Apple Releases New APFS File System, Critical Security Updates

Yesterday, Apple unleashed a wave of security updates for several of its products, including the new and highly anticipated APFS file system, currently only available with iOS 10.3. [...]

https://www.bleepingcomputer.com/news/apple/apple-releases-new-apfs-file-system-critical-security-updates/

Humbled Malware Author Leaks His Own Source Code to Regain Community's Trust

The author of the Nuclear Bot banking trojan has leaked the source code of his own malware in a desperate attempt to regain trust and credibility in underground cybercrime forums. [...]

https://www.bleepingcomputer.com/news/security/humbled-malware-author-leaks-his-own-source-code-to-regain-communitys-trust/

Russian Hacker Pleads Guilty for Role in Infamous Linux Ebury Malware

The US Department of Justice announced yesterday that Maxim Senakh, 41, of Velikii Novgorod, Russia, pleaded guilty for his role in the creation of the Ebury malware and for maintaining its infamous botnet. [...]

https://www.bleepingcomputer.com/news/security/russian-hacker-pleads-guilty-for-role-in-infamous-linux-ebury-malware/

Vivaldi 1.8 Released with One-of-a-Kind Browsing History Panel

Once more, Vivaldi broke the classic browser model with the release of Vivaldi 1.8, its latest version, which now features a one-of-a-kind History panel, unlike anything you've seen in other browsers. [...]

https://www.bleepingcomputer.com/news/software/vivaldi-1-8-released-with-one-of-a-kind-browsing-history-panel/

New IIS 6.0 Zero-Day Exploited in Live Attacks Since July 2016

Since July 2016, attackers have been using a zero-day in IIS 6.0 to compromise and take over Windows servers. The vulnerability only affects IIS 6.0, which was released in November 2010, and shipped with Windows Server 2003 and Windows XP Professional x64 Edition. [...]

https://www.bleepingcomputer.com/news/security/new-iis-6-0-zero-day-exploited-in-live-attacks-since-july-2016/

GitHub Users Targeted with Dimnie Trojan

Developers sharing code on GitHub are being targeted in a malicious email campaign that's infecting their computers with a modular trojan known as Dimnie. [...]

https://www.bleepingcomputer.com/news/security/github-users-targeted-with-dimnie-trojan/

Microsoft Will Release Windows 10 Creators Update on the Day It Kills Vista

Microsoft confirmed today the launch date for the next major Windows 10 version, nicknamed Creators Update, which will roll out on April 11, the same day the company will be officially retiring the dreaded Windows Vista OS. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-will-release-windows-10-creators-update-on-the-day-it-kills-vista/

About 90% of Smart TVs Vulnerable to Remote Hacking via Rogue TV Signals

A new attack on smart TVs allows a malicious actor to take over devices using rogue DVB-T (Digital Video Broadcasting — Terrestrial) signals, get root access on the smart TV, and use the device for all sorts of nasty actions, ranging from DDoS attacks to spying on end users. [...]

https://www.bleepingcomputer.com/news/security/about-90-percent-of-smart-tvs-vulnerable-to-remote-hacking-via-rogue-tv-signals/

New Mirai Botnet Slams US College with 54-Hour DDoS Attack

What appears to be a new version of the Mirai malware was behind a massive DDoS attack that targeted an unnamed US college and lasted for 54 hours straight, reports cyber-security firm Incapsula, who was providing DDoS mitigation service for the affected college. [...]

https://www.bleepingcomputer.com/news/security/new-mirai-botnet-slams-us-college-with-54-hour-ddos-attack/

Google Wants to Change JavaScript Popups After Abuse from Tech Support Scammers

Chromium engineers are discussing plans to change how JavaScript popups work inside Chrome and other similar browsers. [...]

https://www.bleepingcomputer.com/news/security/google-wants-to-change-javascript-popups-after-abuse-from-tech-support-scammers/

EU to Propose New Measures for Accessing Encrypted IM Apps

The European Commission, through the voice of EU Justice Commissioner Vera Jourova, announced plans to find a way for law enforcement to access data exchanged via encrypted instant messaging services, such as WhatsApp, Telegram, Signal, and others. [...]

