Over 1.1 Million People Signed New 'Pardon Snowden' Petition

1,101,252 people signed a petition that asks President Barack Obama to pardon and exonerate NSA whistleblower Edward Snowden of all charges. The petition was set in motion in September 2016, just before the premiere of the Snowden movie, directed by Oliver Stone, and starring Joseph Gordon-Levitt as Snowden. [...]

https://www.bleepingcomputer.com/news/government/over-1-1-million-people-signed-new-pardon-snowden-petition/

Android Apps Caught Stealing Instagram Passwords for Turkish Users

Mobile security experts with Intel Security (McAfee) have discovered a rash of Android apps available through the Google Play Store that were stealing Instagram credentials and uploading the data to a remote server. [...]

https://www.bleepingcomputer.com/news/security/android-apps-caught-stealing-instagram-passwords-for-turkish-users/

One in Six Accounts Secured With Password '123456'

The team at Keeper, a password manager application, has compiled a list of 2016's most commonly used passwords, and yet again people have chosen the simplistic "123456" as their favorite password in 2016. [...]

https://www.bleepingcomputer.com/news/security/one-in-six-accounts-secured-with-password-123456/

The Fine Art of Trolling a Security Researcher

Malware authors are trolling security researchers on VirusTotal by posting abusing comments, marking their websites as dangerous sites, and voting recently discovered malicious files as "harmless." [...]

https://www.bleepingcomputer.com/news/security/the-fine-art-of-trolling-a-security-researcher/

Dutch Developer Added Backdoor to Websites He Built, Phished Over 20,000 Users

A Dutch developer illegally accessed the accounts of over 20,000 users after he collected their login information via backdoors installed on websites he built. According to an official statement, Dutch police officials are now in the process of notifying these victims about the crook's actions. [...]

https://www.bleepingcomputer.com/news/security/dutch-developer-added-backdoor-to-websites-he-built-phished-over-20-000-users/

McDonald's Official Website Exposes Passwords in Cleartext

Security researcher Tijme Gommers has discovered and publicly disclosed an issue in the McDonald's official website that allows an attacker to gain access to a user's password in cleartext. [...]

https://www.bleepingcomputer.com/news/security/mcdonalds-official-website-exposes-passwords-in-cleartext/

Opera Presto Source Code Leaks Online

An unknown third-party has leaked the source code of the old Opera Presto browser engine on GitHub, and later on Bitbucket, two services for hosting and sharing source code online. [...]

https://www.bleepingcomputer.com/news/software/opera-presto-source-code-leaks-online/

New GhostAdmin Malware Used for Data Theft and Exfiltration

Security researcher MalwareHunterTeam discovered today a new malware family that can infect computers and allow crooks to take control of these PCs using commands sent via an IRC channel. [...]

https://www.bleepingcomputer.com/news/security/new-ghostadmin-malware-used-for-data-theft-and-exfiltration/

Locky Ransomware Activity Goes Down by 81%

For more than four weeks, the only source of Locky ransomware infections has been through spam campaigns that distributed the Kovter click-fraud malware, as the primary source of Locky infections, the Necurs botnet, has been offline for the Christmas and New Year holidays. [...]

https://www.bleepingcomputer.com/news/security/locky-ransomware-activity-goes-down-by-81-percent/

Malware Uses Google Services as Command-and-Control Servers

Recent versions of the Carbanak malware are now abusing several Google services to host command-and-control (C&C) infrastructure, which they use to manage infections and exfiltrate stolen data. [...]

https://www.bleepingcomputer.com/news/security/malware-uses-google-services-as-command-and-control-servers/

Indiana Cancer Agency Hit by Aggressive Ransomware Group

A ransomware group has infected the computers of an Indiana-based cancer agency and have asked for a large payment of 50 Bitcoin ($44,800). The victim is Cancer Services of East Central Indiana-Little Red Door, an organization that helps "reduce the financial and emotional burdens of those dealing with a cancer diagnosis." [...]

https://www.bleepingcomputer.com/news/security/indiana-cancer-agency-hit-by-aggressive-ransomware-group/

Chrome Users Targeted with Malware via New "Font Wasn't Found" Technique

Google Chrome users need to be on the lookout for websites trying to trick them into downloading a font update package for their browser, as most chances are that the file is laced with malware. [...]

https://www.bleepingcomputer.com/news/security/chrome-users-targeted-with-malware-via-new-font-wasnt-found-technique/

Intel CPUs Can Be Pwned via USB Port and Debugging Interface

Attackers with access to a device can take control over a target's computer and bypass all local security systems by abusing a hardware debugging interface included with Intel CPUs, which in recent years has become accessible via an external USB 3.0 port. [...]

https://www.bleepingcomputer.com/news/hardware/intel-cpus-can-be-pwned-via-usb-port-and-debugging-interface/

Mozilla Reveals New Logo Following Seven-Month Search

The Mozilla Foundation has launched a new logo and visual identity today to replace the old red dinosaur head that previously stood as its official logo. [...]

https://www.bleepingcomputer.com/news/software/mozilla-reveals-new-logo-following-seven-month-search/

Database Ransom Attacks Hit CouchDB and Hadoop Servers

For the past week, unknown groups of cyber-criminals have taken control of and wiped data from CouchDB and Hadoop databases, in some cases asking for a ransom fee to return the stolen files, but in some cases, destroying data just for fun. [...]

https://www.bleepingcomputer.com/news/security/database-ransom-attacks-hit-couchdb-and-hadoop-servers/

Two Emojis Can Crash Any iPhone and iPad

YouTube star EverythingApplePro has published a video today revealing two new methods through which someone could crash iOS devices. [...]

https://www.bleepingcomputer.com/news/apple/two-emojis-can-crash-any-iphone-and-ipad/

Apple Releases Critical Security Updates for GarageBand and Logic Pro X

Today Apple released the GarageBand 10.1.5.1 and Logic Pro X 10.3 updates to fix a critical vulnerability in both program that could lead to remote code execution. [...]

https://www.bleepingcomputer.com/news/apple/apple-releases-critical-security-updates-for-garageband-and-logic-pro-x/

Oracle Delivers a Whopping 270 Fixes in 2017's First Critical Patch Update

Today, Oracle released their January 2017 Critical Patch Update, or CPU, that resolves a massive 270 vulnerabilities across all of their products. Of these 270 vulnerabilities, over 100 are remotely exploitable without authentication. [...]

https://www.bleepingcomputer.com/news/security/oracle-delivers-a-whopping-270-fixes-in-2017s-first-critical-patch-update/

Labor Department Sues Oracle for Paying White Males More, Favoring Indian Hires

Oracle risks to lose all current and future contracts with the US government after the US Department of Labor (DoL) has filed a lawsuit against the company's US Division, Oracle America., Inc.. [...]

https://www.bleepingcomputer.com/news/business/labor-department-sues-oracle-for-paying-white-males-more-favoring-indian-hires/

Ancient Mac Malware Found Used in Recent Attacks, Can Work on Linux Too

Apple has recently patched macOS against possible attacks from a backdoor trojan discovered by Malwarebytes, which Apple engineers call Fruitfly, and Malwarebytes detects as OSX.Backdoor.Quimitchin. [...]

https://www.bleepingcomputer.com/news/security/ancient-mac-malware-found-used-in-recent-attacks-can-work-on-linux-too/