Erebus Ransomware Utilizes a UAC Bypass and Request a $90 Ransom Payment

A ransomware called Erebus has been discovered that utilizes a UAC bypass, encrypts file name extensions using ROT-23, and has a low ransom amount of ~$90USD. [...]

https://www.bleepingcomputer.com/news/security/erebus-ransomware-utilizes-a-uac-bypass-and-request-a-90-ransom-payment/

High-End Phishing Kit Automates Attacks on PayPal Accounts

Security researchers from Proofpoint have come across a sophisticated phishing kit that automates the process of building and deploying high-end phishing pages, and which is extremely efficient at collecting login credentials and user details from PayPal users. [...]

https://www.bleepingcomputer.com/news/security/high-end-phishing-kit-automates-attacks-on-paypal-accounts/

Bill Reforming Email Privacy Gets One Step Closer to Reality

The Email Privacy Act (EPA) is for the second year in a row in front of the US Senate after the US House of Representatives approved the bill on Monday. [...]

https://www.bleepingcomputer.com/news/government/bill-reforming-email-privacy-gets-one-step-closer-to-reality/

Russia Arrests Nine More Involved with the Lurk Malware

Russian authorities arrested nine hackers they suspect of being involved in the distribution of the Lurk malware. This is the second wave of arrests after authorities apprehended 50 suspects in May 2016. [...]

https://www.bleepingcomputer.com/news/security/russia-arrests-nine-more-involved-with-the-lurk-malware/

Mirai Gets a Windows Version to Boost Distribution Efforts

Security researchers have stumbled upon a Windows trojan that hackers are using to help with the distribution of the infamous Mirai Linux malware, used to infect IoT devices and carry out massive DDoS attacks. [...]

https://www.bleepingcomputer.com/news/security/mirai-gets-a-windows-version-to-boost-distribution-efforts/

Vivaldi 1.7 Released with Built-In Page Screenshot Utility

Vivaldi Software released today version 1.7 of the Vivaldi browser, which now includes a built-in screen capturing utility that allows users to take snapshots of the entire page or just small sections. [...]

https://www.bleepingcomputer.com/news/software/vivaldi-1-7-released-with-built-in-page-screenshot-utility/

US Embassies Could Ask Visa Applicants for Social Media Passwords

The US is considering a measure that would ask visa applications to give up passwords for social media accounts if they want to receive passage to the United States, according to statements made by Department of Homeland Security Secretary John Kelly at a DHS committee meeting on Tuesday. [...]

https://www.bleepingcomputer.com/news/government/us-embassies-could-ask-visa-applicants-for-social-media-passwords/

Google Will Purge the Play Store of Android Apps Without a Valid Privacy Policy

Google plans to clean up the Play Store by limiting the visibility and even removing Android apps that don't have a listed privacy policy. [...]

https://www.bleepingcomputer.com/news/mobile/google-will-purge-the-play-store-of-android-apps-without-a-valid-privacy-policy/

Hackers Used Legitimate Apps to Attack Banks and Governments in 40 Countries

Hackers attacking banks and government institutions have used legitimate and reputable applications to infect computers and steal data, all while leaving minimal traces behind. [...]

https://www.bleepingcomputer.com/news/security/hackers-used-legitimate-apps-to-attack-banks-and-governments-in-40-countries/

Former NSA Contractor Indicted for Stealing Secret Files for 20 Years

The US Department of Justice (DoJ) filed official charges today against Harold Thomas Martin III, 52, of Glen Burnie, Maryland, for stealing over 50TB of documents from several US government agencies, including documents labeled as Top Secret. [...]

https://www.bleepingcomputer.com/news/security/former-nsa-contractor-indicted-for-stealing-secret-files-for-20-years/

AthenaGo RAT Uses Tor2Web Proxy System to Hide C&C Server

Security researchers have discovered a never-before-seen remote access trojan (RAT) that utilizes Tor proxies to redirect traffic from infected hosts to servers hidden on the Tor network. [...]

https://www.bleepingcomputer.com/news/security/athenago-rat-uses-tor2web-proxy-system-to-hide-candc-server/

Windows Insider Build 15031 for PC Adds Dynamic Lock and Compact Overlay Windows

Yesterday Microsoft released Insider Preview Build 15031 for PC to insiders in the fast ring, This release introduces two new features called Dynamic Lock and Compact Overlay Windows. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-insider-build-15031-for-pc-adds-dynamic-lock-and-compact-overlay-windows/

Serpent Ransoware Wants to Sink Its Fangs Into Your Data

A new ransomware called Serpent Ransomware has been discovered that appears to be a new variant of the Hades Locker and Wildfire infections. This article provides a brief summary of how the ransomware is distributed and detailed description of how it encrypts a computer. [...]

https://www.bleepingcomputer.com/news/security/serpent-ransoware-wants-to-sink-its-fangs-into-your-data/

Google Makes WordPress Site Owners Nervous Due to Confusing Security Alerts

For the past few days, Google has been making a lot of webmasters very nervous, as its Google Search Console service, formerly known as Google Webmaster, has been sending out security alerts to people it shouldn't. [...]

https://www.bleepingcomputer.com/news/security/google-makes-wordpress-site-owners-nervous-due-to-confusing-security-alerts/

Attacks on WordPress Sites Intensify as Hackers Deface Over 1.5 Million Pages

Attacks on WordPress sites using a vulnerability in the REST API, patched in WordPress version 4.7.2, have intensified over the past two days, as attackers have now defaced over 1.5 million pages, spread across 39,000 unique domains. [...]

https://www.bleepingcomputer.com/news/security/attacks-on-wordpress-sites-intensify-as-hackers-deface-over-1-5-million-pages/

DynA-Crypt not only Encrypts Your Files, but Also Steals Your Info

A new ransomware called DynA-Crypt was discovered by GData malware analyst Karsten Hahn that not only encrypts your data, but also tries to steal a ton of information from a victim's computer. Ransomware & information stealing infections have become all-to-common, but when you combine the two into the complete mess called DynA-Crypt. [...]

https://www.bleepingcomputer.com/news/security/dyna-crypt-not-only-encrypts-your-files-but-also-steals-your-info/

Apple iCloud Kept Deleted Browser History Around for Over a Year

Apple appears to have been keeping deleted browser history in users' iCloud accounts, for as long as a year, according to Vladimir Katalov, CEO of ElcomSoft, a company that makes forensics and data recovery tools for Apple products. [...]

https://www.bleepingcomputer.com/news/apple/apple-icloud-kept-deleted-browser-history-around-for-over-a-year/

Quickly Add an .onion URL to Your Site with the Enterprise Onion Toolkit (EOTK)

Security researcher Alec Muffett has created a new project called the Enterprise Onion Toolkit (EOTK), which can help website owners add a .onion URL for their site's domain in a matter of minutes. [...]

https://www.bleepingcomputer.com/news/security/quickly-add-an-onion-url-to-your-site-with-the-enterprise-onion-toolkit-eotk-/

Instapaper Needs One Week to Restore Full Service After 31-Hour Downtime

Link bookmarking service Instapaper came back online today following a critical database issue that forced it offline for 31 hours over the past two days. [...]

https://www.bleepingcomputer.com/news/software/instapaper-needs-one-week-to-restore-full-service-after-31-hour-downtime/

Macro Malware Hits Mac Users

After hounding Windows users for well over two decades, macro malware has taken its first steps towards affecting the other operating system on which the Microsoft Office suite is available, and that's Apple's macOS. [...]

https://www.bleepingcomputer.com/news/security/macro-malware-hits-mac-users/