Fake Amazon Order Confirmations Push Banking Trojans on Holiday Shoppers

Phishing and malspam campaigns are in high gear for the holidays and a new campaign pretending to be an Amazon order confirmation is particularly dangerous as people shop for holiday gifts. [...]

https://www.bleepingcomputer.com/news/security/fake-amazon-order-confirmations-push-banking-trojans-on-holiday-shoppers/

Historic APT10 Cyber Espionage Group Breached Systems in Over 12 Countries

A well-known hacking group linked with China's intelligence and security agency has been pilfering secrets for over a decade from organizations in at least 12 countries, from a diverse range of industries. [...]

https://www.bleepingcomputer.com/news/security/historic-apt10-cyber-espionage-group-breached-systems-in-over-12-countries/

How to Decrypt the Stupid Ransomware Family with StupidDecrypter

Stupid Ransomware is a family of ransomware infections that are typically utilized by less skilled developers and many utilize themes based on movies, pop-culture, or pretend to be law enforcement. This family of ransomware infections are created using an open source project that was posted to GitHub. [...]

https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-the-stupid-ransomware-family-with-stupiddecrypter/

The Week in Ransomware - December 21st 2018 - No More Ransomware

Slow week with ransomware news as we lead up into the holidays. Mostly small variants that won't get much distribution or releases of new variants of older ransomware. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-21st-2018-no-more-ransomware/

The Clickjacking Bug that Facebook Won't Fix

A security professional exposed to a spam campaign on Facebook discovered the method used by the perpetrator and submitted a report through the company's bug bounty program. The issue still exists because Faceboook dismissed it on on the grounds that it does not change the state of the account. [...]

https://www.bleepingcomputer.com/news/security/the-clickjacking-bug-that-facebook-wont-fix/

Info on Over 500,000 Students and Staff Exposed in San Diego School District Hack

Personal information belonging to over half a million students going back the 2008-2009 school year, parents, and staff members of San Diego Unified School District (SDUSD) may have been compromised in a data breach incident. [...]

https://www.bleepingcomputer.com/news/security/info-on-over-500-000-students-and-staff-exposed-in-san-diego-school-district-hack/

New Tech Support Scam Causes Chrome Browser to Use 100% of the CPU

A new tech support scam has been discovered that uses JavaScript to create a loop that ultimately causes Google Chrome to use up all of the CPU resources on the computer and freeze the browser. [...]

https://www.bleepingcomputer.com/news/security/new-tech-support-scam-causes-chrome-browser-to-use-100-percent-of-the-cpu/

Hacking Christmas Lights For Fun and Mischief

Researchers playing with Twinkly IoT lights found security weaknesses that allowed them to display custom lighting effects and to remotely turn off their Christmas brilliance. They estimate that about 20,000 devices are reachable over the internet. [...]

https://www.bleepingcomputer.com/news/security/hacking-christmas-lights-for-fun-and-mischief/

Orange LiveBox Modems Targeted for SSID and WiFi Info

A vulnerability in LiveBox ADSL modems from Orange allows an attacker to retrieve their SSID and WiFi password in plaintext by simply sending a request over the internet. [...]

https://www.bleepingcomputer.com/news/security/orange-livebox-modems-targeted-for-ssid-and-wifi-info/

Windows 10's Disk Cleanup Getting a New Warning About Downloads Folder

Windows 10's 19H1 update will add a new warning message in the Disk Cleanup app for the Downloads folder. Starting with Windows 10 Build 18305, the Disk Cleanup finally displays a warning when the user selects the Downloads folder. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10s-disk-cleanup-getting-a-new-warning-about-downloads-folder/

Beware of BMW Lottery Email Scam Stating You Won a BMW M240i

Emails are going around that may make you think you won a free 2018 BMW 2 Series M240i for the holidays, but the reality is that you just received a scam email that is trying to gather your personal information. [...]

https://www.bleepingcomputer.com/news/security/beware-of-bmw-lottery-email-scam-stating-you-won-a-bmw-m240i/

18 Months Later, WannaCry Still Lurks on Infected Computers

Eighteen months after the initial outbreak of the WannaCry Ransomware infection, the malware continues to rear its head on thousands, if not hundreds of thousands, of infected computers. [...]

https://www.bleepingcomputer.com/news/security/18-months-later-wannacry-still-lurks-on-infected-computers/

JungleSec Ransomware Infects Victims Through IPMI Remote Consoles

A ransomware called JungleSec is infecting victims through insecure IPMI (Intelligent Platform Management Interface) cards since early November. [...]

https://www.bleepingcomputer.com/news/security/junglesec-ransomware-infects-victims-through-ipmi-remote-consoles/

New Shamoon Sample from France Signed with Baidu Certificate

A new sample of Shamoon disk-wiping malware was uploaded from France recently to the VirusTotal scanning platform. It tries to pass as a system optimization tool from Chinese technology company Baidu. [...]

https://www.bleepingcomputer.com/news/security/new-shamoon-sample-from-france-signed-with-baidu-certificate/

Mozilla is Making it Easier to Search Open Tabs in Firefox

If you always have a lot of tabs open and its difficult to find a particular tab, Mozilla is introducing a feature that will make this easier. Starting in Firefox 66, Mozilla will be adding the ability to search the open tabs in Firefox in order to find a particular tab. [...]

https://www.bleepingcomputer.com/news/software/mozilla-is-making-it-easier-to-search-open-tabs-in-firefox/

Demo Exploit Code Published for Remote Code Execution via Microsoft Edge

Exploit code demonstrating a memory corruption bug in Microsoft's Edge web browser has been published today by the researcher that discovered and reported the vulnerability in the first place. The code can lead to remote code execution on unpatched machines. [...]

https://www.bleepingcomputer.com/news/security/demo-exploit-code-published-for-remote-code-execution-via-microsoft-edge/

Microsoft is Adding AVIF Image Support to Windows 10

Starting with Windows 10 Insider build 18305, Microsoft has started to add support for the AVIF image format. This support is first being added to Microsoft Paint and File Explorer, but can be expanded to other applications through an API. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-is-adding-avif-image-support-to-windows-10/

Shared Tweeting Privileges Easy to Get by Spoofing Phone Numbers

Twitter accounts of several celebrities and journalists in the UK shared control of the tweet feed to an unauthorized user for a brief period. [...]

https://www.bleepingcomputer.com/news/security/shared-tweeting-privileges-easy-to-get-by-spoofing-phone-numbers/

Windows 10 19H1 Update to Introduce Windows Security App Improvements

In latest 19H1 preview builds, Microsoft has introduced new Windows Security app improvements including the ability to set up Tamper Protection and view Protection History. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-19h1-update-to-introduce-windows-security-app-improvements/

Breaking Protections in Hardware Cryptocurrency Wallets

A team of security researchers showed how fragile is the security of some hardware cryptocurrency wallets. The experts tested the Trezor One, Ledger Nano S, and Ledger Blue against supply-chain and side-channel attacks, and found chip and firmware-level vulnerabilities. [...]

https://www.bleepingcomputer.com/news/security/breaking-protections-in-hardware-cryptocurrency-wallets/