Coinhive Miners Found in Android Apps, WordPress Sites

The malicious deployment of in-browser JavaScript-based cryptocurrency mining scripts has continued the past week, and we've seen them reach Android applications on the official Google Play Store, but we've also seen the first mass-deployment as part of a botnet of hacked WordPress sites. [...]

https://www.bleepingcomputer.com/news/security/coinhive-miners-found-in-android-apps-wordpress-sites/

Mozilla Wants to Distrust Dutch HTTPS Provider Because of Local Dystopian Law

Mozilla engineers are discussing plans to remove support for a state-operated Dutch TLS/HTTPS provider after the Dutch government has voted a new law that grants local authorities the power to intercept Internet communications using "false keys." [...]

https://www.bleepingcomputer.com/news/security/mozilla-wants-to-distrust-dutch-https-provider-because-of-local-dystopian-law/

Flaws in Google's Bug Tracker Exposed Company's Vulnerability Database

A Romanian bug hunter has found three flaws in Google's official bug tracker, one of which could have been used to exposed sensitive vulnerabilities to unauthorized intruders. [...]

https://www.bleepingcomputer.com/news/security/flaws-in-googles-bug-tracker-exposed-companys-vulnerability-database/

Oracle Fixes "Default Account" Issue Rated 10 Out of 10 on Severity Scale

Oracle has released patches for a security issue affecting the Oracle Identity Manager that has received a rare 10 out of 10 score on the CVSSv3 bug severity scale. [...]

https://www.bleepingcomputer.com/news/security/oracle-fixes-default-account-issue-rated-10-out-of-10-on-severity-scale/

Facebook Phishing Campaign Targets Android and iOS Users

A Facebook spam campaign is luring users to phishing pages that try to trick targets into handing over Facebook or YouTube credentials. [...]

https://www.bleepingcomputer.com/news/security/facebook-phishing-campaign-targets-android-and-ios-users/

ONI Ransomware Used in Month-Long Attacks Against Japanese Companies

As more and more ransomware outbreaks are discovered, the line has become blurred in whether they are being utilized as a wiper or an actual ransomware. Such is the case with a new ransomware attack called ONI that has been used in targeted month long attacks against Japanese companies. [...]

https://www.bleepingcomputer.com/news/security/oni-ransomware-used-in-month-long-attacks-against-japanese-companies/

New VibWrite System Uses Finger Vibrations to Authenticate Users

Rutgers engineers have created a new type of user authentication system that relies on transmitting vibrations through a surface and having the user touch the surface to generate a unique signature. This signature is then used to approve or deny a user access to an app, room, or building. [...]

https://www.bleepingcomputer.com/news/technology/new-vibwrite-system-uses-finger-vibrations-to-authenticate-users/

Comodo Sells SSL Business to Silicon Valley VC Firm for Undisclosed Amount

Comodo, the Internets' leading Certificate Authority (CA), has sold a majority stake in its SSL issuance business for an undisclosed amount to Francisco Partners, a San Francisco-based venture capital firm. [...]

https://www.bleepingcomputer.com/news/business/comodo-sells-ssl-business-to-silicon-valley-vc-firm-for-undisclosed-amount/

UK Man Arrested for Selling Malware, DDoS Attacks on Google & Skype Servers

UK authorities have arrested a 21-year-old man for launching DDoS attacks on online services like Google, Skype, and Pokemon, but also for selling malware online. [...]

https://www.bleepingcomputer.com/news/security/uk-man-arrested-for-selling-malware-ddos-attacks-on-google-and-skype-servers/

Signal Launches Standalone Desktop Application for Windows, Mac, Linux

Open Whisper Systems, the company behind the Signal IM service, has finally launched standalone desktop applications for Windows, macOS, and Linux. [...]

