Emsisoft Browser Security Protects You from Malicious Sites

For those looking for extra protection while browsing the web, Emsisoft has a released a browser extension that will block you from interacting with known phishing, malware, or scam sites. [...]

https://www.bleepingcomputer.com/news/security/emsisoft-browser-security-protects-you-from-malicious-sites/

Banks in West Africa Hit with Off-The-Shelf Malware, Free Tools

Attacks hitting financial organizations in West Africa since at least mid-2017 rely on off-the-shelf malware, free hacking tools, and utilities already available on the target systems to steal credentials, install backdoors, and run commands. [...]

https://www.bleepingcomputer.com/news/security/banks-in-west-africa-hit-with-off-the-shelf-malware-free-tools/

Flaw in Telegram Reveals Awful OpSec from Malware Author

A weakness in the protection of messages delivered using the Telegram Bot API gave researchers access to the communication flow between a piece of malware and its operator. [...]

https://www.bleepingcomputer.com/news/security/flaw-in-telegram-reveals-awful-opsec-from-malware-author/

Rocke's Cryptominers Kills Competition, Uninstall Cloud Security Products

Analysis of new malware samples used by the Rocke group for cryptojacking reveals code that uninstalls from Linux servers multiple cloud security and monitoring products developed by Tencent Cloud and Alibaba Cloud [...]

https://www.bleepingcomputer.com/news/security/rockes-cryptominers-kills-competition-uninstall-cloud-security-products/

Fake GPS Apps with 50M Installs Just Show Ads and Run Google Maps

19 Android apps with over 50 million installs were found on the Google Play store that state that they are full featured GPS apps, but instead simply show an advertisement and then show Google Maps. [...]

https://www.bleepingcomputer.com/news/security/fake-gps-apps-with-50m-installs-just-show-ads-and-run-google-maps/

Android Apps Steal Banking Info, Use Motion Sensor to Evade Detection

Two Android apps infected with a banking malware dropper were found on the Google Play Store, already having been installed on thousands of Android devices and sporting dozens of fake five-star ratings. [...]

https://www.bleepingcomputer.com/news/security/android-apps-steal-banking-info-use-motion-sensor-to-evade-detection/

Microsoft Launches Azure DevOps Bounty Program

Microsoft Security Response Center (MSRC) announced the launch of a bug bounty program starting January 17 and targeting the Azure DevOps services and the latest release of Azure DevOps server [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-launches-azure-devops-bounty-program/

ES File Explorer Flaws Put 100 Million Users' Data at Risk, Fix Promised

ES File Explorer users now have to wait to see what issue will be fixed in the next update: the always-on web server giving access to all their files to anyone on the same Wi-Fi network or the MitM attack vulnerability [...]

https://www.bleepingcomputer.com/news/security/es-file-explorer-flaws-put-100-million-users-data-at-risk-fix-promised/

Data Breach Collection with 773 Million Email Entries Leaked Online

A giant 87 gigabyte archive consisting of 773 million unique email addresses and their associated cracked, or dehashed, passwords has been spotted being promoted on an online hacking forum. This file is being called "Collection #1" and was designed to easily be used in credential stuffing attacks. [...]

https://www.bleepingcomputer.com/news/security/data-breach-collection-with-773-million-email-entries-leaked-online/

Twitter Fixes Four Year Old Bug in Android App Exposing Private Tweets

Twitter announced today that an issue in its app for Android exposed some users' protected tweets for over four years, if they made certain changes to their account settings. [...]

https://www.bleepingcomputer.com/news/security/twitter-fixes-four-year-old-bug-in-android-app-exposing-private-tweets/

BlackRouter Ransomware Promoted as a RaaS by Iranian Developer

A ransomware called BlackRouter has been discovered being promoted as a Ransomware-as-a-Service on Telegram by an Iranian developer. This same actor previousl distributed another ransomware called Blackheart and promotes other infections such as a RAT. [...]

https://www.bleepingcomputer.com/news/security/blackrouter-ransomware-promoted-as-a-raas-by-iranian-developer/

Windows Zero-Day Bug that Overwrites Files Gets Interim Fix

A micropatch has been released today for a vulnerability in Windows that allows overwriting files, even system one, with arbitrary data. [...]

https://www.bleepingcomputer.com/news/security/windows-zero-day-bug-that-overwrites-files-gets-interim-fix/

Facebook Caught Red Handed While Swiping Money From Children

According to court documents part of a 2012 class-action lawsuit made public by a federal judge at the request of The Center for Investigative Reporting's Reveal, social network giant Facebook has made a habit of charging kids without their parents' knowledge while playing games on its platform . [...]

https://www.bleepingcomputer.com/news/security/facebook-caught-red-handed-while-swiping-money-from-children/

Vulnerabilities Found in Highly Popular Firmware for WiFi Chips

WiFi chip firmware in a variety of devices used mainly for gaming, but also for personal computing, and communication comes with multiple issues. At least some of them could be exploited to run arbitrary code remotely without requiring user interaction. [...]

https://www.bleepingcomputer.com/news/security/vulnerabilities-found-in-highly-popular-firmware-for-wifi-chips/

Amazon, Apple, Others Hit with GDPR Complaints, €18.8B Maximum Penalties

Ten GDPR complaints were filed by noyb against Amazon, Apple, DAZN, Spotify, SoundCloud, YouTube, Flimmit, Netflix with the Austrian Data Protection Authority for violations of Article 15, with a maximum penalty across all complaints of €18.8 billion [...]

https://www.bleepingcomputer.com/news/security/amazon-apple-others-hit-with-gdpr-complaints-188b-maximum-penalties/

Fallout Exploit Kit is Back with New Vulnerabilities and Payloads

The Fallout exploit kit is back in business after a short downtime, with new tools under its belt: a new Flash exploit for CVE-2018-15982, HTTPS support, a new landing page format, and the capability to deliver payloads using Powershell [...]

https://www.bleepingcomputer.com/news/security/fallout-exploit-kit-is-back-with-new-vulnerabilities-and-payloads/

The Week in Ransomware - January 18th 2019 - Devs Back from Vacation

The ransomware developers must be back from vacation as there were a lot of new releases this week. In addition to new variants of existing ransomware such as Dharma, Scarab, Matrix, and more, we also had a few new variants pop up. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-18th-2019-devs-back-from-vacation/

Phishing Attack Allegedly Targeted US DNC After 2018 Midterms

According to documents added to an amended complaint filed on January 17, the Democratic National Committee says that it was allegedly targeted by a Russian intelligence-coordinated phishing attack just a few days after the 2018 midterms. [...]

https://www.bleepingcomputer.com/news/security/phishing-attack-allegedly-targeted-us-dnc-after-2018-midterms/

Mozilla is Adding an Ad Blocker to Firefox Focus 9.0

Mozilla is adding an ad blocker to Firefox Focus 9.0, which is scheduled to be released next month. While some Focus users may currently see ads blocked, this is not being done intentionally, but is more of a byproduct of their tracker blocking. [...]

https://www.bleepingcomputer.com/news/software/mozilla-is-adding-an-ad-blocker-to-firefox-focus-90/

DarkHydrus APT Uses Google Drive to Send Commands to RogueRobin Trojan

New malicious campaigns attributed to DarkHydrus APT group show the adversary's use of a new variant of the RogueRobin Trojan and of Google Drive as an alternative command and control (C2) communication channel. [...]

https://www.bleepingcomputer.com/news/security/darkhydrus-apt-uses-google-drive-to-send-commands-to-roguerobin-trojan/