https://www.bleepingcomputer.com/news/government/eu-to-propose-new-measures-for-accessing-encrypted-im-apps/

Google: Ransomware on Android Is Exceedingly Rare

Android apps spreading ransomware aren't as common as most users and security experts think, says Jason Woloz, Sr. Program Manager for Android Security at Google. [...]

https://www.bleepingcomputer.com/news/security/google-ransomware-on-android-is-exceedingly-rare/

FedEx Will Give You $5 If You Install Flash

In an era of the Internet when most browser vendors are taking steps to migrate away from Flash and all security experts recommend you blast that piece of insecure junk off your computer, the nice people at FedEx are giving you a $5 promo code to (re)install or reactivate it in your browser. [...]

https://www.bleepingcomputer.com/news/software/fedex-will-give-you-5-if-you-install-flash/

Flatbed Scanners Used as Relay Point for Controlling Malware in Air-Gapped Systems

Scientists from two Israeli universities have come up with a way to use flatbed scanners as relay points when sending commands to malware installed on an air-gapped computer. Further research also revealed the scanner could also be used to relay stolen data to a nearby attacker. [...]

https://www.bleepingcomputer.com/news/security/flatbed-scanners-used-as-relay-point-for-controlling-malware-in-air-gapped-systems/

New Android Ransomware Evades All Mobile Antivirus Solutions

Researchers have spotted a new strain of Android ransomware that could evade detection on all mobile antivirus engines at the time of its discovery. Currently targeting Russian-speaking users, this ransomware lacks basic decryption functionality. [...]

https://www.bleepingcomputer.com/news/security/new-android-ransomware-evades-all-mobile-antivirus-solutions/

Raging Sysadmin Shuts Down Company Servers, Deletes System Files

A former sysadmin is facing up to ten years in prison and a fine of up to $250,000 after he used a backdoor account and sabotaged his former employer on the day he was fired. [...]

https://www.bleepingcomputer.com/news/security/raging-sysadmin-shuts-down-company-servers-deletes-system-files/

Skype Malvertising Campaign Pushes Fake Flash Player

It appears that for at least one day, Skype has served malicious ads, which in turn pushed a fake Flash Player update onto users. The malicious ads came to light after Reddit and Twitter users complained about Skype forcing a Flash Player update down their throat. [...]

https://www.bleepingcomputer.com/news/security/skype-malvertising-campaign-pushes-fake-flash-player/

You Can Bypass Facial Recognition on New Samsung Galaxy S8 Phones Using a Photo

Even before its official launch, smartphone experts are criticizing Samsung Galaxy S8 phones after one of their colleagues managed to bypass the facial recognition feature that ships with these phones by flashing a photo of himself in front of the phone. [...]

https://www.bleepingcomputer.com/news/mobile/you-can-bypass-facial-recognition-on-new-samsung-galaxy-s8-phones-using-a-photo/

USB Canary Sends an SMS When Someone Tinkers with Your USB Ports

A new tool released on GitHub last week can help paranoid sysadmins keep track of whenever someone plugs in or disconnects an USB-based device from high-value workstations. [...]

https://www.bleepingcomputer.com/news/software/usb-canary-sends-an-sms-when-someone-tinkers-with-your-usb-ports/

Sanctions Ransomware Makes Fun of USA Sanctions Against Russia

If you want to know what some ransomware developers think about the USA, you can get a good idea from the ransom note of the Sanctions Ransomware. Dubbed Sanctions Ransomware due to the image in the ransom note, the developer makes it fairly obvious how he feels about the USA and their attempts to sanction Russia. [...]

https://www.bleepingcomputer.com/news/security/sanctions-ransomware-makes-fun-of-usa-sanctions-against-russia/

The Week in Ransomware - March 31st 2017 - Sanctions, Android, and Creepy Skulls

Lots of Android ransomware news this week even though Google feels they are pretty rare. Also some updates to tools created by Michael Gillespie (CryptoSearch & ID-Ransomware), a new PyCL ransomware being distributed via RIG, and ransomware asking for 6 bitcoin ransoms while making fun of USA sanctions on Russia. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-31st-2017-sanctions-android-and-creepy-skulls/