Plone Developers Call "Hoax" on Alleged FBI Hack

The Plone security team has debunked claims made by a hacker, who said he sued a zero-day in the Plone CMS to hack into the FBI's website, which uses the aforementioned CMS. [...]

https://www.bleepingcomputer.com/news/security/plone-developers-call-hoax-on-alleged-fbi-hack/

Tech Support Scam Causes Macs to Freeze

A new type of tech support scam tactic observed against Mac users relies on opening a large number of email drafts, an action which eventually causes the user's machine to become unresponsive. [...]

https://www.bleepingcomputer.com/news/security/tech-support-scam-causes-macs-to-freeze/

Google Bans AdNauseam from Chrome, the Ad Blocker That Clicks on All Ads

Google has banned the AdNauseam Chrome extension from the Chrome Web Store, an add-on that became very popular with users because it automatically clicked on all ads on a page. [...]

https://www.bleepingcomputer.com/news/google/google-bans-adnauseam-from-chrome-the-ad-blocker-that-clicks-on-all-ads/

FTC Takes D-Link to Court Because of Insecure Routers and Cameras

The US Federal Trade Commission (FTC) has filed a lawsuit against D-Link, a Taiwanese hardware manufacturer, for misrepresentations about the security of various devices it sold in the US, and for failing to take action and secure devices when security flaws were reported. [...]

https://www.bleepingcomputer.com/news/security/ftc-takes-d-link-to-court-because-of-insecure-routers-and-cameras/

Browser Autofill Profiles Can Be Abused for Phishing Attacks

Browser autofill profiles are a reliable phishing vector that allow attackers to collect information from users via hidden fields, which the browser automatically fills with preset personal information and which the user unknowingly sends to the attacker when he submits a form. [...]

https://www.bleepingcomputer.com/news/security/browser-autofill-profiles-can-be-abused-for-phishing-attacks/

The Week in Ransomware - January 6th 2017 - FSociety, MongoDB, Pseudo-Darkleech, and More

2017 is here and ransomware continues to pump out at a rapid pace. We have a lot of little variants popping up this week, with a special emphasis on malware devs adopting the FSociety brand name. We also have some new decryptors, a Christmas related ransomware, and plenty of small ransomware infections.  [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-6th-2017-fsociety-mongodb-pseudo-darkleech-and-more/

Google Patches Security Holes in Android Bootloader for Nexus Devices

Google's automated over-the-air (OTA) update system has plugged a "high-risk" vulnerability that affected the Android bootloader on Nexus smartphones. [...]

https://www.bleepingcomputer.com/news/mobile/google-patches-security-holes-in-android-bootloader-for-nexus-devices/

MongoDB Apocalypse Is Here as Ransom Attacks Hit 10,000 Servers

What started as isolated incidents on Monday has transformed into an all out destruction of thousands of MongoDB servers by the end of the week. [...]

https://www.bleepingcomputer.com/news/security/mongodb-apocalypse-is-here-as-ransom-attacks-hit-10-000-servers/

Crooks Cold-Calling UK Schools and Tricking Staff Into Installing Ransomware

The "ActionFraud" UK National Fraud & Cyber Crime Reporting Center has issued an alert this week to UK educational institutes, warning against cyber-criminals cold-calling British schools and tricking staffers into installing ransomware on the school's computers. [...]

https://www.bleepingcomputer.com/news/security/crooks-cold-calling-uk-schools-and-tricking-staff-into-installing-ransomware/

2016's Most Popular Web Technologies

The world of web technology changes at a rapid pace. New projects appear daily, and old tools retire to make room for new arrivals. During 2016, the web technology landscape has changed dramatically, with the arrival of AngularJS 2.0, the proliferation of React.js and maturation of several open-source CMS projects. [...]

https://www.bleepingcomputer.com/news/software/2016s-most-popular-web-technologies/

Clever Phishing Trick You Need to Be Aware Of

One trick, first seen in June 2016, was observed again this past month. This clever phishing attack relies on telling users they received an important or secure file, and they need to visit a web page to view it. The real trick takes place on the crook's page, which shows a blurred out document on the background. [...]

https://www.bleepingcomputer.com/news/security/clever-phishing-trick-you-need-to-be-aware-of/

