Two Arrested in London for Infecting Washington's CCTV Network with Ransomware

UK's National Crime Agency said today that officers arrested two suspects for hacking the Washington CCTV network and installing ransomware. [...]

https://www.bleepingcomputer.com/news/security/two-arrested-in-london-for-infecting-washingtons-cctv-network-with-ransomware/

Ranion Ransomware-as-a-Service Available on the Dark Web for 'Educational Purposes'

A new Ransomware-as-a-Service (RaaS) portal that recently launched on the Dark Web is peddling access to a fully-working ransomware distribution network for extremely low prices. [...]

https://www.bleepingcomputer.com/news/security/ranion-ransomware-as-a-service-available-on-the-dark-web-for-educational-purposes/

Someone Tried to Resurrect 14-Year-Old SQL Slammer Worm

For a week in November and December 2016, someone tried to resurrect the 14-year-old SQL Slammer worm, according to security firm Check Point, who reported today that they've "detected a massive increase in the number of attack attempts." [...]

https://www.bleepingcomputer.com/news/security/someone-tried-to-resurrect-14-year-old-sql-slammer-worm/

The Week in Ransomware - February 3rd 2017 - CryptoShield, Spora, and Exploit Kits

Ransomware, ransomware, ransomware. It never seems to end. This week we see lots of little ransomware infections being developer or distributed. The good news is that we also have seen quite a few decryptors released to help those who were infected. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-3rd-2017-cryptoshield-spora-and-exploit-kits/

Deception Is the Main Strategy of Recent Android Adware

At Symantec's behest, Google has removed three Android apps from the Play Store because these apps used various tricks to fool security scanners and deliver unwanted ads to the people that installed them. [...]

https://www.bleepingcomputer.com/news/security/deception-is-the-main-strategy-of-recent-android-adware/

YourRansom Is the Latest in a Long Line of Prank and Educational Ransomware

Ransomware infections are problematic enough on their own, even if they aren't the subject of a prank or some annoying demagogue trying to "teach" you about the dangers of crypto-ransomware. [...]

https://www.bleepingcomputer.com/news/security/yourransom-is-the-latest-in-a-long-line-of-prank-and-educational-ransomware/

A Hacker Just Pwned Over 150,000 Printers Left Exposed Online

A grey-hat hacker going by the name of Stackoverflowin says he's pwned over 150,000 printers that have been left accessible online. [...]

https://www.bleepingcomputer.com/news/security/a-hacker-just-pwned-over-150-000-printers-left-exposed-online/

ISO File and Screenshots Leak Online Revealing Microsoft's New Windows Cloud OS

Earlier today, a Twitter user shared a link to a website hosting the ISO file for Microsoft's upcoming operating system called Windows Cloud. The downloaded ISO is 4.23GB, and the installation routine won't work for everyone, as the OS isn't optimized for all hardware combinations. [...]

https://www.bleepingcomputer.com/news/microsoft/iso-file-and-screenshots-leak-online-revealing-microsofts-new-windows-cloud-os/

Anonymous Hacks and Takes Down 10,613 Dark Web Portals

Anonymous hackers have breached Freedom Hosting II, a popular Dark Web hosting provider, and have taken down 10,613 .onion sites. [...]

https://www.bleepingcomputer.com/news/security/anonymous-hacks-and-takes-down-10-613-dark-web-portals/

Rust Programming Language Takes More Central Role in Firefox Development

Starting with the release of Firefox 54, the Rust programming language will take a bigger role in the Firefox browser, as more and more components will work on top of this new technology developed in the past years by the Mozilla Research team. [...]

https://www.bleepingcomputer.com/news/software/rust-programming-language-takes-more-central-role-in-firefox-development/

Dark Web Marketplace Launches Bug Bounty Program with $10,000 Rewards

Dark Web marketplace Hansa has launched a bug bounty program to deal with security issues that might allow other hackers or law enforcement to identify and deanonymize the site's owners and users. [...]

