Amazon Key Bug Lets Rogue Deliverymen Re-Enter Homes Without Being Recorded

A month after Amazon launched Amazon Key, security experts have already identified a flaw in the device's mode of operation that could allow rogue deliverymen to re-enter customer homes without being recorded. [...]

https://www.bleepingcomputer.com/news/security/amazon-key-bug-lets-rogue-deliverymen-re-enter-homes-without-being-recorded/

Windows 10 Insider Build 17046 Brings Emoji Updates and a Form Filler for Edge

Today Microsoft released Insider Preview Build 17046 for PC to insiders on the fast ring and to those who opted to Skip Ahead. In this release, Edge now has the ability to automatically fill in forms on web sites. easier access to UWP app options from an app's icon, and the touch keyboard was updated to have better emoji predictions. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-17046-brings-emoji-updates-and-a-form-filler-for-edge/

Firefox Will Warn Users When Visiting Sites That Suffered a Data Breach

Mozilla engineers are working on a notifications system for Firefox that shows a security warning to users visiting sites that have suffered data breaches. [...]

https://www.bleepingcomputer.com/news/security/firefox-will-warn-users-when-visiting-sites-that-suffered-a-data-breach/

Facebook Will Let Users See What Russian Propaganda Accounts They Followed

Facebook announced yesterday they would let users see what Facebook pages and Instagram accounts they followed that are linked to supposed Russian propaganda efforts. [...]

https://www.bleepingcomputer.com/news/technology/facebook-will-let-users-see-what-russian-propaganda-accounts-they-followed/

AlphaBay "PR Guy" Trappy Charged in the US

Authorities in Atlanta, Georgia, have filed official charges against Ronald L. Wheeler, III, a 24-year-old Illinois man known mainly for his online persona of Trappy, or Trappy_AB (Reddit username), the official spokesperson for the AlphaBay Dark Web market. [...]

https://www.bleepingcomputer.com/news/security/alphabay-pr-guy-trappy-charged-in-the-us/

Acer, Dell, Fujitsu, HP, Lenovo, Panasonic Impacted by Intel ME Security Bugs

Acer, Dell, Fujitsu, HP, Lenovo, and Panasonic have officially confirmed that products incorporating Intel chipsets are affected by eight security flaws that allow hackers to take over devices. [...]

https://www.bleepingcomputer.com/news/hardware/acer-dell-fujitsu-hp-lenovo-panasonic-impacted-by-intel-me-security-bugs/

Scarab Ransomware Pushed via Massive Spam Campaign

A ransomware strain known as Scarab, and detected for the first time in June, is now being pushed to millions of users via Necurs, the Internet's largest email spam botnet. [...]

https://www.bleepingcomputer.com/news/security/scarab-ransomware-pushed-via-massive-spam-campaign/

Cryptojacking Script Found in Live Help Widget, Impacts Around 1,500 Sites

Security is a round-the-clock affair. Instead of spending Thanksgiving with family and friends, Las Vegas-based security researcher Troy Mursch was busy all day digging into the code of hundreds of websites to discover the source of a massive cryptojacking campaign that was set in motion today. [...]

https://www.bleepingcomputer.com/news/security/cryptojacking-script-found-in-live-help-widget-impacts-around-1-500-sites/

There's Some Intense Web Scans Going on for Bitcoin and Ethereum Wallets

With both Bitcoin and Ethereum price hitting all-time highs in the past seven days, cyber-criminals have stepped up efforts to search and steal funds stored in these two cryptocurrencies. [...]

https://www.bleepingcomputer.com/news/security/theres-some-intense-web-scans-going-on-for-bitcoin-and-ethereum-wallets/

Intel Plans to End Legacy BIOS Support by 2020

Intel will drop support for the legacy BIOS technology in its modern client and server chipsets by 2020 when the company said its products would support only UEFI Class 3 or higher. [...]