WordPress, Joomla, and Magento Continue to Be the Most Hacked CMSs

Based on statistical data gathered by Sucuri from 7,937 compromised websites, WordPress, Joomla, and Magento, in this order, continued to be the most hacked CMS platforms in the third quarter of 2016 (months of July, August, and September). [...]

https://www.bleepingcomputer.com/news/security/wordpress-joomla-and-magento-continue-to-be-the-most-hacked-cmss/

MongoDB Apocalypse: Professional Ransomware Group Gets Involved, Infections Reach 28K Servers

The number of hijacked MongoDB servers held for ransom has skyrocketed in the past two days from 10,500 to over 28,200, thanks in large part to the involvement of a professional ransomware group known as Kraken. [...]

https://www.bleepingcomputer.com/news/security/mongodb-apocalypse-professional-ransomware-group-gets-involved-infections-reach-28k-servers/

"Merry Christmas" Ransomware Now Steals User Private Data via DiamondFox Malware

Recent variants of the "Merry Christmas" ransomware, also known as Merry X-Mas, are also downloading the DiamondFox malware on infected computers, which is used by the ransomware's operators to collect data from infected hosts, such as passwords, sensitive files, and others. [...]

https://www.bleepingcomputer.com/news/security/-merry-christmas-ransomware-now-steals-user-private-data-via-diamondfox-malware/

DHS Designates US Voting System as "Critical Infrastructure"

The US Department of Homeland Security (DHS) has upgraded the US voting and election infrastructure as a subsector of the nation's critical infrastructure. [...]

https://www.bleepingcomputer.com/news/government/dhs-designates-us-voting-system-as-critical-infrastructure-/

Los Angeles Valley College Pays a Whopping $30,000 in Ransomware Incident

The Los Angeles Community College District (LACCD) agreed to pay a ransom demand of $28,000 to crooks who managed to infect the computer network of the Los Angeles Valley College (LAVC) with ransomware. [...]

https://www.bleepingcomputer.com/news/security/los-angeles-valley-college-pays-a-whopping-30-000-in-ransomware-incident/

Obituary: Leftover Yahoo Services to Rename as Altaba, Marissa Mayer to Resign

Despite two high-profile data breaches that came to light just after Verizon agreed to buy Yahoo for $4.83 billion, the sale is going forward as initially announced, albeit with some fears on Yahoo's side. [...]

https://www.bleepingcomputer.com/news/business/obituary-leftover-yahoo-services-to-rename-as-altaba-marissa-mayer-to-resign/

New, Poorly-Made Terror Exploit Kit Drops Monero Cryptocurrency Miner

Security researchers from Trustwave and Malwarebytes have come across a new, poorly assembled exploit kit that appears to be the work of a one-man crew. [...]

https://www.bleepingcomputer.com/news/security/new-poorly-made-terror-exploit-kit-drops-monero-cryptocurrency-miner/

Shadow Brokers Now Selling Windows Exploits, Antivirus Bypass Tools

The Shadow Brokers, a group of hackers that have stolen exploits and hacking tools from the National Security Agency (NSA), are now selling some of these tools, which include Windows exploits and antivirus bypass tools, on a website hidden on the ZeroNet network. [...]

https://www.bleepingcomputer.com/news/security/shadow-brokers-now-selling-windows-exploits-antivirus-bypass-tools/

Windows 10 Insider Build 15002 released to PC and Loaded with New Features

Yetsterday Microsoft released the Windows 10 Insider Preview Build 15002 for PC only to Insiders on the fast ring.  The last build that was released was Insider Build 14986 on December 8 2016, so it has been plenty of time for the Windows team to cram goodies into this latest build. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-15002-released-to-pc-and-loaded-with-new-features/

Spora Ransomware Works Offline, Has the Most Sophisticated Payment Site as of Yet

A new ransomware family made its presence felt today, named Spora, the Russian word for "spore." This new ransomware's most notable features are its solid encryption routine, ability to work offline, and a very well put together ransom payment site, the most sophisticated we've seen from ransomware authors as of yet. [...]

https://www.bleepingcomputer.com/news/security/spora-ransomware-works-offline-has-the-most-sophisticated-payment-site-as-of-yet/