Google Adds New Features in Chrome to Fight Malvertising

Google announced plans today for three new Chrome security features that will block websites from sneakily redirecting users to new URLs without the user or website owner's consent. One of these features has the potential to stop malvertising attacks. [...]

https://www.bleepingcomputer.com/news/security/google-adds-new-features-in-chrome-to-fight-malvertising/

Stock Trader Accused of Hacking Brokerage Firms and Placing Illegal Trades

The Department of Justice has filed an indictment against Joseph Willner, 42, of Ambler, Pennsylvania, accusing the day trader of hacking into brokerage accounts at various financial companies and placing unauthorized trades. [...]

https://www.bleepingcomputer.com/news/security/stock-trader-accused-of-hacking-brokerage-firms-and-placing-illegal-trades/

Ordinypt Ransomware Intentionally Destroys Files, Currently Targeting Germany

A new ransomware strain called Ordinypt is currently active in Germany, but instead of encrypting users' documents, the ransomware rewrites files with random data. [...]

https://www.bleepingcomputer.com/news/security/ordinypt-ransomware-intentionally-destroys-files-currently-targeting-germany/

"Eavesdropper" Vulnerability Exposes Millions of Private Conversations

Security researchers have discovered that tens of developers have left API credentials in hundreds of applications built around the Twilio service. [...]

https://www.bleepingcomputer.com/news/security/-eavesdropper-vulnerability-exposes-millions-of-private-conversations/

WikiLeaks Releases Source Code of CIA Cyber-Weapon

WikiLeaks published the first-ever batch of source code for CIA cyber-weapons. The source code released today is for a toolkit named Hive, a so-called implant framework, a system that allows CIA operatives to control the malware it deploys on infected computers. [...]

https://www.bleepingcomputer.com/news/government/wikileaks-releases-source-code-of-cia-cyber-weapon/

Google Ranks Phishing Above Keyloggers & Password Reuse as Bigger Threat to Users

Research carried out by Google engineers and academics from the University of California, Berkeley and the International Computer Science Institute has revealed that phishing attacks pose a more significant threat to users losing access to their Google accounts when compared to keyloggers or password reuse. [...]

https://www.bleepingcomputer.com/news/security/google-ranks-phishing-above-keyloggers-and-password-reuse-as-bigger-threat-to-users/

Avira Introduces SafeThings to Protect your Network's IOT Devices

Avira has announced a new security solution called SmartThings that aims to protect consumers from the lack of security found in most Internet of Things devices. [...]

https://www.bleepingcomputer.com/news/security/avira-introduces-safethings-to-protect-your-networks-iot-devices/

LockCrypt Ransomware Crew Started via Satan RaaS, Now Deploying Their Own Strain

Since June this year, a group of cyber-criminals has been breaking into unsecured enterprise servers via RDP brute-force attacks and manually installing a new type of ransomware called LockCrypt. [...]

https://www.bleepingcomputer.com/news/security/lockcrypt-ransomware-crew-started-via-satan-raas-now-deploying-their-own-strain/

First Android Malware Detected Using New "Toast Overlay" Attack

A theoretical attack described by security researchers at the start of September has been integrated into a live malware distribution campaign for the first time. [...]

https://www.bleepingcomputer.com/news/security/first-android-malware-detected-using-new-toast-overlay-attack/

Man Uses DDoS-for-Hire Services to Attack Former Employer, Taunts Firm via Email

Court documents obtained by Bleeping Computer reveal that the FBI has charged a Minnesota man for launching hundreds of DDoS attacks on companies all over the world, including his former employers and business partners. [...]

https://www.bleepingcomputer.com/news/security/man-uses-ddos-for-hire-services-to-attack-former-employer-taunts-firm-via-email/

New Cobra Crysis Ransomware Variant Released

A new variant of the Crysis ransomware has been discovered that appends the cobra extension to encrypted files. While this ransomware cannot be decrypted for free, this article will take a look at the infection and provide possible methods to try to restore files. [...]

https://www.bleepingcomputer.com/news/security/new-cobra-crysis-ransomware-variant-released/

Antivirus Engine Design Flaw Helps Malware Sink Its Teeth Into Your System

Several antivirus products are affected by a design flaw that allows malware or a local attacker to abuse the "restore from quarantine" feature to send previously detected malware to sensitive areas of the user's operating system, helping the malware gain boot persistence with elevated privileges. [...]

https://www.bleepingcomputer.com/news/security/antivirus-engine-design-flaw-helps-malware-sink-its-teeth-into-your-system/

The Week in Ransomware - November 10th 2017 - Ordinypt & LockCrypt

Mostly small silly variants released this week, but we did have a few interesting stories. The bigger stories include a new variant from Crysis released,  a wiper disguised as a ransomware targeting companies in Germany, and hackers using RDP to install the LockCrypt ransomware. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-10th-2017-ordinypt-and-lockcrypt/

Hack Cost Equifax Only $87.5 Million — for Now

During an earnings call detailing the Q3 2017 financial results, Equifax execs said the company incurred $87.5 million in expenses related to the massive data breach it suffered earlier in the year and which it publicly disclosed in September 2017. [...]

https://www.bleepingcomputer.com/news/business/hack-cost-equifax-only-87-5-million-for-now/

DHS Team Hacks a Boeing 757

A team of academics and private industry experts, led by DHS officials, remotely hacked a Boeing 757 airplane parked at an airport in Atlantic City, New Jersey. [...]

https://www.bleepingcomputer.com/news/security/dhs-team-hacks-a-boeing-757/

Computer Glitch Keeps Inmate in Prison for Five Extra Months

A glitch in the Louisville Metro Department of Corrections (LMDC) computer system kept an inmate in prison for five extra months. Human error was also involved. [...]

https://www.bleepingcomputer.com/news/government/computer-glitch-keeps-inmate-in-prison-for-five-extra-months/

Google Addresses Android's Biggest Security Problem: Accessibility Services

Google has emailed Android app developers and has informed them of plans to remove all apps that misuse the Accessibility service from the Play Store. [...]

https://www.bleepingcomputer.com/news/security/google-addresses-androids-biggest-security-problem-accessibility-services/

New IcedID Banking Trojan Discovered

Malware experts have spotted a new player on the banking trojan scene that they named IcedID and which is currently in its first stages of development. [...]

https://www.bleepingcomputer.com/news/security/new-icedid-banking-trojan-discovered/

Firefox 57 Brings Better Sandboxing on Linux

Firefox 57, set to be released tomorrow, will ship with improvements to the browser's sandbox security feature for Linux users. [...]

https://www.bleepingcomputer.com/news/security/firefox-57-brings-better-sandboxing-on-linux/

Apple FaceID Tricked With $150 Mask

Security researchers have broken Apple's FaceID security system using a mask they said takes around a few days to make and costs only $150. [...]

https://www.bleepingcomputer.com/news/apple/apple-faceid-tricked-with-150-mask/