https://www.bleepingcomputer.com/news/software/signal-launches-standalone-desktop-application-for-windows-mac-linux/

iOS 11.1 Released with New Emojis and Fixes for the KRACK Vulnerabilities

Apple just released iOS 11.1 & macOS High Sierra 10.13.1, which includes a variety of fixes, over 70 new emojis, and numerous security updates. Also released today are new updates for tvOS, watchOS, Safari, iTunes, and iCloud.  [...]

https://www.bleepingcomputer.com/news/security/ios-11-1-released-with-new-emojis-and-fixes-for-the-krack-vulnerabilities/

Nvidia AI Bot Creates Random Lifelike Human Faces

Advances in artificial intelligence are coming fast and furious these days, and one of the most impressive is an AI bot created by Nvidia researchers that can generate images of random and extremely realistic human faces. [...]

https://www.bleepingcomputer.com/news/technology/nvidia-ai-bot-creates-random-lifelike-human-faces/

CryptoShuffler Stole $150,000 by Replacing Bitcoin Wallet IDs in PC Clipboards

The operators of a malware strain identified as CryptoShuffler have made at least $150,000 worth of Bitcoin by using an extremely simple scheme. [...]

https://www.bleepingcomputer.com/news/security/cryptoshuffler-stole-150-000-by-replacing-bitcoin-wallet-ids-in-pc-clipboards/

"Silence" Trojan Records Pseudo-Videos of Bank PCs to Aid Bank Cyber-Heists

Kaspersky Lab experts have found a new trojan that was deployed to aid cyber-heists of banks in Russia, Armenia, and Malaysia. Experts named the new trojan Silence. [...]

https://www.bleepingcomputer.com/news/security/-silence-trojan-records-pseudo-videos-of-bank-pcs-to-aid-bank-cyber-heists/

Android Oreo Adaptive Icons Bug Sends Thousands of Phones Into Infinite Boot Loops

A bug in the new "Adaptive Icons" feature introduced in Android Oreo has sent thousands of phones into infinite boot loops, forcing some users to reset their devices to factory settings, causing users to lose data along the way. [...]

https://www.bleepingcomputer.com/news/mobile/android-oreo-adaptive-icons-bug-sends-thousands-of-phones-into-infinite-boot-loops/

Hackers Using Default SSH Creds to Take Over Ethereum Mining Equipment

A threat actor is mass-scanning the Internet for Ethereum mining equipment running ethOS that is still using the operating system's default SSH credentials. The attacker is using these creds to gain access to the mining rig and replace the owner's Ethereum wallet address with his own. [...]

https://www.bleepingcomputer.com/news/security/hackers-using-default-ssh-creds-to-take-over-ethereum-mining-equipment/

PSA: Beware the Image Downloader Chrome Adware Extension

This article is to alert visitors about an unwanted extension called Image Downloader that is currently on the Chrome Web Store. This extension injects advertisements into web pages and search result pages. [...]

https://www.bleepingcomputer.com/news/security/psa-beware-the-image-downloader-chrome-adware-extension/

59% of Employees Hit by Ransomware at Work Paid Ransom Out of Their Own Pockets

A survey of more than 1,000 office workers carried out by business cloud services provider Intermedia has revealed that 59% of employees that had their computer hit by ransomware paid the ransom demand out of their own pockets. [...]

https://www.bleepingcomputer.com/news/security/59-percent-of-employees-hit-by-ransomware-at-work-paid-ransom-out-of-their-own-pockets/

Malware Dev Who Used Spam Botnet to Pay for College Gets No Prison Time

A Pittsburgh judge sentenced a malware dev to two years probation and no prison time for his involvement with a spam botnet. [...]

https://www.bleepingcomputer.com/news/security/malware-dev-who-used-spam-botnet-to-pay-for-college-gets-no-prison-time/

Police Arrest Suspect in #LeakTheAnalyst Mandiant Hacking Incident

Law enforcement authorities have arrested an individual believed to be behind Operation #LeakTheAnalyst that took place over the summer. [...]

https://www.bleepingcomputer.com/news/security/police-arrest-suspect-in-leaktheanalyst-mandiant-hacking-incident/