World's Largest Spam Botnet Adds DDoS Feature

Necurs, the world's largest spam botnet with nearly 5 million infected bots, of which one million active each day, has added a new module that can be used for launching DDoS attacks. [...]

https://www.bleepingcomputer.com/news/security/worlds-largest-spam-botnet-adds-ddos-feature/

Removing User Admin Rights Mitigates 94% of All Critical Microsoft Vulnerabilities

Just by preventing access to admin accounts, a system administrator could safeguard all the computers under his watch and prevent attackers from exploiting 94% of all the critical vulnerabilities Microsoft patched during the past year. [...]

https://www.bleepingcomputer.com/news/microsoft/removing-user-admin-rights-mitigates-94-percent-of-all-critical-microsoft-vulnerabilities/

The Week in Ransomware - February 24th 2017 - Trump Locker, MacOS RW, and CryptoMix

Lots of small little ransomware infections released this week that will most likely never make it into major circulation. The stories  of interest this week are the Avast decryptor for offline CryptoMix infections, Trump Locker, and a new macOS ransomware called Packer. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-24th-2017-trump-locker-macos-rw-and-cryptomix/

Google Goes Public with Unpatched Microsoft Edge and IE Vulnerability

Google has gone public with details of a second unpatched vulnerability in Microsoft products, this time in Edge and Internet Explorer, after last week they've published details about a bug in the Windows GDI (Graphics Device Interface) component. [...]

https://www.bleepingcomputer.com/news/security/google-goes-public-with-unpatched-microsoft-edge-and-ie-vulnerability/

Database Ransom Attacks Have Now Hit MySQL Servers

After the ransacking of MongoDB, ElasticSearch, Hadoop, and CouchDB servers, attackers are now hijacking hundreds of MySQL databases, deleting their content, and leaving a ransom note behind asking for a 0.2 Bitcoin ($235) payment. [...]

https://www.bleepingcomputer.com/news/security/database-ransom-attacks-have-now-hit-mysql-servers/

New RaaS Portal Preparing to Spread Unlock26 Ransomware

A new Ransomware-as-a-Service (RaaS) portal named Dot-Ransomware is behind the Unlock26 ransomware discovered this past week. [...]

https://www.bleepingcomputer.com/news/security/new-raas-portal-preparing-to-spread-unlock26-ransomware/

Hacker Group Defaces Hundreds of Websites After Hacking UK Hosting Firm

[...]

https://www.bleepingcomputer.com/news/security/hacker-group-defaces-hundreds-of-websites-after-hacking-uk-hosting-firm/

Mozilla's Plans for Firefox Themes in 2017

Mozilla plans to deprecated support for complete themes and focus on lightweight themes instead. No official cut-off date has been provided yet. [...]

https://www.bleepingcomputer.com/news/software/mozillas-plans-for-firefox-themes-in-2017/

SHA1 Collision Attack Makes Its First Victim: Subversion Repositories

It took only one day for the SHA1 collision attack revealed by Google on Thursday to make its first victims after developers of the WebKit browser engine broke their Subversion (SVN) source code repository on Friday. [...]

https://www.bleepingcomputer.com/news/security/sha1-collision-attack-makes-its-first-victim-subversion-repositories/

Mininova Torrent Portal Will Be Shutting Down on April 4th, 2017

Mininova, a veteran of the torrenting scene, announced today it was shutting down via a message on its homepage, closing its doors after 13 years of existence. [...]

https://www.bleepingcomputer.com/news/legal/mininova-torrent-portal-will-be-shutting-down-on-april-4th-2017/

Upcoming Windows 10 Feature Will Block Installation of Win32 Apps

Starting with Windows 10 build number 15042, Microsoft will allow administrators to block the installation of Win32 applications on their computer. [...]

https://www.bleepingcomputer.com/news/microsoft/upcoming-windows-10-feature-will-block-installation-of-win32-apps/

Google Open-Sources Chrome Extension to Make PGP Encryption Easier in Gmail

Late Friday, last week, Google announced a new tool for security-minded users, called E2EMail, a Chrome extension that simplifies the installation of PGP encryption for Gmail. [...]

https://www.bleepingcomputer.com/news/google/google-open-sources-chrome-extension-to-make-pgp-encryption-easier-in-gmail/

87% of Millennials Engage in Password Reuse

Password reuse is rampant among people aged 18 to 31, a category also referred to as millennials, according to a recent survey carried out by Keeper, the company behind the eponymous password manager application. [...]

https://www.bleepingcomputer.com/news/security/87-percent-of-millennials-engage-in-password-reuse/

Mozilla Buys Pocket in Its First Ever Business Acquisition

Mozilla has acquired Pocket, formerly known as Read It Later, a company founded in 2007 that allows users to save links and then read them later via their website, browser add-ons, or mobile applications. [...]

https://www.bleepingcomputer.com/news/software/mozilla-buys-pocket-in-its-first-ever-business-acquisition/

Severe SQL Injection Flaw Discovered in WordPress Plugin with Over 1 Million Installs

A WordPress plugin installed on over one million sites has just fixed a severe SQL injection vulnerability that can allow attackers to steal data from a website's database. [...]

https://www.bleepingcomputer.com/news/security/severe-sql-injection-flaw-discovered-in-wordpress-plugin-with-over-1-million-installs/

Tens of Thousands of Chromebooks Fail Due to Bug in Security Product

A large chunk of the 120,000 Chromebooks deployed at Maryland's Montgomery County schools went down last week after computers using Symantec BlueCoat security software weren't able to handle TLS 1.3 connections that Google started supporting with the release of Chrome and Chrome OS 56. [...]

https://www.bleepingcomputer.com/news/security/tens-of-thousands-of-chromebooks-fail-due-to-bug-in-security-product/

Google Security Researcher Finds Security Hole in ESET's Mac Antivirus

Mac users utilizing ESET's endpoint antivirus are advised to update to version 6.4.168.0 as soon as possible in order to mitigate a serious issue that allows attackers to execute arbitrary code on their machines. [...]

https://www.bleepingcomputer.com/news/security/google-security-researcher-finds-security-hole-in-esets-mac-antivirus/

Web Cache Deception Attack Tricks Servers Into Caching Pages with Personal Data

Caching servers commonly deployed with big-name services will often cache the incorrect page content, including personal details, when the user accesses a non-existent resource, such as CSS or JavaScript files. [...]

https://www.bleepingcomputer.com/news/security/web-cache-deception-attack-tricks-servers-into-caching-pages-with-personal-data/

AWS Goes Down, and So Do Millions of Websites, Apps, and Other Services

Millions of small websites, app backends, and various high-profile services are offline or experiencing severe issues because of a mysterious problem that hit Amazon's S3 (Simple Storage Service) a few hours ago. [...]

https://www.bleepingcomputer.com/news/hardware/aws-goes-down-and-so-do-millions-of-websites-apps-and-other-services/

Dridex Becomes First Malware Family to Integrate AtomBombing Technique

Bad news from malware-land after security researchers from IBM reported today they'd discovered the first samples of version 4.0 of the infamous and highly-active Dridex banking trojan. [...]

https://www.bleepingcomputer.com/news/security/dridex-becomes-first-malware-family-to-integrate-atombombing-technique/