

Statistics gathered from over 11 million enterprise users reveal that Windows 10 market share is growing, Windows 7 has been slowly phased out, and, unfortunately, a large number of users are still using outdated operating systems. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-gains-ground-in-enterprise-environments-while-windows-7-crashes-out/

Windows 10 Insider Build 17677 Changes Memory Reporting For Suspended UWP Apps

Today Microsoft released Windows 10 Insider Preview Build 17677 (Redstone 5) to insiders in the fast and skip ahead rings. This build introduces new features to Microsoft Edge, Narrator improvements, Kernel debugging, Mobile Broadband (LTE) driver improvements, and changes to how Task Manager lists memory for suspended UWP apps. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-17677-changes-memory-reporting-for-suspended-uwp-apps/

BackSwap Banking Trojan Uses Never-Before-Seen Techniques

Security researchers have discovered a new banking trojan named BackSwap that uses never-before-seen techniques to facilitate the theft of online funds. [...]

https://www.bleepingcomputer.com/news/security/backswap-banking-trojan-uses-never-before-seen-techniques/

Vermont Entices Remote Workers To Relocate By Paying Their Expenses

As if Ben and Jerry's, beautiful landscape, and legalized marijuana wasn't enough of an incentive, Vermont has passed legislation called the "New Remote Worker Grant Program" that will pay a remote worker's expenses if they move to Vermont. [...]

https://www.bleepingcomputer.com/news/government/vermont-entices-remote-workers-to-relocate-by-paying-their-expenses/

The Week in Ransomware - May 25th 2018 - Crypton and Small Variants

This was a very quiet week with very few ransomware variants released and not much news at all, which we are always happy about. The biggest news has been the CryptON campaign that really picked up speed this month. As this ransomware is installed over hacked remote desktop services, everyone needs to tighten their RDP security. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-25th-2018-crypton-and-small-variants/

Coca-Cola Suffers Breach at the Hands of Former Employee

The Coca-Cola company announced a data breach incident this week after a former employee was found in possession of worker data on a personal hard drive. [...]

https://www.bleepingcomputer.com/news/security/coca-cola-suffers-breach-at-the-hands-of-former-employee/

Researchers Bypass AMD’s SEV Virtual Machine Encryption

Four researchers from the Fraunhofer Institute for Applied and Integrated Safety in Munich, Germany have published a research paper this week detailing a method of recovering data that is normally encrypted by AMD's Secure Encrypted Virtualization (SEV), a safety mechanism designed to encrypt the data of virtual machines running on s [...]

https://www.bleepingcomputer.com/news/security/researchers-bypass-amd-s-sev-virtual-machine-encryption/