A New North Korean Hacker Group Is Making a Name for Itself

A lesser-known North Korean cyber-espionage outfit has become more active on the international scene in 2017, after spending the previous five years targeting only South Korean government agencies and North Korean defectors. [...]

https://www.bleepingcomputer.com/news/security/a-new-north-korean-hacker-group-is-making-a-name-for-itself/

uTorrent Client Affected by Some Pretty Severe Security Flaws

A Google security researcher has found multiple security flaws affecting the uTorrent web and desktop client that allow an attacker to infect a victim with malware or collect data on the users' past downloads. [...]

https://www.bleepingcomputer.com/news/security/utorrent-client-affected-by-some-pretty-severe-security-flaws/

The Annabelle Ransomware Is a Horrific Mess

While most ransomware is created to actually generate revenue, some developers create them to show off their "skills".  Such is the case with a new ransomware based off of the horror movie franchise Annabelle. [...]

https://www.bleepingcomputer.com/news/security/the-annabelle-ransomware-is-a-horrific-mess/

Hackers Can Hijack over 52,000 Baby Monitor Video Feeds

Vulnerabilities in the Mi-Cam smart baby monitor allow hackers to hijack video feeds from all devices, located anywhere in the world. [...]

https://www.bleepingcomputer.com/news/security/hackers-can-hijack-over-52-000-baby-monitor-video-feeds/

Microsoft Fixes Windows 10 Vulnerability But Doesn't

A Google security engineer says Microsoft has failed to properly patch a security flaw affecting Windows 10 and Windows Server 2016 distributions. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-vulnerability-but-doesnt/

The Many Hats Club: An InfoSec Group For All Skill Levels

The Many Hats Club is a group where members of the InfoSec community can share information, build connections, and get to know each other. This group caters to all experience levels and if you are interested in getting into InfoSec or want to have discussions with your peers, this group may be something you want to take a look at. [...]

https://www.bleepingcomputer.com/editorial/security/the-many-hats-club-an-infosec-group-for-all-skill-levels/

Here We Go Again: Intel Releases Updated Spectre Patches

In a press release on Tuesday, Intel announced it resumed the deployment of CPU microcode firmware updates. These updates are meant to mitigate the Spectre Variant 2 vulnerability —CVE-2017-5715. [...]

https://www.bleepingcomputer.com/news/hardware/here-we-go-again-intel-releases-updated-spectre-patches/

PHP Community Takes Steps to Stop Installation of Libraries with Unpatched Bugs

Some of the most influential voices in the PHP community have united on a project to improve the security of the PHP ecosystem. [...]

https://www.bleepingcomputer.com/news/security/php-community-takes-steps-to-stop-installation-of-libraries-with-unpatched-bugs/

After Intel & Equifax Incidents, SEC Warns Execs Not to Trade Stock While Investigating Security Incidents

The US Securities and Exchange Commission (SEC) released a statement yesterday, warning high-ranking executives not to trade stocks before the disclosing breaches, major vulnerabilities, and other cybersecurity related incidents. [...]

https://www.bleepingcomputer.com/news/business/after-intel-and-equifax-incidents-sec-warns-execs-not-to-trade-stock-while-investigating-security-incidents/

The Market of Stolen Code-Signing Certificates Is Too Expensive for Most Hackers

There's a thriving underground market for buying and selling code-signing certificates meant to help malware pass unnoticed by security scanners, but according to new research, the prices for such certificates are too high, and only a few hackers can afford one. [...]

https://www.bleepingcomputer.com/news/security/the-market-of-stolen-code-signing-certificates-is-too-expensive-for-most-hackers/

Botched npm Update Crashes Linux Systems, Forces Users to Reinstall

A bug in npm (Node Package Manager), the most widely used JavaScript package manager, will change ownership of crucial Linux system folders, such as /etc, /usr, /boot. [...]

https://www.bleepingcomputer.com/news/linux/botched-npm-update-crashes-linux-systems-forces-users-to-reinstall/

SamSam Ransomware Hits Colorado DOT, Agency Shuts Down 2,000 Computers

The Colorado Department of Transportation (DOT) has shut down over 2,000 computers after some systems got infected with the SamSam ransomware on Wednesday, February 21. [...]

https://www.bleepingcomputer.com/news/security/samsam-ransomware-hits-colorado-dot-agency-shuts-down-2-000-computers/

Android P Will Block Background Apps from Accessing Phone's Camera & Microphone

Android P, the next major version of the Android operating system, will block idle (background) applications from accessing a smartphone's camera or microphone. [...]

https://www.bleepingcomputer.com/news/mobile/android-p-will-block-background-apps-from-accessing-phones-camera-and-microphone/

PSA: Improperly Secured Linux Servers Targeted with Chaos Backdoor

Hackers are using SSH brute-force attacks to take over Linux systems secured with weak passwords and are deploying a backdoor named Chaos. [...]

https://www.bleepingcomputer.com/news/linux/psa-improperly-secured-linux-servers-targeted-with-chaos-backdoor/

Bitcoin Exchange Admin Charged for Lying About Hack

US authorities have arrested a Texas man who founded two Bitcoin-related platforms that got hacked. Officials charged the on accusations of lying to Securities Exchange Commission (SEC) officials in the subsequent investigation. [...]

https://www.bleepingcomputer.com/news/cryptocurrency/bitcoin-exchange-admin-charged-for-lying-about-hack/

US Border Agents Didn't Verify Any e-Passports Since 2007 Because They Didn't Have the Software

The United States of America, the country with one of the most draconian border crossing procedures in the world, hadn't verified the validity of chip-implanted e-passports since 2007, the time when foreigners were first required to have one. [...]

https://www.bleepingcomputer.com/news/government/us-border-agents-didnt-verify-any-e-passports-since-2007-because-they-didnt-have-the-software/

Data Keeper Ransomware Makes First Victims Two Days After Release on Dark Web RaaS

Two days after crooks started advertising the Data Keeper Ransomware-as-a-Service (RaaS) on the Dark Web, ransomware strains generated on this portal have already been spotted in the wild, infecting the computers of real-world users. [...]

https://www.bleepingcomputer.com/news/security/data-keeper-ransomware-makes-first-victims-two-days-after-release-on-dark-web-raas/

Ad Network Uses DGA Algorithm to Bypass Ad Blockers and Deploy In-Browser Miners

An advertising network is hiding in-browser cryptocurrency miners (cryptojacking scripts) in the ads it serves on customer sites, and has been doing so since December 2017, according to revelations made over the weekend by the Qihoo 360 Netlab team. [...]

https://www.bleepingcomputer.com/news/security/ad-network-uses-dga-algorithm-to-bypass-ad-blockers-and-deploy-in-browser-miners/

Nanocore RAT Author Gets 33 Months in Prison

US authorities have sentenced an Arkansas man to 33 months in prison and two years of supervised release for aiding and abetting hackers by creating and selling malware. [...]

https://www.bleepingcomputer.com/news/security/nanocore-rat-author-gets-33-months-in-prison/

Visa: EMV Cards Cut Down Counterfeit Card Fraud in the US by 70%

Visa said last week that two years after US retailers started deploying terminals that could read chip-based credit and debit cards, reports of counterfeit card fraud have dropped by 70%. [...]

https://www.bleepingcomputer.com/news/security/visa-emv-cards-cut-down-counterfeit-card-fraud-in-the-us-by-70-percent/