Lenovo's Fingerprint Scanner Can Be Bypassed via a Hardcoded Password

Lenovo has issued security updates for a fingerprint scanner app it shipped with ThinkPad, ThinkCentre, and ThinkStation machines. [...]

https://www.bleepingcomputer.com/news/security/lenovos-fingerprint-scanner-can-be-bypassed-via-a-hardcoded-password/

IOTA Cryptocurrency Users Lose $4 Million in Clever Phishing Attack

A clever hacker made off with nearly $4 million worth of IOTA cryptocurrency after patiently setting up an elaborate phishing site for almost half a year. [...]

https://www.bleepingcomputer.com/news/security/iota-cryptocurrency-users-lose-4-million-in-clever-phishing-attack/

Tor-to-Web Proxy Caught Replacing Bitcoin Addresses on Ransomware Payment Sites

The operators of at least one Tor proxy service was recently caught replacing Bitcoin addresses on ransomware ransom payment sites, diverting funds meant to pay for ransomware decrypters to the site's operators. [...]

https://www.bleepingcomputer.com/news/security/tor-to-web-proxy-caught-replacing-bitcoin-addresses-on-ransomware-payment-sites/

GandCrab Ransomware Distributed by Exploit Kits, Appends GDCB Extension

A new ransomware called GandCrab was released towards the end of last week that is currently being distributed via exploit kits. GandCrab has some interesting features not seen before in a ransomware, such as being the first to accept the DASH currency and the first to utilize the Namecoin powered .BIT tld.  [...]

https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-distributed-by-exploit-kits-appends-gdcb-extension/

Cisco Fixes Remote Code Execution Bug Rated 10 Out of 10 on Severity Scale

Cisco has released software patches that fix a major vulnerability affecting Cisco devices running Adaptive Security Appliance (ASA) Software. [...]

https://www.bleepingcomputer.com/news/security/cisco-fixes-remote-code-execution-bug-rated-10-out-of-10-on-severity-scale/

Scientists Warn of Transduction Attacks on Sensors

Professors from universities in China and the US are warning about the impending danger of "transduction attacks" on sensors deployed with everyday devices. [...]

https://www.bleepingcomputer.com/news/security/scientists-warn-of-transduction-attacks-on-sensors/

Dutch Banks, Tax Agency Under DDoS Attacks a Week After Big Russian Hack Reveal

At least three Dutch banks and the Dutch tax office reported on Monday suffering coordinated DDoS attacks against their respective infrastructures. [...]

https://www.bleepingcomputer.com/news/security/dutch-banks-tax-agency-under-ddos-attacks-a-week-after-big-russian-hack-reveal/

Teen Sentenced 8 Years in Prison for Buying Bomb on the Dark Web to Kill Parents

A UK court has sentenced a 19-year-old teenager to eight years in prison for buying a car bomb on the Dark Web with the intention of killing his parents. [...]

https://www.bleepingcomputer.com/news/security/teen-sentenced-8-years-in-prison-for-buying-bomb-on-the-dark-web-to-kill-parents/

Rep. Devin Nunes Campaign Site Still Hosts Russian SEO Spam From Last Year's Hack

The campaign website of a controversial US politician was hacked last year and hosted Russian SEO spam, according to several sources. [...]

https://www.bleepingcomputer.com/news/security/rep-devin-nunes-campaign-site-still-hosts-russian-seo-spam-from-last-years-hack/

Suspect Arrested for Hacking GoGet Car-Sharing Service

Australian police have arrested a 37-year-old man on accusations of hacking GoGet, a car-sharing service. [...]

https://www.bleepingcomputer.com/news/security/suspect-arrested-for-hacking-goget-car-sharing-service/

Facebook Bans Ads for Cryptocurrencies and ICOs

In a new ad policy that rolled out today, Facebook, the Internet's largest social network, has banned all ads for cryptocurrencies and ICOs (Initial Coin Offerings). [...]

https://www.bleepingcomputer.com/news/cryptocurrency/facebook-bans-ads-for-cryptocurrencies-and-icos/

Google Removed Over 700,000 Malicious Android Apps From the Play Store in 2017

Google says it removed over 700,000 bad or malicious apps from the Play Store in 2017, up 70% from 2016. [...]

https://www.bleepingcomputer.com/news/security/google-removed-over-700-000-malicious-android-apps-from-the-play-store-in-2017/

Microsoft Drops the Hammer on Coercive Registry Cleaners & System Optimizers

Starting March 1st 2018, Windows Defender and other Microsoft products will begin to remove programs that display coercive behavior. This includes registry cleaners and system optimizers that offer free scans, display alarming messages, and then require the user to purchase it.before fixing anything. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-drops-the-hammer-on-coercive-registry-cleaners-and-system-optimizers/

Mozilla Fixes Severe Flaw in Firefox UI That Leads to Remote Code Execution

Mozilla has released Firefox 58.0.1 to fix a security issue that was hiding in the browser's UI code and would have allowed an attacker to run code on the user's computer, allowing a quick and easy path to delivering malware or even taking over the entire PC. [...]

https://www.bleepingcomputer.com/news/security/mozilla-fixes-severe-flaw-in-firefox-ui-that-leads-to-remote-code-execution/

Security Bug Affects Over 300,000 Oracle POS Systems

Hackers have a new security flaw in their arsenal they can exploit to install POS malware on Oracle Micros point-of-sale systems. [...]

https://www.bleepingcomputer.com/news/security/security-bug-affects-over-300-000-oracle-pos-systems/

Image Previewer: First Firefox Addon that Injects an In-Browser Miner?

A Firefox extension called Image Previewer was discovered today that not only displays popups, but also injects a Monero in-browser miner into Firefox. While we have seen numerous Chrome extensions injecting in-browser miners, this is the first time I have seen a Firefox addon with this behavior. [...]

https://www.bleepingcomputer.com/news/security/image-previewer-first-firefox-addon-that-injects-an-in-browser-miner/

Google Chrome to Feature Built-In Image Lazy Loading

Future versions of Google Chrome will feature built-in support for lazy loading, a mechanism to defer the loading of images and iframes if they are not visible on the user's screen at load time. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-to-feature-built-in-image-lazy-loading/

MindLost Ransomware Is a Piece of Junk That Wants to Collect Credit Card Details

Security researchers have discovered a new strain of ransomware that encrypts users files and redirects users to an online page to pay the ransom via credit/debit card. [...]

https://www.bleepingcomputer.com/news/security/mindlost-ransomware-is-a-piece-of-junk-that-wants-to-collect-credit-card-details/

We May Soon See Malware Leveraging the Meltdown and Spectre Vulnerabilities

Security researchers are seeing an ever-increasing number of malware samples that are experimenting with the Meltdown and Spectre vulnerabilities. [...]

https://www.bleepingcomputer.com/news/security/we-may-soon-see-malware-leveraging-the-meltdown-and-spectre-vulnerabilities/

Smominru Botnet Infected Over 500,000 Windows Machines

Over 526,000 Windows computers —mainly Windows servers— have been infected with Monero mining software by a group that operates the biggest such botnet known to date. [...]

https://www.bleepingcomputer.com/news/security/smominru-botnet-infected-over-500-000-windows-machines/