MongoDB Apocalypse Is Here as Ransom Attacks Hit 10,000 Servers

What started as isolated incidents on Monday has transformed into an all out destruction of thousands of MongoDB servers by the end of the week. [...]

https://www.bleepingcomputer.com/news/security/mongodb-apocalypse-is-here-as-ransom-attacks-hit-10-000-servers/

Crooks Cold-Calling UK Schools and Tricking Staff Into Installing Ransomware

The "ActionFraud" UK National Fraud & Cyber Crime Reporting Center has issued an alert this week to UK educational institutes, warning against cyber-criminals cold-calling British schools and tricking staffers into installing ransomware on the school's computers. [...]

https://www.bleepingcomputer.com/news/security/crooks-cold-calling-uk-schools-and-tricking-staff-into-installing-ransomware/

2016's Most Popular Web Technologies

The world of web technology changes at a rapid pace. New projects appear daily, and old tools retire to make room for new arrivals. During 2016, the web technology landscape has changed dramatically, with the arrival of AngularJS 2.0, the proliferation of React.js and maturation of several open-source CMS projects. [...]

https://www.bleepingcomputer.com/news/software/2016s-most-popular-web-technologies/

Clever Phishing Trick You Need to Be Aware Of

One trick, first seen in June 2016, was observed again this past month. This clever phishing attack relies on telling users they received an important or secure file, and they need to visit a web page to view it. The real trick takes place on the crook's page, which shows a blurred out document on the background. [...]

https://www.bleepingcomputer.com/news/security/clever-phishing-trick-you-need-to-be-aware-of/

WordPress, Joomla, and Magento Continue to Be the Most Hacked CMSs

Based on statistical data gathered by Sucuri from 7,937 compromised websites, WordPress, Joomla, and Magento, in this order, continued to be the most hacked CMS platforms in the third quarter of 2016 (months of July, August, and September). [...]

https://www.bleepingcomputer.com/news/security/wordpress-joomla-and-magento-continue-to-be-the-most-hacked-cmss/

MongoDB Apocalypse: Professional Ransomware Group Gets Involved, Infections Reach 28K Servers

The number of hijacked MongoDB servers held for ransom has skyrocketed in the past two days from 10,500 to over 28,200, thanks in large part to the involvement of a professional ransomware group known as Kraken. [...]

https://www.bleepingcomputer.com/news/security/mongodb-apocalypse-professional-ransomware-group-gets-involved-infections-reach-28k-servers/

"Merry Christmas" Ransomware Now Steals User Private Data via DiamondFox Malware

Recent variants of the "Merry Christmas" ransomware, also known as Merry X-Mas, are also downloading the DiamondFox malware on infected computers, which is used by the ransomware's operators to collect data from infected hosts, such as passwords, sensitive files, and others. [...]

https://www.bleepingcomputer.com/news/security/-merry-christmas-ransomware-now-steals-user-private-data-via-diamondfox-malware/

DHS Designates US Voting System as "Critical Infrastructure"

The US Department of Homeland Security (DHS) has upgraded the US voting and election infrastructure as a subsector of the nation's critical infrastructure. [...]

https://www.bleepingcomputer.com/news/government/dhs-designates-us-voting-system-as-critical-infrastructure-/

Los Angeles Valley College Pays a Whopping $30,000 in Ransomware Incident

The Los Angeles Community College District (LACCD) agreed to pay a ransom demand of $28,000 to crooks who managed to infect the computer network of the Los Angeles Valley College (LAVC) with ransomware. [...]

https://www.bleepingcomputer.com/news/security/los-angeles-valley-college-pays-a-whopping-30-000-in-ransomware-incident/

Obituary: Leftover Yahoo Services to Rename as Altaba, Marissa Mayer to Resign

Despite two high-profile data breaches that came to light just after Verizon agreed to buy Yahoo for $4.83 billion, the sale is going forward as initially announced, albeit with some fears on Yahoo's side. [...]

https://www.bleepingcomputer.com/news/business/obituary-leftover-yahoo-services-to-rename-as-altaba-marissa-mayer-to-resign/

