Vault 7: CIA Borrowed Code from Public Malware

Documents included in yesterday's WikiLeaks Vault 7 dump reveal the CIA used code from public malware samples to advance its technical capabilities. [...]

https://www.bleepingcomputer.com/news/security/vault-7-cia-borrowed-code-from-public-malware/

Vault 7: WikiLeaks Docs Hint CIA Could Bypass 21 Security Products

One of the hidden gems included in the Vault 7 data, dumped yesterday by WikiLeaks, is a document detailing bypass techniques for 21 security software products. [...]

https://www.bleepingcomputer.com/news/security/vault-7-wikileaks-docs-hint-cia-could-bypass-21-security-products/

Dahua Left Device Credentials Exposed to Anyone Knowing Where to Look

Believe it or not, there are DVRs and IP cameras available online today that you could hack just like in the movies, in a matter of seconds. [...]

https://www.bleepingcomputer.com/news/hardware/dahua-left-device-credentials-exposed-to-anyone-knowing-where-to-look/

Mozilla Releases Firefox 52, the First Browser to Support WebAssembly

In the midst of the WikiLeaks Vault 7, Mozilla quietly released Firefox 52, which has officially become the first web browser to support the new WebAssembly standard. [...]

https://www.bleepingcomputer.com/news/software/mozilla-releases-firefox-52-the-first-browser-to-support-webassembly/

Emsisoft Releases a Decryptor for the CryptON Ransomware

Yesterday, Emsisoft's CTO and malware researcher Fabian Wosar? released a decryptor for the CryptON Ransomware. This ransomware has been around since the end of February and has had a few variants released. It was named CryptON based on a string found within the executable. [...]

https://www.bleepingcomputer.com/news/security/emsisoft-releases-a-decryptor-for-the-crypton-ransomware/

FCC Blocks Privacy Rules That Prevented ISPs From Selling User Data

The FCC announced it suspended the coming into effect of regulation aimed at improving user Internet privacy, which would have blocked Internet service providers from selling private user data to advertisers without their specific consent. [...]

https://www.bleepingcomputer.com/news/government/fcc-blocks-privacy-rules-that-prevented-isps-from-selling-user-data/

Apache Struts Zero-Day Exploited in the Wild

Cisco's Talos security team announced it discovered attacks against a zero-day vulnerability in Apache Struts, which Apache patched on Monday. [...]

https://www.bleepingcomputer.com/news/security/apache-struts-zero-day-exploited-in-the-wild/

Anonymous Hacker Who Exposed Steubenville Rape Case Gets Two Years in Prison

One of the Anonymous hackers who exposed the Steubenville High School rape case in 2012, was sentenced yesterday to two years in prison by a judge in Lexington, Kentucky. [...]

https://www.bleepingcomputer.com/news/security/anonymous-hacker-who-exposed-steubenville-rape-case-gets-two-years-in-prison/

New RanRan Ransomware Uses Encryption Tiers, Political Messages

Researchers from Palo Alto Networks have come across a new ransomware family that combines many unique features, such as political statements, public subdomain creation, and encryption tiers. [...]

https://www.bleepingcomputer.com/news/security/new-ranran-ransomware-uses-encryption-tiers-political-messages/

Highly Evolved Skinner Adware Found on the Google Play Store

Security researchers have spotted a new mobile adware family targeting Android devices, and yet again, an app infected with this threat managed to make its way into the Google Play Store. [...]

https://www.bleepingcomputer.com/news/security/highly-evolved-skinner-adware-found-on-the-google-play-store/

Nearly 200,000 WiFi Cameras Open to Hacking Right Now

What started as an analysis of a simple security flaw in a random wireless IP camera turned into seven vulnerabilities that affect over 1,250 camera models and expose nearly 200,000 cameras to hacking. [...]

https://www.bleepingcomputer.com/news/security/nearly-200-000-wifi-cameras-open-to-hacking-right-now/

Nearly 200,000 WiFi Cameras Open to Hacking Right Now

What started as an analysis of a simple security flaw in a random wireless IP camera turned into seven vulnerabilities that affect over 1,250 camera models and expose nearly 200,000 cameras to hacking. [...]

https://www.bleepingcomputer.com/news/security/nearly-200-000-wifi-cameras-open-to-hacking-right-now/

Nearly 200,000 WiFi Cameras Open to Hacking Right Now

What started as an analysis of a simple security flaw in a random wireless IP camera turned into seven vulnerabilities that affect over 1,250 camera models and expose nearly 200,000 cameras to hacking. [...]

https://www.bleepingcomputer.com/news/security/nearly-200-000-wifi-cameras-open-to-hacking-right-now/

Over a Third of Websites Use Outdated and Vulnerable JavaScript Libraries

More than a third of the websites you visit online may include an outdated JavaScript library that's vulnerable to one or more security flaws. [...]

https://www.bleepingcomputer.com/news/security/over-a-third-of-websites-use-outdated-and-vulnerable-javascript-libraries/

New Cerber Ransomware Variant Released That Keeps Original Filename

A new version of the Cerber Ransomware was released today that deviates from its normal course of encrypting not only a file, but the filename as well. This version will now keep the file name the same, but only append a random extension to the encrypted files. [...]

https://www.bleepingcomputer.com/news/security/new-cerber-ransomware-variant-released-that-keeps-original-filename/

Google Chrome 57 Released with WebAssembly Support, 36 Security Fixes

Version 57 of the Google Chrome for Android, Chrome OS, Linux, Mac, and Windows is available for download, or update, using the browser's built-in update feature. [...]

https://www.bleepingcomputer.com/news/software/google-chrome-57-released-with-webassembly-support-36-security-fixes/

Researchers Break MAC Address Randomization and Track 100% of Test Devices

For many years, MAC Address Randomization was slated as the next big thing for protecting user privacy on the modern Internet. [...]

https://www.bleepingcomputer.com/news/security/researchers-break-mac-address-randomization-and-track-100-percent-of-test-devices/

ISP Blocks TeamViewer Because of Tech Support Scammers

TalkTalk, a UK-based Internet service provider, has temporarily banned TeamViewer and other similar remote control software programs, citing security issues related to increased scam operations. [...]

https://www.bleepingcomputer.com/news/security/isp-blocks-teamviewer-because-of-tech-support-scammers/

Windows Insider Build 15055 Released for PC and Mobile

Today Microsoft released Insider Preview Build 15055 to PC and Mobile insiders on the fast ring, Like the previous release, this release focuses on fixing bugs and does not provide any new features. Of particular note, are the resolution of installation issues that people were experiencing in previous builds. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-insider-build-15055-released-for-pc-and-mobile/

Credit Card Stealer Disguises as Google Chrome Browser

A new malicious application tries to disguise itself as the Google Chrome browser to fool victims into entering their payment card details. The app is still active at the time of writing and sends collected user details to an AOL email address. [...]

https://www.bleepingcomputer.com/news/security/credit-card-stealer-disguises-as-google-chrome-browser/

Android Patched to Protect Users from Getting Hacked via Headphones Connector

The Android Security Bulletin for March 2017 contains a unique bugfix for a security flaw exploitable via the headphones audio connector that could be leveraged to leak data from the device, break ASLR, reset phones to factory settings, or even access the Android HBOOT bootloader. [...]

https://www.bleepingcomputer.com/news/security/android-patched-to-protect-users-from-getting-hacked-via-headphones-connector/