The Week in Ransomware - August 4th 2017 - GlobeImposter, NotPetya, and More

It has been a week heavily dominated by GlobeImposter variants being released here and there and smaller ransomware variants with little or no distribution. We also saw news about companies still being affected by the NotPetya attack. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-4th-2017-globeimposter-notpetya-and-more/

MalwareTech Pleads Not Guilty to Creating Kronos Trojan, To Be Released on Bail

Marcus Hutchins, the security researcher known as MalwareTech, has pleaded not guilty to today in a Las Vegas court to charges of creating and updating the Kronos banking trojan, according to his lawyer Adrian Marie Lobo. [...]

https://www.bleepingcomputer.com/news/security/malwaretech-pleads-not-guilty-to-creating-kronos-trojan-to-be-released-on-bail/

Companies Can't Use Keyloggers to Spy on Employees, Says German Court

The German Federal Labour Court has ruled that companies can't install keyloggers to monitor employees because such an action violates personal privacy rights. [...]

https://www.bleepingcomputer.com/news/security/companies-cant-use-keyloggers-to-spy-on-employees-says-german-court/

Disney Sued for Tracking Children Without Permission via Mobile Games

A disgruntled parent has filed a lawsuit against Disney and three software developers for collecting personal information about her kid via the company's mobile games. [...]

https://www.bleepingcomputer.com/news/legal/disney-sued-for-tracking-children-without-permission-via-mobile-games/

Researchers Put Windows Defender in a Sandbox to Show Microsoft How It's Done

Software experts from Trail of Bits — a well-known security R&D company — have sandboxed Windows Defender, the default antivirus solution that ships with recent Windows editions. [...]

https://www.bleepingcomputer.com/news/security/researchers-put-windows-defender-in-a-sandbox-to-show-microsoft-how-its-done/

New Version of Dangerous Android Malware Sold on Russian Hacking Forum

A new version of the Svpeng Android banking trojan has started making victims during the past month, and at the origin of this sudden surge in activity is a criminal selling a new and improved version of Svpeng on a Russian underground hacking forum. [...]

https://www.bleepingcomputer.com/news/security/new-version-of-dangerous-android-malware-sold-on-russian-hacking-forum/

Cyber-Attack on Solar Panels Could Shut Down Power Grids via Domino Effect

New research released on Friday, August 4, reveals the existence of multiple vulnerabilities in the products of the leading provider of photovoltaic panels, which if exploited in mass by a determined attacker could lead to a shutdown of one or more countries' power grids because of a domino effect. [...]

https://www.bleepingcomputer.com/news/security/cyber-attack-on-solar-panels-could-shut-down-power-grids-via-domino-effect/

You Can Trick Self-Driving Cars by Defacing Street Signs

A team of eight researchers has discovered that by altering street signs, an adversary could confuse self-driving cars and cause their machine-learning systems to misclassify signs and take wrong decisions, potentially putting the lives of passengers in danger. [...]

https://www.bleepingcomputer.com/news/security/you-can-trick-self-driving-cars-by-defacing-street-signs/

Severe Deserialization Issues Also Affect .NET, Not Just Java

The .NET ecosystem is affected by a similar flaw that has wreaked havoc among Java apps and developers in 2016. [...]

https://www.bleepingcomputer.com/news/security/severe-deserialization-issues-also-affect-net-not-just-java/

Chrome Extension Developers Under a Barrage of Phishing Attacks

Google's security team has sent out warnings via email to Chrome extension developers after many of them have been the targets of phishing attacks, some of which have been successful and resulted in crooks taking over extensions. [...]

https://www.bleepingcomputer.com/news/security/chrome-extension-developers-under-a-barrage-of-phishing-attacks/

Cisco Admits to Losing Customer Data in Cloud Service Configuration Snafu

On Friday, last week, Cisco admitted that an engineering gaffe caused the company to lose customer data uploaded before a certain configuration was applied to one of its cloud services. [...]

https://www.bleepingcomputer.com/news/technology/cisco-admits-to-losing-customer-data-in-cloud-service-configuration-snafu/

Firefox 55 Released with Built-In Screenshot Tool, Performance Boosts, and WebVR

Later today, Mozilla is going to officially announce the release of Firefox 55, its browser's latest stable version, one that is packed full of new features and important changes. [...]

https://www.bleepingcomputer.com/news/software/firefox-55-released-with-built-in-screenshot-tool-performance-boosts-and-webvr/

HBO Hackers Dump Script for Game of Thrones Episode 5

The group who announced they hacked HBO last week have leaked new files from the company's servers, via private emails to the press and a website for everyone else. [...]

https://www.bleepingcomputer.com/news/security/hbo-hackers-dump-script-for-game-of-thrones-episode-5/

VPN Provider Accused of Sharing Customer Traffic With Online Advertisers

On Monday, the Center for Democracy & Technology (CDT) — a US-based privacy group — has filed a complaint with the US Federal Trade Commission (FTC) accusing one of today's largest VPN providers of deceptive trade practices. [...]

https://www.bleepingcomputer.com/news/technology/vpn-provider-accused-of-sharing-customer-traffic-with-online-advertisers/

Adobe Patches Security Holes in Flash Player, Acrobat, and Reader

Moments ago, Adobe released its monthly security bulletins and this month the company addressed security flaws in products such as Adobe Flash Player, Adobe Acrobat and Reader, Adobe Experience Manager (enterprise CMS), and Adobe Digital Editions (e-book reader). [...]

https://www.bleepingcomputer.com/news/security/adobe-patches-security-holes-in-flash-player-acrobat-and-reader/

Microsoft's August Patch Tuesday Fixes 48 Security Issues

Microsoft released the August 2017 Patch Tuesday security bulletin, and this month the company fixed 48 security issues in six of its main product categories. [...]

https://www.bleepingcomputer.com/news/microsoft/microsofts-august-patch-tuesday-fixes-48-security-issues/

Prison Time for Manager Who Hacked Ex-Employer's FTP Server, Email Account

Jason Needham, 45, of Arlington, Tennessee was sentenced last week to 18 months in prison and two years of supervised release for hacking his former company's FTP server and the email account of one of his former colleagues. [...]

https://www.bleepingcomputer.com/news/security/prison-time-for-manager-who-hacked-ex-employers-ftp-server-email-account/

Microsoft Just Fixed a Wormable Bug in Windows Search Affecting All OS Versions

The Microsoft August 2017 Patch Tuesday security patches include fixes for 48 issues, of which 25 are rated critical, but none is as ominous as CVE-2017-8620. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-just-fixed-a-wormable-bug-in-windows-search-affecting-all-os-versions/

Top Next-Gen Security Firm Leaking Terabytes of Customer Data

Sensitive corporate data from customers protected by Carbon Black endpoint detection and response (EDR) solutions has been found on multiscanner services, according to an investigation by DirectDefense, a provider of managed security strategies. [...]

https://www.bleepingcomputer.com/news/security/top-next-gen-security-firm-leaking-terabytes-of-customer-data/

FBI Used Booby-Trapped Video to Catch Suspected Sextortionist Hiding Behind Tor

On Monday, US authorities announced the arrest of a suspect who used Tor to disguise his online identity and coerce underage female victims into sending sexually explicit images and videos in a tactic commonly referred to as "sextortion." [...]

https://www.bleepingcomputer.com/news/security/fbi-used-booby-trapped-video-to-catch-suspected-sextortionist-hiding-behind-tor/