https://www.bleepingcomputer.com/news/security/dark-web-marketplace-launches-bug-bounty-program-with-10-000-rewards/

Spora Ransomware Sets Itself Apart with Top-Notch PR, Customer Support

The Spora ransomware is slowly making a name for itself as one of the most well-run ransomware operations on the market, with a very well-designed ransom payment portal, some solid customer support, and also efforts to improve the ransomware's reputation among victims. [...]

https://www.bleepingcomputer.com/news/security/spora-ransomware-sets-itself-apart-with-top-notch-pr-customer-support/

Polish Banks Infected with Malware Hosted on Their Own Government's Site

Several Polish banks said they suffered malware infections after their employees visited the site of the Polish Financial Supervision Authority (KNF), which had been previously infected to host a malicious JavaScript file. [...]

https://www.bleepingcomputer.com/news/security/polish-banks-infected-with-malware-hosted-on-their-own-governments-site/

Watch Your Computer Go Bonkers with Cancer Trollware

Security researcher MalwareHunter discovered today a new malware that he initially believed to be ransomware but ended up being just another annoying piece of junk that falls in the category of trollware, also known as crapware. [...]

https://www.bleepingcomputer.com/news/security/watch-your-computer-go-bonkers-with-cancer-trollware/

Android Ransomware Borrows One More Trick from Desktop Counterparts

The infamous Lockdroid ransomware has gained a new feature, a banality among desktop malware, but a never-before-seen trick for Android ransomware. [...]

https://www.bleepingcomputer.com/news/security/android-ransomware-borrows-one-more-trick-from-desktop-counterparts/

Over 67,000 Websites Defaced via Recently Patched WordPress Bug

WordPress sites that haven't been updated to the most recent version, v4.7.2, released last week, are under attack as four hacking groups are conducting mass defacement campaigns. [...]

https://www.bleepingcomputer.com/news/security/over-67-000-websites-defaced-via-recently-patched-wordpress-bug/

Vizio Fined for Spying on Users via Smart TVs, Selling User Data Without Consent

Vizio agreed on Monday to pay a fine of $2.2 million after it was caught secretly collecting user data and then selling personal user details to third-parties without the user's explicit consent. [...]

https://www.bleepingcomputer.com/news/hardware/vizio-fined-for-spying-on-users-via-smart-tvs-selling-user-data-without-consent/

Former FireEye Intern, Author of Dendroid RAT, Gets No Prison Time

A judge has sentenced Morgan C. Culbertson, 21, of Pittsburgh to three years probation, with 300 hours of community service and computer monitoring, for his role in creating and selling the Dendroid RAT (Remote Access Trojan). [...]

https://www.bleepingcomputer.com/news/security/former-fireeye-intern-author-of-dendroid-rat-gets-no-prison-time/

76 Popular iOS Apps Vulnerable to Silent Interception of TLS-Encrypted Data

Experts from Sudo Security Group have discovered that at least 76 of the most popular iOS apps available through Apple's App Store have failed to properly implement TLS encryption and expose their users to silent MitM (Man-in-the-Middle) attacks. [...]

https://www.bleepingcomputer.com/news/security/76-popular-ios-apps-vulnerable-to-silent-interception-of-tls-encrypted-data/

Erebus Ransomware Utilizes a UAC Bypass and Request a $90 Ransom Payment

A ransomware called Erebus has been discovered that utilizes a UAC bypass, encrypts file name extensions using ROT-23, and has a low ransom amount of ~$90USD. [...]

https://www.bleepingcomputer.com/news/security/erebus-ransomware-utilizes-a-uac-bypass-and-request-a-90-ransom-payment/

High-End Phishing Kit Automates Attacks on PayPal Accounts

Security researchers from Proofpoint have come across a sophisticated phishing kit that automates the process of building and deploying high-end phishing pages, and which is extremely efficient at collecting login credentials and user details from PayPal users. [...]

https://www.bleepingcomputer.com/news/security/high-end-phishing-kit-automates-attacks-on-paypal-accounts/