Epic Fail: Linux Encryption App Cryptkeeper Has Universal Password: 'p'

A data encryption app for Linux users named Cryptkeeper has a bug that allows anyone to decrypt locked content using the password "p". [...]

https://www.bleepingcomputer.com/news/security/epic-fail-linux-encryption-app-cryptkeeper-has-universal-password-p/

CryptoMix variant named CryptoShield 1.0 Ransomware Distributed by Exploit Kits

A new CryptoMix variant called CryptoShield 1.0 Ransomware has been discovered by ProofPoint security researcher Kafeine being distributed via EITest and the RIG exploit kit. [...]

https://www.bleepingcomputer.com/news/security/cryptomix-variant-named-cryptoshield-1-0-ransomware-distributed-by-exploit-kits/

GitLab Goes Down After Employee Deletes the Wrong Folder

GitLab.com, a web service for hosting and syncing source code, similar to GitHub, has gone down last night at around 18:00 ET, January 31, and after 11 hours, at the time of publishing, the website is still down. [...]

https://www.bleepingcomputer.com/news/hardware/gitlab-goes-down-after-employee-deletes-the-wrong-folder/

Mobile Security Firm Wants to Buy Expired Zero-Days

Zimperium, the mobile security company that discovered the Stagefright bug in the summer of 2015, announced yesterday its intention to buy fully-working exploits for former Android and iOS zero-days. [...]

https://www.bleepingcomputer.com/news/security/mobile-security-firm-wants-to-buy-expired-zero-days/

Spam Accounts for Two-Thirds of All Email Volume, and It's Still Going Up

Reports released by different security vendors highlight that spam campaigns grew tremendously in 2016, as exploit kit activity fell after the three major players went down. [...]

https://www.bleepingcomputer.com/news/security/spam-accounts-for-two-thirds-of-all-email-volume-and-its-still-going-up/

EU Announces End of All Roaming Charges Starting June 15

The European Union announced today an agreement between various regulating bodies and mobile carriers that will help eliminate in most part roaming charges across the EU space starting with June 15, 2016. [...]

https://www.bleepingcomputer.com/news/mobile/eu-announces-end-of-all-roaming-charges-starting-june-15/

New Research Shows Sorry State of Printer Security

Knowing that printers are everywhere and they can leak sensitive information, these devices are precious reconnaissance and pivot points for any hacker trying to breach sensitive enterprise networks. [...]

https://www.bleepingcomputer.com/news/security/new-research-shows-sorry-state-of-printer-security/

WordPress Team Fixed a Zero-Day Behind Everyone's Back and Told No One

The WordPress security team revealed yesterday they've secretly fixed a zero-day vulnerability in the WordPress CMS, which wasn't initially included in the official announcement. [...]

https://www.bleepingcomputer.com/news/security/wordpress-team-fixed-a-zero-day-behind-everyones-back-and-told-no-one/

Gmail Drops Support for Windows XP and Vista Users on Chrome

Google says that starting with February 8, Chrome users will have to use version 54 or 55 (current) if they want to access their Gmail accounts. [...]

https://www.bleepingcomputer.com/news/software/gmail-drops-support-for-windows-xp-and-vista-users-on-chrome/

Windows DRM Files Used to Decloak Tor Browser Users

Downloading and trying to open Windows DRM-protected files can deanonymize Tor Browser users and reveal their real IP addresses, security researchers from Hacker House have warned. [...]

https://www.bleepingcomputer.com/news/security/windows-drm-files-used-to-decloak-tor-browser-users/

Some Windows 10 Devices Still Exposed to DMA Attacks That Can Steal BitLocker Keys

An upcoming Windows 10 Insiders Build version will include a patch that will improve the protection against DMA attacks that could allow attackers to extract BitLocker encryption keys and other sensitive information from Windows 10 and 8.1 PCs. [...]

https://www.bleepingcomputer.com/news/security/some-windows-10-devices-still-exposed-to-dma-attacks-that-can-steal-bitlocker-keys/

Mozilla to Drop Support for All NPAPI Plugins in Firefox 52, Except Flash

Starting with March 7, when Mozilla is scheduled to release Firefox 52, all plugins built on the old NPAPI technology will stop working in Firefox, except for Flash, which Mozilla plans to support for a few more versions. [...]

https://www.bleepingcomputer.com/news/software/mozilla-to-drop-support-for-all-npapi-plugins-in-firefox-52-except-flash/

SMB Zero-Day Affects Several Windows Versions, Including Windows 10

Proof-of-concept code for a zero-day in the SMB (Server Message Block) protocol that affects several Windows versions has been published online today, sending sysadmins into a frenzy to protect vulnerable machines. [...]

https://www.bleepingcomputer.com/news/security/smb-zero-day-affects-several-windows-versions-including-windows-10/

Ransomware Incident Shuts Down County's Government Infrastructure

A ransomware infection that took root on late Tuesday night, January 31, affected several services provided by the local Licking County (Ohio) government infrastructure. [...]

https://www.bleepingcomputer.com/news/security/ransomware-incident-shuts-down-countys-government-infrastructure/

Two Arrested in London for Infecting Washington's CCTV Network with Ransomware

UK's National Crime Agency said today that officers arrested two suspects for hacking the Washington CCTV network and installing ransomware. [...]

https://www.bleepingcomputer.com/news/security/two-arrested-in-london-for-infecting-washingtons-cctv-network-with-ransomware/

Ranion Ransomware-as-a-Service Available on the Dark Web for 'Educational Purposes'

A new Ransomware-as-a-Service (RaaS) portal that recently launched on the Dark Web is peddling access to a fully-working ransomware distribution network for extremely low prices. [...]

https://www.bleepingcomputer.com/news/security/ranion-ransomware-as-a-service-available-on-the-dark-web-for-educational-purposes/

Someone Tried to Resurrect 14-Year-Old SQL Slammer Worm

For a week in November and December 2016, someone tried to resurrect the 14-year-old SQL Slammer worm, according to security firm Check Point, who reported today that they've "detected a massive increase in the number of attack attempts." [...]

https://www.bleepingcomputer.com/news/security/someone-tried-to-resurrect-14-year-old-sql-slammer-worm/

The Week in Ransomware - February 3rd 2017 - CryptoShield, Spora, and Exploit Kits

Ransomware, ransomware, ransomware. It never seems to end. This week we see lots of little ransomware infections being developer or distributed. The good news is that we also have seen quite a few decryptors released to help those who were infected. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-3rd-2017-cryptoshield-spora-and-exploit-kits/

Deception Is the Main Strategy of Recent Android Adware

At Symantec's behest, Google has removed three Android apps from the Play Store because these apps used various tricks to fool security scanners and deliver unwanted ads to the people that installed them. [...]

https://www.bleepingcomputer.com/news/security/deception-is-the-main-strategy-of-recent-android-adware/

YourRansom Is the Latest in a Long Line of Prank and Educational Ransomware

Ransomware infections are problematic enough on their own, even if they aren't the subject of a prank or some annoying demagogue trying to "teach" you about the dangers of crypto-ransomware. [...]

https://www.bleepingcomputer.com/news/security/yourransom-is-the-latest-in-a-long-line-of-prank-and-educational-ransomware/