Bit Paymer Ransomware Hits Scottish Hospitals

Several hospitals part of the NHS Lanarkshire board were hit on Friday by a version of the Bit Paymer ransomware. The infection took root on late Friday, August 25. NHS Lanarkshire officials acknowledged the incident right away. [...]

https://www.bleepingcomputer.com/news/security/bit-paymer-ransomware-hits-scottish-hospitals/

Metadata From IoT Traffic Exposes In-Home User Activity

Metadata from web traffic generated by smart devices installed in a home can reveal quite a lot of information about the owner's habits and lifestyle. [...]

https://www.bleepingcomputer.com/news/technology/metadata-from-iot-traffic-exposes-in-home-user-activity/

IRS Warns of Emails Spreading Ransomware

The Internal Revenue Service (IRS) is warning US citizens of a new phishing scheme that poses as official IRS communications in the hopes that victims access a link, download a file, and hopefully get infected with ransomware. [...]

https://www.bleepingcomputer.com/news/security/irs-warns-of-emails-spreading-ransomware/

Windows Debug Tool WinDbg Gets a Major Facelift

Microsoft released a new version of the WinDbg debugger tool for Windows, a very popular utility among developers and system administrators working in investigating crash reports, and debugging BSODs and other errors. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-debug-tool-windbg-gets-a-major-facelift/

Today Microsoft released Insider Preview Build 16278 for PC to insiders on the fast ring. This release is all about bug fixes as Microsoft continues to focus on fixing bugs and increasing stability in the Windows 10 Fall Creators Update. At this point, it should be expected that all new releases will be improvements and bug fixes. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-16278-for-pc-released-with-only-bug-fixes/

Data of Two Million Users Stolen in CeX Security Breach

CeX, one of the Internet's biggest second-hand goods chains, has suffered a data breach, the company said in a statement on its website yesterday. [...]

https://www.bleepingcomputer.com/news/security/data-of-two-million-users-stolen-in-cex-security-breach/

It Still Takes 2 Minutes to Have Vulnerable IoT Devices Compromised Online

Almost a year after the emergence of the Mirai botnet, smart devices are still facing a barrage of credential attacks, and a device left connected to the Internet with default credentials will be hijacked in about two minutes. [...]

https://www.bleepingcomputer.com/news/security/it-still-takes-2-minutes-to-have-vulnerable-iot-devices-compromised-online/

Welcome to 2017: Pacemaker Patients Told to Visit Doctors to Receive Security Patches

Patients with pacemakers manufactured by Abbott — formerly St. Jude Medical's — are advised to reach out to their doctors and inquire about the availability of a security update for their implanted medical devices. [...]

https://www.bleepingcomputer.com/news/security/welcome-to-2017-pacemaker-patients-told-to-visit-doctors-to-receive-security-patches/

Upcoming Firefox 57 Gets New Protection Against Apps That Snoop on Users

Firefox 57, scheduled for release on November 14, will ship with a new protective measure that will prevent accessibility apps from accessing the web browser's data. [...]

https://www.bleepingcomputer.com/news/software/upcoming-firefox-57-gets-new-protection-against-apps-that-snoop-on-users/

Nearly 3,000 Bitcoin Miners Exposed Online via Telnet Ports, Without Passwords

Dutch security researcher Victor Gevers has discovered 2,893 Bitcoin miners left exposed on the Internet with no passwords on their Telnet port. [...]

https://www.bleepingcomputer.com/news/security/nearly-3-000-bitcoin-miners-exposed-online-via-telnet-ports-without-passwords/

Fake Roboto Condensed Font Pack Update Infects Users with Malware

A new social engineering attack is underway that pretends to be an alert from Chrome or Mozilla that tells you to install an updated font pack to properly see the site. Once downloaded and installed, this font pack will install various malware onto the computer. [...]

https://www.bleepingcomputer.com/news/security/fake-roboto-condensed-font-pack-update-infects-users-with-malware/

After Dodging Prison in Germany, Mirai Hacker "BestBuy" Charged in the UK

Daniel Kaye, a 29-year-old hacker known under the nicknames of BestBuy and Popopret, will appear in a UK court today to face hacking charges related to his activity as master of one of the biggest Mirai botnets ever assembled. [...]

https://www.bleepingcomputer.com/news/security/after-dodging-prison-in-germany-mirai-hacker-bestbuy-charged-in-the-uk/

New Backdoor Trojan Deployed in Cyber-Espionage Campaign Targeting Embassies

A cyber-espionage group believed to be operating out of Russia for the past two decades has deployed a new backdoor trojan on computers at embassies in Southeast Europe, former Soviet states, and some South American countries. [...]

https://www.bleepingcomputer.com/news/security/new-backdoor-trojan-deployed-in-cyber-espionage-campaign-targeting-embassies/

Three Hardcoded Backdoor Accounts Discovered in Arris Modems

Security researchers have found five gaping holes in the firmware running on Arris modems, three of which are hardcoded backdoor accounts. [...]

https://www.bleepingcomputer.com/news/security/three-hardcoded-backdoor-accounts-discovered-in-arris-modems/

CIA Developed Windows Malware That Alters Boot Sector to Load More Malware

WikiLeaks published today documentation on the CIA Angelfire project, a malware framework developed to infect Windows computers. [...]

https://www.bleepingcomputer.com/news/security/cia-developed-windows-malware-that-alters-boot-sector-to-load-more-malware/

Scan Campaign Detected Looking for Adminer Database Management Tool

Sucuri, a cyber security company recently acquired by GoDaddy, has detected a massive online scanning campaign that's searching for websites that use the Adminer database management script. [...]

https://www.bleepingcomputer.com/news/security/scan-campaign-detected-looking-for-adminer-database-management-tool/

Free Cobian RAT Offered on Underground Hacking Forums Comes With a Backdoor

A remote access trojan (RAT) offered as a free download on underground hacking forums comes with a secret backdoor that grants the original author access to all the victim data. [...]

https://www.bleepingcomputer.com/news/security/free-cobian-rat-offered-on-underground-hacking-forums-comes-with-a-backdoor/

Chinese Agency Linked to Cyber-Espionage Operations Will Review Source Code of Foreign Firms

According to a new law voted in 2016 and which came into effect starting June 1, 2017, foreign companies activating in China could be forced to provide access to their source code to a state agency that has been recently linked to China's nation-state cyber-espionage campaigns. [...]

https://www.bleepingcomputer.com/news/government/chinese-agency-linked-to-cyber-espionage-operations-will-review-source-code-of-foreign-firms/

Boobytrapped Word File Installs Locky Ransomware When You Close the Document

Summer vacation is over! During the past week, security researchers have discovered several distribution campaigns pushing the Locky ransomware via different methods, including a new variant that features one hell of a clever trick. [...]

https://www.bleepingcomputer.com/news/security/boobytrapped-word-file-installs-locky-ransomware-when-you-close-the-document/

Microsoft Confirms Windows 10 Fall Creators Update Release Date After Lenovo Blunder

On October 17, Microsoft will launch the next major version of Windows 10, nicknamed the Fall Creators Update (CFU). [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-windows-10-fall-creators-update-release-date-after-lenovo-blunder/