New, Poorly-Made Terror Exploit Kit Drops Monero Cryptocurrency Miner

Security researchers from Trustwave and Malwarebytes have come across a new, poorly assembled exploit kit that appears to be the work of a one-man crew. [...]

https://www.bleepingcomputer.com/news/security/new-poorly-made-terror-exploit-kit-drops-monero-cryptocurrency-miner/

Shadow Brokers Now Selling Windows Exploits, Antivirus Bypass Tools

The Shadow Brokers, a group of hackers that have stolen exploits and hacking tools from the National Security Agency (NSA), are now selling some of these tools, which include Windows exploits and antivirus bypass tools, on a website hidden on the ZeroNet network. [...]

https://www.bleepingcomputer.com/news/security/shadow-brokers-now-selling-windows-exploits-antivirus-bypass-tools/

Windows 10 Insider Build 15002 released to PC and Loaded with New Features

Yetsterday Microsoft released the Windows 10 Insider Preview Build 15002 for PC only to Insiders on the fast ring.  The last build that was released was Insider Build 14986 on December 8 2016, so it has been plenty of time for the Windows team to cram goodies into this latest build. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-15002-released-to-pc-and-loaded-with-new-features/

Spora Ransomware Works Offline, Has the Most Sophisticated Payment Site as of Yet

A new ransomware family made its presence felt today, named Spora, the Russian word for "spore." This new ransomware's most notable features are its solid encryption routine, ability to work offline, and a very well put together ransom payment site, the most sophisticated we've seen from ransomware authors as of yet. [...]

https://www.bleepingcomputer.com/news/security/spora-ransomware-works-offline-has-the-most-sophisticated-payment-site-as-of-yet/

Microsoft's January 2017 Patch Tuesday Comes with 4 Security Updates

Today, Microsoft released four security bulletins as part of its monthly security update train known as "Patch Tuesday." This month, two of the four Microsoft security bulletins are rated as critical, the highest severity rating a bulletin can receive. [...]

https://www.bleepingcomputer.com/news/microsoft/microsofts-january-2017-patch-tuesday-comes-with-4-security-updates/

Adobe Updates Adobe Flash, Acrobat, and Reader to Fix 42 Vulnerabilities

Adobe has released updates for Adobe Acrobat, Reader, and Flash that resolve a total of 42 security vulnerabilities. As many of these vulnerabilities are rated as Critical, it is strongly advised that anyone using these products immediately update them to the latest version. [...]

https://www.bleepingcomputer.com/news/security/adobe-updates-adobe-flash-acrobat-and-reader-to-fix-42-vulnerabilities/

Adobe Acrobat Reader DC Update Installs Chrome Browser Extension

Adobe released yesterday Acrobat Reader DC 15.023.20053 that included fixes for 29 security issues. Along with the security fixes, this update package also silently installs the Adobe Acrobat extension into the user's Chrome web browser. [...]

https://www.bleepingcomputer.com/news/software/adobe-acrobat-reader-dc-update-installs-chrome-browser-extension/

Two Aggresive Campaigns Detected Pushing Google Ads to Unsuspecting Users

Over the past weeks, security researchers from Sucuri and Malwarebytes have discovered two campaigns that abuse hacked and fake websites to push Google ads and trick users into clicking these advertisments, for the crooks profits. [...]

https://www.bleepingcomputer.com/news/security/two-aggresive-campaigns-detected-pushing-google-ads-to-unsuspecting-users/

EU to Simplify Those Pesky Cookie Warning Popups, but Not Remove Them

The European Commission is currently debating new legislation that will overhaul some of the EU e-privacy rules, including the hated cookie consent popups that have ruined the web experience for many users. [...]

https://www.bleepingcomputer.com/news/security/eu-to-simplify-those-pesky-cookie-warning-popups-but-not-remove-them/

Operation EyePyramid: Two Siblings Spied on Italy's Elite

Italian authorities have arrested and charged two siblings for carrying out a cyber-espionage campaign against Italy's elite, with targets that varied from famous businessmen to high-ranking politicians, including Matteo Renzi, former Italian prime minister. [...]

https://www.bleepingcomputer.com/news/security/operation-eyepyramid-two-siblings-spied-on-italys-elite/