The Steam Halloween Sale Is Here With a Store Full of Treats

Steams annual Halloween Sale has just started and is dishing up some nice discounts on spooky, demonic, and alien games, VR titles, and movies.  [...]

https://www.bleepingcomputer.com/news/gaming/the-steam-halloween-sale-is-here-with-a-store-full-of-treats/

Hacker Wants $50K From Hacker Forum or He'll Share Stolen Database With the Feds

Extortion can also be funny when it happens to the bad guys, and there's one extortion attempt going on right now that will put a big smile on your face. [...]

https://www.bleepingcomputer.com/news/security/hacker-wants-50k-from-hacker-forum-or-hell-share-stolen-database-with-the-feds/

Bad Rabbit Ransomware Outbreak Also Used NSA Exploit

Two days after the Bad Rabbit ransomware outbreak has wreaked havoc in Russia and Ukraine, security researchers are still unearthing details regarding the malware's modus operandi. [...]

https://www.bleepingcomputer.com/news/security/bad-rabbit-ransomware-outbreak-also-used-nsa-exploit/

AI Bot That Mimics the Human Eye Breaks reCAPTCHAs With 66.6% Accuracy

Computer scientists have created an AI algorithm that works on the same principles of the human eye, and that can break various CAPTCHA systems with accuracies of over 50%. [...]

https://www.bleepingcomputer.com/news/technology/ai-bot-that-mimics-the-human-eye-breaks-recaptchas-with-66-6-percent-accuracy/

Discord is Top IM App Among Dark Web Cyber-Criminals

Despite not supporting end-to-end encryption, the Discord service is insanely popular among Dark Web cyber-criminals, nine times more popular than the second-ranked Telegram app, according to a report released this week by Dark Web threat intelligence firm IntSights. [...]

https://www.bleepingcomputer.com/news/security/discord-is-top-im-app-among-dark-web-cyber-criminals/

Researchers Reconstruct Blurred QR Code to Gain Access to $1,000 Bitcoin Wallet

Two French researchers — Michel Sassano and Clement Storck — have reconstructed a blurred QR code to gain access to a Bitcoin wallet that was holding $1,000. [...]

https://www.bleepingcomputer.com/news/technology/researchers-reconstruct-blurred-qr-code-to-gain-access-to-1-000-bitcoin-wallet/

Hackers Can Steal Windows Login Credentials Without User Interaction

Microsoft has patched only recent versions Windows against a dangerous hack that could allow attackers to steal Windows NTLM password hashes without any user interaction. [...]

https://www.bleepingcomputer.com/news/security/hackers-can-steal-windows-login-credentials-without-user-interaction/

Matrix Ransomware Being Distributed by the RIG Exploit Kit

The Matrix Ransomware has started to be distributed through the RIG exploit kit. This article will provide information on what vulnerabilities are being targeted and how to protect yourself. [...]

https://www.bleepingcomputer.com/news/security/matrix-ransomware-being-distributed-by-the-rig-exploit-kit/

Some Bad Rabbit Victims Can Recover Files Without Paying Ransom

Some extremely lucky users will be able to recover files locked by the Bad Rabbit ransomware because of small operational mistakes on the part of the malware's authors. [...]

https://www.bleepingcomputer.com/news/security/some-bad-rabbit-victims-can-recover-files-without-paying-ransom/

The Week in Ransomware - October 27th 2017 - Bad Rabbit & Tyrant

Lots of ransomware in the news this week. Of course the biggest story was the Bad Rabbit outbreak that targeted numerous countries, but mostly Russia and the Ukraine. We also had the Tyrant Ransomware, which was targeting Iranian companies. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-27th-2017-bad-rabbit-and-tyrant/

Google to Remove Public Key Pinning (PKP) Support in Chrome

Late yesterday afternoon, Google announced plans to deprecate and eventually remove PKP support from the Chromium open-source browser, which indirectly means from Chrome. [...]

https://www.bleepingcomputer.com/news/security/google-to-remove-public-key-pinning-pkp-support-in-chrome/

Researchers Devise 2FA System That Relies on Taking Photos of Ordinary Objects

Scientists from Florida International University and Bloomberg have created a custom two-factor authentication (2FA) system that relies on users taking a photo of a personal object. [...]

https://www.bleepingcomputer.com/news/security/researchers-devise-2fa-system-that-relies-on-taking-photos-of-ordinary-objects/

unCAPTCHA Breaks 450 ReCAPTCHAs in Under 6 Seconds

unCAPTCHA is the name of a new automated system designed by a team of four computer science experts from the University of Maryland (UM) that can break Google's reCAPTCHA challenges with an accuracy of 85%. [...]

https://www.bleepingcomputer.com/news/technology/uncaptcha-breaks-450-recaptchas-in-under-6-seconds/

Firefox to Get a Better Password Manager

Mozilla engineers have started work on a project named Lockbox that they describe as "a work-in-progress extension [...] to improve upon Firefox's built-in password management." [...]

https://www.bleepingcomputer.com/news/software/firefox-to-get-a-better-password-manager/

Firefox Implements Another Privacy-Preserving Feature Taken From the Tor Browser

Mozilla engineers have borrowed yet another feature from the Tor Browser and starting with version 58 Firefox will block attempts to fingerprint users using the HTML5 canvas element. [...]

https://www.bleepingcomputer.com/news/software/firefox-implements-another-privacy-preserving-feature-taken-from-the-tor-browser/

Coinhive Miners Found in Android Apps, WordPress Sites

The malicious deployment of in-browser JavaScript-based cryptocurrency mining scripts has continued the past week, and we've seen them reach Android applications on the official Google Play Store, but we've also seen the first mass-deployment as part of a botnet of hacked WordPress sites. [...]

https://www.bleepingcomputer.com/news/security/coinhive-miners-found-in-android-apps-wordpress-sites/

Mozilla Wants to Distrust Dutch HTTPS Provider Because of Local Dystopian Law

Mozilla engineers are discussing plans to remove support for a state-operated Dutch TLS/HTTPS provider after the Dutch government has voted a new law that grants local authorities the power to intercept Internet communications using "false keys." [...]

https://www.bleepingcomputer.com/news/security/mozilla-wants-to-distrust-dutch-https-provider-because-of-local-dystopian-law/

Flaws in Google's Bug Tracker Exposed Company's Vulnerability Database

A Romanian bug hunter has found three flaws in Google's official bug tracker, one of which could have been used to exposed sensitive vulnerabilities to unauthorized intruders. [...]

https://www.bleepingcomputer.com/news/security/flaws-in-googles-bug-tracker-exposed-companys-vulnerability-database/

Oracle Fixes "Default Account" Issue Rated 10 Out of 10 on Severity Scale

Oracle has released patches for a security issue affecting the Oracle Identity Manager that has received a rare 10 out of 10 score on the CVSSv3 bug severity scale. [...]

https://www.bleepingcomputer.com/news/security/oracle-fixes-default-account-issue-rated-10-out-of-10-on-severity-scale/

Facebook Phishing Campaign Targets Android and iOS Users

A Facebook spam campaign is luring users to phishing pages that try to trick targets into handing over Facebook or YouTube credentials. [...]

https://www.bleepingcomputer.com/news/security/facebook-phishing-campaign-targets-android-and-ios-users/