Android's New Google Play Protect System Miserably Fails First Security Test

Google's new Play Protect security system did not survive its first real-world tests, and the system was ranked dead last in an experiment carried out by German antivirus testing lab AV-Test. [...]

https://www.bleepingcomputer.com/news/security/androids-new-google-play-protect-system-miserably-fails-first-security-test/

Backdoor Account Found in Popular Ship Satellite Communications System

A popular satellite communications (SATCOM) system installed on ships across the world is affected by two serious security flaws — a hidden backdoor account with full system privileges access and an SQL injection in the login form. [...]

https://www.bleepingcomputer.com/news/security/backdoor-account-found-in-popular-ship-satellite-communications-system/

Mobile Ads Can Be Weaponized to Track Desired Users for Less Than $1,000

User targeting capabilities provided by mobile advertisers can also be abused to track users with an accuracy of 8 meters and for a budget of $1,000 or less. [...]

https://www.bleepingcomputer.com/news/security/mobile-ads-can-be-weaponized-to-track-desired-users-for-less-than-1-000/

Bug in Mobile App Lets Hackers Take Control of LG Smart Devices

LG Electronics has avoided a security disaster this summer after it worked with security researchers to patch a vulnerability in the mobile app that customers are using to control a breadth of LG smart home devices. [...]

https://www.bleepingcomputer.com/news/security/bug-in-mobile-app-lets-hackers-take-control-of-lg-smart-devices/

The Steam Halloween Sale Is Here With a Store Full of Treats

Steams annual Halloween Sale has just started and is dishing up some nice discounts on spooky, demonic, and alien games, VR titles, and movies.  [...]

https://www.bleepingcomputer.com/news/gaming/the-steam-halloween-sale-is-here-with-a-store-full-of-treats/

Hacker Wants $50K From Hacker Forum or He'll Share Stolen Database With the Feds

Extortion can also be funny when it happens to the bad guys, and there's one extortion attempt going on right now that will put a big smile on your face. [...]

https://www.bleepingcomputer.com/news/security/hacker-wants-50k-from-hacker-forum-or-hell-share-stolen-database-with-the-feds/

Bad Rabbit Ransomware Outbreak Also Used NSA Exploit

Two days after the Bad Rabbit ransomware outbreak has wreaked havoc in Russia and Ukraine, security researchers are still unearthing details regarding the malware's modus operandi. [...]

https://www.bleepingcomputer.com/news/security/bad-rabbit-ransomware-outbreak-also-used-nsa-exploit/

AI Bot That Mimics the Human Eye Breaks reCAPTCHAs With 66.6% Accuracy

Computer scientists have created an AI algorithm that works on the same principles of the human eye, and that can break various CAPTCHA systems with accuracies of over 50%. [...]

https://www.bleepingcomputer.com/news/technology/ai-bot-that-mimics-the-human-eye-breaks-recaptchas-with-66-6-percent-accuracy/

Discord is Top IM App Among Dark Web Cyber-Criminals

Despite not supporting end-to-end encryption, the Discord service is insanely popular among Dark Web cyber-criminals, nine times more popular than the second-ranked Telegram app, according to a report released this week by Dark Web threat intelligence firm IntSights. [...]

https://www.bleepingcomputer.com/news/security/discord-is-top-im-app-among-dark-web-cyber-criminals/

Researchers Reconstruct Blurred QR Code to Gain Access to $1,000 Bitcoin Wallet

Two French researchers — Michel Sassano and Clement Storck — have reconstructed a blurred QR code to gain access to a Bitcoin wallet that was holding $1,000. [...]

https://www.bleepingcomputer.com/news/technology/researchers-reconstruct-blurred-qr-code-to-gain-access-to-1-000-bitcoin-wallet/

Hackers Can Steal Windows Login Credentials Without User Interaction

Microsoft has patched only recent versions Windows against a dangerous hack that could allow attackers to steal Windows NTLM password hashes without any user interaction. [...]

https://www.bleepingcomputer.com/news/security/hackers-can-steal-windows-login-credentials-without-user-interaction/

Matrix Ransomware Being Distributed by the RIG Exploit Kit

The Matrix Ransomware has started to be distributed through the RIG exploit kit. This article will provide information on what vulnerabilities are being targeted and how to protect yourself. [...]

https://www.bleepingcomputer.com/news/security/matrix-ransomware-being-distributed-by-the-rig-exploit-kit/

Some Bad Rabbit Victims Can Recover Files Without Paying Ransom

Some extremely lucky users will be able to recover files locked by the Bad Rabbit ransomware because of small operational mistakes on the part of the malware's authors. [...]

https://www.bleepingcomputer.com/news/security/some-bad-rabbit-victims-can-recover-files-without-paying-ransom/

The Week in Ransomware - October 27th 2017 - Bad Rabbit & Tyrant

Lots of ransomware in the news this week. Of course the biggest story was the Bad Rabbit outbreak that targeted numerous countries, but mostly Russia and the Ukraine. We also had the Tyrant Ransomware, which was targeting Iranian companies. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-27th-2017-bad-rabbit-and-tyrant/

Google to Remove Public Key Pinning (PKP) Support in Chrome

Late yesterday afternoon, Google announced plans to deprecate and eventually remove PKP support from the Chromium open-source browser, which indirectly means from Chrome. [...]

https://www.bleepingcomputer.com/news/security/google-to-remove-public-key-pinning-pkp-support-in-chrome/

Researchers Devise 2FA System That Relies on Taking Photos of Ordinary Objects

Scientists from Florida International University and Bloomberg have created a custom two-factor authentication (2FA) system that relies on users taking a photo of a personal object. [...]

https://www.bleepingcomputer.com/news/security/researchers-devise-2fa-system-that-relies-on-taking-photos-of-ordinary-objects/

unCAPTCHA Breaks 450 ReCAPTCHAs in Under 6 Seconds

unCAPTCHA is the name of a new automated system designed by a team of four computer science experts from the University of Maryland (UM) that can break Google's reCAPTCHA challenges with an accuracy of 85%. [...]

https://www.bleepingcomputer.com/news/technology/uncaptcha-breaks-450-recaptchas-in-under-6-seconds/

Firefox to Get a Better Password Manager

Mozilla engineers have started work on a project named Lockbox that they describe as "a work-in-progress extension [...] to improve upon Firefox's built-in password management." [...]

https://www.bleepingcomputer.com/news/software/firefox-to-get-a-better-password-manager/

Firefox Implements Another Privacy-Preserving Feature Taken From the Tor Browser

Mozilla engineers have borrowed yet another feature from the Tor Browser and starting with version 58 Firefox will block attempts to fingerprint users using the HTML5 canvas element. [...]

https://www.bleepingcomputer.com/news/software/firefox-implements-another-privacy-preserving-feature-taken-from-the-tor-browser/

Coinhive Miners Found in Android Apps, WordPress Sites

The malicious deployment of in-browser JavaScript-based cryptocurrency mining scripts has continued the past week, and we've seen them reach Android applications on the official Google Play Store, but we've also seen the first mass-deployment as part of a botnet of hacked WordPress sites. [...]

https://www.bleepingcomputer.com/news/security/coinhive-miners-found-in-android-apps-wordpress-sites/