Hacker Breaches Sacramento Public Transportation System, Asks for 1 BTC Ransom

The Sacramento Regional Transit (SacRT) public transportation agency was forced to shut down its website due to a security breach that took place on Saturday, November 18. [...]

https://www.bleepingcomputer.com/news/security/hacker-breaches-sacramento-public-transportation-system-asks-for-1-btc-ransom/

HP to Release Patch This Week for Printer Security Bugs

HP said it would release firmware patches later this week for several security bugs reported to the company by various cyber-security experts. [...]

https://www.bleepingcomputer.com/news/security/hp-to-release-patch-this-week-for-printer-security-bugs/

qkG Ransomware Encrypts Only Word Documents, Hides and Spreads via Macros

Security researchers have discovered a new ransomware strain named qkG that targets only Office documents for encryption and infects the Word default document template to propagate to new Word documents opened through the same Office suite on the same computer. [...]

https://www.bleepingcomputer.com/news/security/qkg-ransomware-encrypts-only-word-documents-hides-and-spreads-via-macros/

Apple's Latest MacOS Security Update Contained Fix for Plug-n-Hack USB Attack

Details have emerged about one of the vulnerabilities patched by Apple in macOS on October 31, with the release of macOS High Sierra 10.13.1, Sierra 10.12.6, and El Capitan 10.11.6. [...]

https://www.bleepingcomputer.com/news/apple/apples-latest-macos-security-update-contained-fix-for-plug-n-hack-usb-attack/

Best Black Friday Antivirus, VPN, and Computer Security Deals

Below are the best Black Friday and Cyber Monday antivirus, VPN, and computer security deals being offered for the holiday. These promotions have deep discounts from various antivirus companies and deals on VPNs, Pastebin, and even Shodan! [...]

https://www.bleepingcomputer.com/news/deals/best-black-friday-antivirus-vpn-and-computer-security-deals/

Amazon Key Bug Lets Rogue Deliverymen Re-Enter Homes Without Being Recorded

A month after Amazon launched Amazon Key, security experts have already identified a flaw in the device's mode of operation that could allow rogue deliverymen to re-enter customer homes without being recorded. [...]

https://www.bleepingcomputer.com/news/security/amazon-key-bug-lets-rogue-deliverymen-re-enter-homes-without-being-recorded/

Windows 10 Insider Build 17046 Brings Emoji Updates and a Form Filler for Edge

Today Microsoft released Insider Preview Build 17046 for PC to insiders on the fast ring and to those who opted to Skip Ahead. In this release, Edge now has the ability to automatically fill in forms on web sites. easier access to UWP app options from an app's icon, and the touch keyboard was updated to have better emoji predictions. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-17046-brings-emoji-updates-and-a-form-filler-for-edge/

Firefox Will Warn Users When Visiting Sites That Suffered a Data Breach

Mozilla engineers are working on a notifications system for Firefox that shows a security warning to users visiting sites that have suffered data breaches. [...]

https://www.bleepingcomputer.com/news/security/firefox-will-warn-users-when-visiting-sites-that-suffered-a-data-breach/

Facebook Will Let Users See What Russian Propaganda Accounts They Followed

Facebook announced yesterday they would let users see what Facebook pages and Instagram accounts they followed that are linked to supposed Russian propaganda efforts. [...]

https://www.bleepingcomputer.com/news/technology/facebook-will-let-users-see-what-russian-propaganda-accounts-they-followed/

AlphaBay "PR Guy" Trappy Charged in the US

Authorities in Atlanta, Georgia, have filed official charges against Ronald L. Wheeler, III, a 24-year-old Illinois man known mainly for his online persona of Trappy, or Trappy_AB (Reddit username), the official spokesperson for the AlphaBay Dark Web market. [...]

https://www.bleepingcomputer.com/news/security/alphabay-pr-guy-trappy-charged-in-the-us/

Acer, Dell, Fujitsu, HP, Lenovo, Panasonic Impacted by Intel ME Security Bugs

Acer, Dell, Fujitsu, HP, Lenovo, and Panasonic have officially confirmed that products incorporating Intel chipsets are affected by eight security flaws that allow hackers to take over devices. [...]

https://www.bleepingcomputer.com/news/hardware/acer-dell-fujitsu-hp-lenovo-panasonic-impacted-by-intel-me-security-bugs/

Scarab Ransomware Pushed via Massive Spam Campaign

A ransomware strain known as Scarab, and detected for the first time in June, is now being pushed to millions of users via Necurs, the Internet's largest email spam botnet. [...]

https://www.bleepingcomputer.com/news/security/scarab-ransomware-pushed-via-massive-spam-campaign/

Cryptojacking Script Found in Live Help Widget, Impacts Around 1,500 Sites

Security is a round-the-clock affair. Instead of spending Thanksgiving with family and friends, Las Vegas-based security researcher Troy Mursch was busy all day digging into the code of hundreds of websites to discover the source of a massive cryptojacking campaign that was set in motion today. [...]

https://www.bleepingcomputer.com/news/security/cryptojacking-script-found-in-live-help-widget-impacts-around-1-500-sites/

There's Some Intense Web Scans Going on for Bitcoin and Ethereum Wallets

With both Bitcoin and Ethereum price hitting all-time highs in the past seven days, cyber-criminals have stepped up efforts to search and steal funds stored in these two cryptocurrencies. [...]

https://www.bleepingcomputer.com/news/security/theres-some-intense-web-scans-going-on-for-bitcoin-and-ethereum-wallets/

Intel Plans to End Legacy BIOS Support by 2020

Intel will drop support for the legacy BIOS technology in its modern client and server chipsets by 2020 when the company said its products would support only UEFI Class 3 or higher. [...]

https://www.bleepingcomputer.com/news/hardware/intel-plans-to-end-legacy-bios-support-by-2020/

Mirai Activity Picks up Once More After Publication of PoC Exploit Code

The publication of proof-of-concept (PoC) exploit code in a public vulnerabilities database has lead to increased activity from Mirai-based IoT botnets, Li Fengpei, a security researcher with Qihoo 360 Netlab, told Bleeping Computer today. [...]

https://www.bleepingcomputer.com/news/security/mirai-activity-picks-up-once-more-after-publication-of-poc-exploit-code/

A Hacking Group Is Already Exploiting the Office Equation Editor Bug

A week after details about a severe Microsoft Office vulnerability came to light, at least one criminal group is now using it to infect users. [...]

https://www.bleepingcomputer.com/news/security/a-hacking-group-is-already-exploiting-the-office-equation-editor-bug/

Mystery Surrounds Recent Cryptocurrency Wallet Hack

Users lost over $655,000 worth of Verge cryptocurrency this week, but nobody knows who to blame in an incident involving the maintainers of the CoinPouch wallet app and the Verge cryptocurrency. [...]

https://www.bleepingcomputer.com/news/security/mystery-surrounds-recent-cryptocurrency-wallet-hack/

The Week in Ransomware - November 24th 2017 - qkG, Scarab, Necurs, and More

Not much to report this week other than Necurs starting to push the Scarab Ransomware and a new office document infecting ransomware called qkG. Otherwise, it has been a week of small variants that are in various stages of development. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-24th-2017-qkg-scarab-necurs-and-more/

Imgur Suffered a Small Data Breach in 2014

Late Friday night, Imgur came clean about a security breach that took place in 2014. During the incident, Imgur says an unknown attacker managed to steal details on 1.7 million users, representing about 1.13% of Imgur's total 150 million users. [...]

https://www.bleepingcomputer.com/news/security/imgur-suffered-a-small-data-breach-in-2014/