Mac Malware Linked to Infamous Russian Cyber-Espionage Group

Russian cyberspies known as APT28 have created a Mac version of their famous XAgent (X-Agent, Sofacy) malware, which already has versions for Windows, iOS, and Android. [...]

https://www.bleepingcomputer.com/news/security/mac-malware-linked-to-infamous-russian-cyber-espionage-group/

Researchers Discover Self-Healing Malware That Targets Magento Stores

Dutch malware experts have found a new malware strain that targets online shops running on the Magento platform, which can self-heal using code hidden in the website's database. [...]

https://www.bleepingcomputer.com/news/security/researchers-discover-self-healing-malware-that-targets-magento-stores/

Hacker Rasputin Breaches Over 60 Universities and Government Agencies

A financially-motivated, Russian-speaking hacker known as Rasputin, has breached and stolen data from universities in the US and the UK, and federal, state, and local US government agencies. [...]

https://www.bleepingcomputer.com/news/security/hacker-rasputin-breaches-over-60-universities-and-government-agencies/

Microsoft's February Patch Tuesday Moved to March 14

After Microsoft said on Tuesday that it was postponing its February Patch Tuesday indefinitely, the company issued a new statement today, announcing that February's patches will arrive on March 14, next month. [...]

https://www.bleepingcomputer.com/news/microsoft/microsofts-february-patch-tuesday-moved-to-march-14/

Researchers Create New System That Makes Bitcoin Transactions Harder to Track

Researchers from Boston University, North Carolina State University, and George Mason University have created a new protocol called TumbleBit that they say can anonymize Bitcoin transactions better than any other previously developed Bitcoin mixing service. [...]

https://www.bleepingcomputer.com/news/software/researchers-create-new-system-that-makes-bitcoin-transactions-harder-to-track/

Microsoft Exec Calls for a Geneva Convention for Cyber-Weapons

Brad Smith, Chief Legal Officer at Microsoft, has called on the world's nations to come together and sign a pact that regulates the use and proliferation of cyber-weapons, similar to the Geneva Convention signed in 1949. [...]

https://www.bleepingcomputer.com/news/government/microsoft-exec-calls-for-a-geneva-convention-for-cyber-weapons/

ISIS Supporters Targeted with Android OmniRAT Malware

Islamic State supporters are being targeted with a modified version of the Telegram Android app that contains a version of the OmniRAT remote access toolkit. [...]

https://www.bleepingcomputer.com/news/security/isis-supporters-targeted-with-android-omnirat-malware/

China's Top Three Bitcoin Traders Freeze Withdrawals for a Month

China's top three Bitcoin exchange platforms have announced plans to freeze all withdrawals following harsher regulations from China's Central Bank. [...]

https://www.bleepingcomputer.com/news/legal/chinas-top-three-bitcoin-traders-freeze-withdrawals-for-a-month/

Hermes Ransomware Decrypted in Live Video by Emsisoft's Fabian Wosar

Today Fabian Wosar decided to live stream his analysis of the new Hermes Ransomware. It was a pleasure surprise when it was discovered that the ransomware could be decrypted and Fabian quickly demonstrated how to generate a key and create a decryptor. This article contains further technical analysis of the Hermes ransomware. [...]

https://www.bleepingcomputer.com/news/security/hermes-ransomware-decrypted-in-live-video-by-emsisofts-fabian-wosar/

Millions of Smart Cars Vulnerable Due to Insecure Android Apps

After testing seven Android apps from seven popular car makers, security experts from Kaspersky Lab concluded that many of these mobile applications contain basic security flaws that could facilitate the theft of modern, connected cars. [...]

https://www.bleepingcomputer.com/news/security/millions-of-smart-cars-vulnerable-due-to-insecure-android-apps/

The Future of Firefox Add-Ons

Over the coming year, Firefox will be putting the finishing touches on a plan it set in motion in 2015, which was to replace the aging Add-ons API with a new system called WebExtensions, based on the same extensions API used by Chromium browsers such as Chrome, Vivaldi, Opera, and others. [...]

https://www.bleepingcomputer.com/news/software/the-future-of-firefox-add-ons/

Opera Browser Gets a New UI

Starting with Opera 44, currently the Developer Edition, Opera will receive a brand new user interface, which includes a few minor changes compared to the existing UI, along with a new major feature, which is Facebook Messenger integration. [...]

https://www.bleepingcomputer.com/news/software/opera-browser-gets-a-new-ui/

Revenge Hacks Cost Former Employee 34 Months in Prison, $1.1 Million in Damages

Brian P. Johnson, 44, of Baton Rouge, Louisiana, will have to spend the next 34 months in federal prison and pay $1,134,828 in damages after hacking his former employer shortly after being fired. [...]

https://www.bleepingcomputer.com/news/security/revenge-hacks-cost-former-employee-34-months-in-prison-1-1-million-in-damages/

'Android for Work' Security Containers Bypassed with Relative Ease

Mobile security experts from Skycure have found two methods for bypassing the security containers put around "Android for Work," allowing attackers to access business data saved in this seemingly secure environment. [...]

https://www.bleepingcomputer.com/news/mobile/android-for-work-security-containers-bypassed-with-relative-ease/

The Week in Ransomware - February 17th 2017 - Live Hermes Reversing & SCADA POC Ransomware

It was a very slow week when it comes to ransomware, which is a great thing. Hopefully it will stay that way.The biggest news this week is the POC ransomware targeting ICS/SCADA that was demonstrated at RSA this week and the live streaming by Fabian Wosar of him reversing and cracking a a new ransomware called Hermes. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-17th-2017-live-hermes-reversing-and-scada-poc-ransomware/

A Corporate Inbox Receives 4.3 Times More Malware Than a Regular Inbox

Corporate email addresses are 4.3 more likely to receive malware compared to personal accounts, 6.2 times more likely to receive phishing lures, and 0.4 times less likely to receive spam. [...]

https://www.bleepingcomputer.com/news/security/a-corporate-inbox-receives-4-3-times-more-malware-than-a-regular-inbox/

Users Continue to Install Malware on Their Phone 5 Years After Adobe Discontinued Flash for Android

It is unbelievable that almost five years after Adobe announced it would stop developing Flash Player for Android, users are still installing a non-existent piece of software, which in almost all cases is just malware in disguise. [...]

https://www.bleepingcomputer.com/news/security/users-continue-to-install-malware-on-their-phone-5-years-after-adobe-discontinued-flash-for-android/

A Source Code Typo Allowed an Attacker to Steal 370,000 Zerocoin ($592,000)

The Zcoin project announced yesterday that a typo in the Zerocoin source code allowed an attacker to steal 370,000 Zerocoin, which is about $592,000 at today's price. [...]

https://www.bleepingcomputer.com/news/security/a-source-code-typo-allowed-an-attacker-to-steal-370-000-zerocoin-592-000-/

After Microsoft Delayed Patch Tuesday, Google Discloses Windows Bug

For the second time in three months, Google engineers have disclosed a bug in the Windows OS without Microsoft having released a fix before Google's announcement. [...]

https://www.bleepingcomputer.com/news/microsoft/after-microsoft-delayed-patch-tuesday-google-discloses-windows-bug/

Germany Bans "My Friend Cayla" Toys Over Hacking Fears and Data Collection

Germany's telecommunications regulator has issued a ban against a line of smart toys called "My Friend Cayla," calling the toy an espionage device, and recommending that parents destroy all toy instances at once. [...]

https://www.bleepingcomputer.com/news/security/germany-bans-my-friend-cayla-toys-over-hacking-fears-and-data-collection/