https://www.bleepingcomputer.com/news/hardware/intel-plans-to-end-legacy-bios-support-by-2020/

Mirai Activity Picks up Once More After Publication of PoC Exploit Code

The publication of proof-of-concept (PoC) exploit code in a public vulnerabilities database has lead to increased activity from Mirai-based IoT botnets, Li Fengpei, a security researcher with Qihoo 360 Netlab, told Bleeping Computer today. [...]

https://www.bleepingcomputer.com/news/security/mirai-activity-picks-up-once-more-after-publication-of-poc-exploit-code/

A Hacking Group Is Already Exploiting the Office Equation Editor Bug

A week after details about a severe Microsoft Office vulnerability came to light, at least one criminal group is now using it to infect users. [...]

https://www.bleepingcomputer.com/news/security/a-hacking-group-is-already-exploiting-the-office-equation-editor-bug/

Mystery Surrounds Recent Cryptocurrency Wallet Hack

Users lost over $655,000 worth of Verge cryptocurrency this week, but nobody knows who to blame in an incident involving the maintainers of the CoinPouch wallet app and the Verge cryptocurrency. [...]

https://www.bleepingcomputer.com/news/security/mystery-surrounds-recent-cryptocurrency-wallet-hack/

The Week in Ransomware - November 24th 2017 - qkG, Scarab, Necurs, and More

Not much to report this week other than Necurs starting to push the Scarab Ransomware and a new office document infecting ransomware called qkG. Otherwise, it has been a week of small variants that are in various stages of development. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-24th-2017-qkg-scarab-necurs-and-more/

Imgur Suffered a Small Data Breach in 2014

Late Friday night, Imgur came clean about a security breach that took place in 2014. During the incident, Imgur says an unknown attacker managed to steal details on 1.7 million users, representing about 1.13% of Imgur's total 150 million users. [...]

https://www.bleepingcomputer.com/news/security/imgur-suffered-a-small-data-breach-in-2014/

Golden SAML Attack Lets Attackers Forge Authentication to Cloud Apps

A new technique called "Golden SAML" lets attackers forge authentication requests and access the cloud-based apps of companies that use SAML-compatible domain controllers (DCs) for the authentication of users against cloud services. [...]

https://www.bleepingcomputer.com/news/security/golden-saml-attack-lets-attackers-forge-authentication-to-cloud-apps/

Yahoo Groups Plagued by Downtime, Technical Issues for Almost a Week

Yahoo Groups were nonfunctional all last week, according to customers complaining on the company's support forum and Twitter. [...]

https://www.bleepingcomputer.com/news/technology/yahoo-groups-plagued-by-downtime-technical-issues-for-almost-a-week/

Keybase Bug Might Have Backed up Your Private Encryption Key on Google's Servers

Keybase is notifying Android users of a bug in its mobile app that might have unintentionally included the users' private key —used to encrypt conversations and other private data— into the automatic backups created by the Android OS and uploaded on Google's servers. [...]

https://www.bleepingcomputer.com/news/security/keybase-bug-might-have-backed-up-your-private-encryption-key-on-googles-servers/

#AskACISO Interview with Youri Lammerts van Bueren, CISO of the BUCH

In this edition of #AskACISO,  I interviewed Youri Lammerts van Bueren , the CISO of the BUCH, which manages the Bergen - Uitgeest - Castricum - Heiloo municipalities in the Netherlands. [...]

https://www.bleepingcomputer.com/editorial/interviews/askaciso-interview-with-youri-lammerts-van-bueren-ciso-of-the-buch/

Edge May Soon Switch to Private Browsing Mode Automatically When on NSFW Sites

Last week, Microsoft filed a patent for a new browser technology that will detect when users are visiting NSFW, questionable, or unsafe websites and switch to Private Browsing mode automatically. [...]

https://www.bleepingcomputer.com/news/microsoft/edge-may-soon-switch-to-private-browsing-mode-automatically-when-on-nsfw-sites/