Popular USB Audio Driver Ships With Root Certificate, Big Security No-No

The Savitech USB audio driver installation package will install a root CA certificate into the Windows trusted root certificate store, in an incident that's reminiscent of the Superfish and eDellRoot episodes from 2015 and 2016, respectively. [...]

https://www.bleepingcomputer.com/news/security/popular-usb-audio-driver-ships-with-root-certificate-big-security-no-no/

Hacker Holds University for Ransom, Threatens to Dump Student Info

A hacker is trying to extort a Canadian university, threatening to dump student information unless university top brass pay 30,000 CAD (23,000 USD). [...]

https://www.bleepingcomputer.com/news/security/hacker-holds-university-for-ransom-threatens-to-dump-student-info/

Twitter Employee Deletes Donald Trump's Twitter Account on Last Day at Work

A rogue Twitter employee deleted President Trump's personal Twitter account on his last day as a customer support rep for the social network. [...]

https://www.bleepingcomputer.com/news/technology/twitter-employee-deletes-donald-trumps-twitter-account-on-last-day-at-work/

Experts Propose Standard for IoT Firmware Updates

Security experts have filed a proposal with the Internet Engineering Task Force (IETF) that defines a secure framework for delivering firmware updates to Internet of Things (IoT) devices. [...]

https://www.bleepingcomputer.com/news/security/experts-propose-standard-for-iot-firmware-updates/

TorMoil Vulnerability Leaks Real IP Address from Tor Browser Users

The Tor Project has released a security update for the Tor Browser on Mac and Linux to fix a vulnerability that leaks users' real IP addresses. [...]

https://www.bleepingcomputer.com/news/security/tormoil-vulnerability-leaks-real-ip-address-from-tor-browser-users/

GIBON Ransomware Being Distributued by Malspam

A new ransomware has been discovered called GIBON that is being distributed via malspam emails with malicious documents. [...]

https://www.bleepingcomputer.com/news/security/gibon-ransomware-being-distributued-by-malspam/

The Week in Ransomware - November 3rd 2017 - GIBON & ONI

Mostly small variants released this week, but we did have a new ransomware called GIBON that is interesting, and even better, decryptable. The other interesting news is about the ONI ransomware that appears to have be used as a smokescreen or wiper for an extended attack against Japanese companies. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-3rd-2017-gibon-and-oni/

Estonia Cancels 760,000 Electronic ID Cards Because of Crypto Flaw

Estonian authorities have decided to block and disable over 760,000 national electronic ID cards due to a cryptographic vulnerability that could allow attackers to clone IDs and forge identities. [...]

https://www.bleepingcomputer.com/news/government/estonia-cancels-760-000-electronic-id-cards-because-of-crypto-flaw/

Crypto Bugs in IEEE Standard Exposes Intellectual Property in Plaintext

Due to the usage of weak cryptography in the IEEE P1735 electronics standard, attackers can recover highly-valuable intellectual property in plaintext. [...]

https://www.bleepingcomputer.com/news/security/crypto-bugs-in-ieee-standard-exposes-intellectual-property-in-plaintext/

Student Arrested for Using Keylogger to Change Grades Over 90 Times

This past Thursday, a former University of Iowa student appeared in court on charges of hacking his school and professors and changing grades for himself and a few other fellow students. [...]

https://www.bleepingcomputer.com/news/security/student-arrested-for-using-keylogger-to-change-grades-over-90-times/

Popular Anime Site Crunchyroll.com Hijacked to Distribute Malware

Popular Anime site Crunchyroll.com was taken offline this morning due to a hack that caused visitors to be prompted to download a desktop version of their software. This software, though, was not as it seemed because it also included malware that was installed along with it. [...]

https://www.bleepingcomputer.com/news/security/popular-anime-site-crunchyroll-com-hijacked-to-distribute-malware/

Weird iOS Bug Replaces "I" With "A[?]" in Text Messages

iOS versions 11.0.3 and 11.1 are affected by a bug that replaces the letter "I" with "A[?]" in text messages. [...]

https://www.bleepingcomputer.com/news/apple/weird-ios-bug-replaces-i-with-a-in-text-messages/

GIBON Ransomware Being Sold on Underground Criminal Forums

Last week we posted an analysis of the GIBON Rasnsomware that was discovered being spread via malspam campaigns. Today, an anonymous source told BleepingComputer that this ransomware has been marketed on underground criminal forums since as early as May 2017. [...]

https://www.bleepingcomputer.com/news/security/gibon-ransomware-being-sold-on-underground-criminal-forums/

Popular Firefox Bookmark Syncing Add-On Starts Losing... Bookmarks

Users of the Firefox Xmarks bookmark syncing add-on are reporting various problems with the plugin, some of which include corrupted bookmarks, failed sync operations, or popup spamming. [...]

https://www.bleepingcomputer.com/news/software/popular-firefox-bookmark-syncing-add-on-starts-losing-bookmarks/

Get Watch_Dogs on PC for Free Starting Tomorrow

Starting tomorrow at 11am EST and ending on November 13th, Ubisoft is giving away free licenses of Watch_Dogs for PC. For those who are unfamiliar with Watch_Dogs, the game revolves around a hacker who seeks revenge on those who hurt his family. [...]

https://www.bleepingcomputer.com/news/gaming/get-watch-dogs-on-pc-for-free-starting-tomorrow/

Comcast Xfinity Internet Service Down Across Large Parts the US

Comcast Xfinity Internet service is down in large areas of the US due to unknown reasons, according to multiple online reports. [...]

https://www.bleepingcomputer.com/news/technology/comcast-xfinity-internet-service-down-across-large-parts-the-us/

Microsoft Releases Standards for Highly Secure Windows 10 Devices

Yesterday, Microsoft released new standards that consumers should follow in order to have a highly secure Windows 10 device. These standards include the type of hardware that should be included in the system and the firmware features. [...]

https://www.bleepingcomputer.com/news/security/microsoft-releases-standards-for-highly-secure-windows-10-devices/

Misconfigured Amazon S3 Buckets Expose Users, Companies to Stealthy MitM Attacks

Hackers can exploit exposed Amazon S3 buckets to carry out silent Man-in-the-Middle attacks or other hacks on a company's customers or internal staff. [...]

https://www.bleepingcomputer.com/news/security/misconfigured-amazon-s3-buckets-expose-users-companies-to-stealthy-mitm-attacks/

Facebook to Fight Revenge Porn by Letting Potential Victims Upload Nudes in Advance

Facebook is testing new technology that is designed to help victims of revenge porn acts. This new tool is currently under testing in Australia, and the company says it plans to expand it to other countries if everything goes well. [...]

https://www.bleepingcomputer.com/news/technology/facebook-to-fight-revenge-porn-by-letting-potential-victims-upload-nudes-in-advance/

Researcher Details New Windows Code Injection Technique Named PROPagate

A security researcher has discovered a new code injection technique that works on all recent Windows versions and allows miscreants to inject malicious code into other applications undetected. [...]

https://www.bleepingcomputer.com/news/security/researcher-details-new-windows-code-injection-technique-named-propagate/