Exploit Broker Zerodium Offers $1 Million for Tor Browser Zero-Days

Zerodium, a company that buys exploits to sell to government agencies, is offering up to $1 million for zero-days affecting the Tor Browser. [...]

https://www.bleepingcomputer.com/news/security/exploit-broker-zerodium-offers-1-million-for-tor-browser-zero-days/

US Officially Bans Kaspersky Products From Government Systems

In a Binding Operational Directive published today by the Department of Homeland Security (DHS), the US government has banned the use of Kaspersky Lab security software on government computers. [...]

https://www.bleepingcomputer.com/news/government/us-officially-bans-kaspersky-products-from-government-systems/

Windows 10 Insider Build 16362 for Skip Ahead Insiders Improves on the Boot Experience

Today Microsoft released Insider Preview Build 16362 for PC to only insiders on the fast ring who have opted to skip ahead. This build brings improvements to the boot experience, narrator, Edge, gaming, input, and the Windows Shell. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-16362-for-skip-ahead-insiders-improves-on-the-boot-experience/

Upcoming Windows 10 Will Show Popup Dialogs for Individual App Permissions

The next major update of the Windows 10 operating system — codenamed the Fall Creators Update (FCU) — will receive new privacy controls, including popup dialogs that warn users about features an app is about to use. [...]

https://www.bleepingcomputer.com/news/microsoft/upcoming-windows-10-will-show-popup-dialogs-for-individual-app-permissions/

Ichidan Is a Shodan-Like Search Engine for the Dark Web

Two days ago, Bleeping Computer came across a new Dark Web portal that allows users to search Tor Onion sites in the same way users utilize Shodan to discover Internet-exposed services. [...]

https://www.bleepingcomputer.com/news/security/ichidan-is-a-shodan-like-search-engine-for-the-dark-web/

Equifax Confirms Hackers Used Apache Struts Vulnerability to Breach Its Servers

In an update posted to its security breach website, Equifax said hackers used an Apache Struts security bug to breach its servers and later steal data on over 143 million customers, from both the US and the UK. [...]

https://www.bleepingcomputer.com/news/security/equifax-confirms-hackers-used-apache-struts-vulnerability-to-breach-its-servers/

Attackers Can Bypass SKEL Protection in macOS High Sierra

A new security feature added in macOS High Sierra (10.13) named "Secure Kernel Extension Loading" (SKEL) can be bypassed to allow the loading of malicious kernel extensions. [...]

https://www.bleepingcomputer.com/news/security/attackers-can-bypass-skel-protection-in-macos-high-sierra/

Developers Unwittingly Embedded Malware in Their Android Apps via Shady SDK

Malware authors hid malicious code inside a software development kit (SDK) that developers embedded in their Android apps, unwittingly exposing their users to a mobile malware strain that Check Point identifies as ExpensiveWall. [...]

https://www.bleepingcomputer.com/news/security/developers-unwittingly-embedded-malware-in-their-android-apps-via-shady-sdk/

Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Malware authors are using JavaScript code delivered via malvertising campaigns to mine different cryptocurrencies inside people's browsers, without their knowledge. [...]

https://www.bleepingcomputer.com/news/security/malvertising-campaign-mines-cryptocurrency-right-in-your-browser/

Sysadmin Hacks Former Employer and Buys iPad Tablets From Staples

A judge sentenced a Texas man to 27 months in prison for hacking his former employer so he could use company resources to buy at least 11 iPad Air tablets for himself. [...]

https://www.bleepingcomputer.com/news/security/sysadmin-hacks-former-employer-and-buys-ipad-tablets-from-staples/

Chrome Will Mute All Sites With Auto-Playing Sound by Default Starting 2018

Google engineers have announced changes in the way Chrome will handle websites with auto-playing audio. [...]

https://www.bleepingcomputer.com/news/google/chrome-will-mute-all-sites-with-auto-playing-sound-by-default-starting-2018/

Ten Malicious Libraries Found on PyPI - Python Package Index

The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI — Python Package Index — the official third-party software repository for the Python programming language. [...]

https://www.bleepingcomputer.com/news/security/ten-malicious-libraries-found-on-pypi-python-package-index/

Adware Installs InfoStealer Trojan that it loads via Chrome DLL Hijacking

A password stealing Trojan called AdService is being quietly distributed by adware bundles that typically install other programs such as Russian adware, extensions, clickers, adware, and fake system optimization programs.  This Trojan is loaded through DLL hijacking in Chrome. [...]

https://www.bleepingcomputer.com/news/security/adware-installs-infostealer-trojan-that-it-loads-via-chrome-dll-hijacking/

Security.txt Standard Proposed, Similar to Robots.txt

Ed Foudil, a web developer and security researcher, has submitted a draft to the IETF — Internet Engineering Task Force — seeking the standardization of security.txt, a file that webmasters can host on their domain root and describe the site's security policies. [...]

https://www.bleepingcomputer.com/news/security/security-txt-standard-proposed-similar-to-robots-txt/

OurMine Hacks Vevo After Employee Was Disrespectful to Hackers on LinkedIn

Hacking group OurMine has breached Vevo, a video hosting service, and has leaked files from the company's internal network. [...]

https://www.bleepingcomputer.com/news/security/ourmine-hacks-vevo-after-employee-was-disrespectful-to-hackers-on-linkedin/

The Week in Ransomware - September 15th 2017 - Mostly In-dev Ransomware

It has been another week of mostly small little in-dev ransomware that will never make it to distribution. In other news, Locky continues to send out large spam campaigns as it tries to become a major player again. Otherwise, not much to report, which we are always happy about. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-15th-2017-mostly-in-dev-ransomware/

Google Will Auto-Delete Android Backups If Users Don't Use Their Phones for 2 Weeks

Google will automatically delete all of a user's Android backup files — stored in his Google Drive account — if the user does not use his phone for two weeks. [...]

https://www.bleepingcomputer.com/news/mobile/google-will-auto-delete-android-backups-if-users-dont-use-their-phones-for-2-weeks/

Equifax Releases New Information About Security Breach as Top Execs Step Down

In a press release published late Friday night, credit rating and reporting firm Equifax revealed new details about the security breach that exposed the personal details of over 143 million users, and also announced the immediate retirement of two high-ranking executives. [...]

https://www.bleepingcomputer.com/news/security/equifax-releases-new-information-about-security-breach-as-top-execs-step-down/

The Loopix Anonymity System Wants to Be a More Secure Alternative to Tor

Loopix is a new anonymity network developed by a group of researchers from University College London (UCL) that comes with all the good parts of previous systems and new additions to improve security. [...]

https://www.bleepingcomputer.com/news/technology/the-loopix-anonymity-system-wants-to-be-a-more-secure-alternative-to-tor/

LiteBit Bitcoin Exchange Hacked Twice in Two Months

[...]

https://www.bleepingcomputer.com/news/security/litebit-bitcoin-exchange-hacked-twice-in-two-months/