Google Goes Public with Unpatched Microsoft Edge and IE Vulnerability

Google has gone public with details of a second unpatched vulnerability in Microsoft products, this time in Edge and Internet Explorer, after last week they've published details about a bug in the Windows GDI (Graphics Device Interface) component. [...]

https://www.bleepingcomputer.com/news/security/google-goes-public-with-unpatched-microsoft-edge-and-ie-vulnerability/

Database Ransom Attacks Have Now Hit MySQL Servers

After the ransacking of MongoDB, ElasticSearch, Hadoop, and CouchDB servers, attackers are now hijacking hundreds of MySQL databases, deleting their content, and leaving a ransom note behind asking for a 0.2 Bitcoin ($235) payment. [...]

https://www.bleepingcomputer.com/news/security/database-ransom-attacks-have-now-hit-mysql-servers/

New RaaS Portal Preparing to Spread Unlock26 Ransomware

A new Ransomware-as-a-Service (RaaS) portal named Dot-Ransomware is behind the Unlock26 ransomware discovered this past week. [...]

https://www.bleepingcomputer.com/news/security/new-raas-portal-preparing-to-spread-unlock26-ransomware/

Hacker Group Defaces Hundreds of Websites After Hacking UK Hosting Firm

[...]

https://www.bleepingcomputer.com/news/security/hacker-group-defaces-hundreds-of-websites-after-hacking-uk-hosting-firm/

Mozilla's Plans for Firefox Themes in 2017

Mozilla plans to deprecated support for complete themes and focus on lightweight themes instead. No official cut-off date has been provided yet. [...]

https://www.bleepingcomputer.com/news/software/mozillas-plans-for-firefox-themes-in-2017/

SHA1 Collision Attack Makes Its First Victim: Subversion Repositories

It took only one day for the SHA1 collision attack revealed by Google on Thursday to make its first victims after developers of the WebKit browser engine broke their Subversion (SVN) source code repository on Friday. [...]

https://www.bleepingcomputer.com/news/security/sha1-collision-attack-makes-its-first-victim-subversion-repositories/

Mininova Torrent Portal Will Be Shutting Down on April 4th, 2017

Mininova, a veteran of the torrenting scene, announced today it was shutting down via a message on its homepage, closing its doors after 13 years of existence. [...]

https://www.bleepingcomputer.com/news/legal/mininova-torrent-portal-will-be-shutting-down-on-april-4th-2017/

Upcoming Windows 10 Feature Will Block Installation of Win32 Apps

Starting with Windows 10 build number 15042, Microsoft will allow administrators to block the installation of Win32 applications on their computer. [...]

https://www.bleepingcomputer.com/news/microsoft/upcoming-windows-10-feature-will-block-installation-of-win32-apps/

Google Open-Sources Chrome Extension to Make PGP Encryption Easier in Gmail

Late Friday, last week, Google announced a new tool for security-minded users, called E2EMail, a Chrome extension that simplifies the installation of PGP encryption for Gmail. [...]

https://www.bleepingcomputer.com/news/google/google-open-sources-chrome-extension-to-make-pgp-encryption-easier-in-gmail/

87% of Millennials Engage in Password Reuse

Password reuse is rampant among people aged 18 to 31, a category also referred to as millennials, according to a recent survey carried out by Keeper, the company behind the eponymous password manager application. [...]

https://www.bleepingcomputer.com/news/security/87-percent-of-millennials-engage-in-password-reuse/

Mozilla Buys Pocket in Its First Ever Business Acquisition

Mozilla has acquired Pocket, formerly known as Read It Later, a company founded in 2007 that allows users to save links and then read them later via their website, browser add-ons, or mobile applications. [...]

https://www.bleepingcomputer.com/news/software/mozilla-buys-pocket-in-its-first-ever-business-acquisition/

Severe SQL Injection Flaw Discovered in WordPress Plugin with Over 1 Million Installs

A WordPress plugin installed on over one million sites has just fixed a severe SQL injection vulnerability that can allow attackers to steal data from a website's database. [...]

https://www.bleepingcomputer.com/news/security/severe-sql-injection-flaw-discovered-in-wordpress-plugin-with-over-1-million-installs/

Tens of Thousands of Chromebooks Fail Due to Bug in Security Product

A large chunk of the 120,000 Chromebooks deployed at Maryland's Montgomery County schools went down last week after computers using Symantec BlueCoat security software weren't able to handle TLS 1.3 connections that Google started supporting with the release of Chrome and Chrome OS 56. [...]

https://www.bleepingcomputer.com/news/security/tens-of-thousands-of-chromebooks-fail-due-to-bug-in-security-product/

Google Security Researcher Finds Security Hole in ESET's Mac Antivirus

Mac users utilizing ESET's endpoint antivirus are advised to update to version 6.4.168.0 as soon as possible in order to mitigate a serious issue that allows attackers to execute arbitrary code on their machines. [...]

https://www.bleepingcomputer.com/news/security/google-security-researcher-finds-security-hole-in-esets-mac-antivirus/

Web Cache Deception Attack Tricks Servers Into Caching Pages with Personal Data

Caching servers commonly deployed with big-name services will often cache the incorrect page content, including personal details, when the user accesses a non-existent resource, such as CSS or JavaScript files. [...]

https://www.bleepingcomputer.com/news/security/web-cache-deception-attack-tricks-servers-into-caching-pages-with-personal-data/

AWS Goes Down, and So Do Millions of Websites, Apps, and Other Services

Millions of small websites, app backends, and various high-profile services are offline or experiencing severe issues because of a mysterious problem that hit Amazon's S3 (Simple Storage Service) a few hours ago. [...]

https://www.bleepingcomputer.com/news/hardware/aws-goes-down-and-so-do-millions-of-websites-apps-and-other-services/

Dridex Becomes First Malware Family to Integrate AtomBombing Technique

Bad news from malware-land after security researchers from IBM reported today they'd discovered the first samples of version 4.0 of the infamous and highly-active Dridex banking trojan. [...]

https://www.bleepingcomputer.com/news/security/dridex-becomes-first-malware-family-to-integrate-atombombing-technique/

Border Agents Detain Programmer, Give Him Quiz to Prove He's a Software Engineer

President Trump's heightened security protocols at US borders are at the center of another controversy after border agents have resorted to giving a Nigerian man a quiz on computer science to evaluate if he was a software engineer as he proclaimed. [...]

https://www.bleepingcomputer.com/news/government/border-agents-detain-programmer-give-him-quiz-to-prove-hes-a-software-engineer/

Net Neutrality Looks Dead as FCC Chairman Calls It a "Mistake"

Speaking at the Mobile World Congress in Barcelona, Spain, new FCC chairman Ajit Pai has expressed his views on net neutrality once again, calling the 2015 legislation a "mistake." [...]

https://www.bleepingcomputer.com/news/gaming/net-neutrality-looks-dead-as-fcc-chairman-calls-it-a-mistake-/

Sysadmin Says He Was "Authorized" to Damage Employer's Network

Michael Thomas, a systems administrators who was convicted in 2016 for destroying his employer's network before resigning his job, has filed an appeal in which his lawyers are arguing that in reality he actually was authorized to trash the company's IT network, in a criminal case that might change the way judges look at the CFAA. [...]

https://www.bleepingcomputer.com/news/legal/sysadmin-says-he-was-authorized-to-damage-employers-network/