Android Patched to Protect Users from Getting Hacked via Headphones Connector

The Android Security Bulletin for March 2017 contains a unique bugfix for a security flaw exploitable via the headphones audio connector that could be leveraged to leak data from the device, break ASLR, reset phones to factory settings, or even access the Android HBOOT bootloader. [...]

https://www.bleepingcomputer.com/news/security/android-patched-to-protect-users-from-getting-hacked-via-headphones-connector/

The Week in Ransomware - March 10th 2017 - Spora, Cerber, and Technical Writeups

Another week and a lot more crappy ransomware released. Of particular interest is that Cerber no longer encrypts filenames, Emsisoft released a CryptON decryptor, and lots of really good technical writeups about ransomware. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-10th-2017-spora-cerber-and-technical-writeups/

Android Adware and Ransomware Found Preinstalled on High-End Smartphones

Two companies have discovered that someone had covertly installed malware on 38 devices used by their employees. According to security firm Check Point, the installation of the malicious apps took place somewhere along the supply chain, after phones left the manufacturer's factory and before they arrived at the two companies. [...]

https://www.bleepingcomputer.com/news/security/android-adware-and-ransomware-found-preinstalled-on-high-end-smartphones/

Intel Security (McAfee) Releases Rootkit Scanner Following Vault 7 CIA Leak

Intel Security, soon to be rebranded as McAfee again, released on Wednesday a scanner that can identify hidden EFI firmware rootkits. [...]

https://www.bleepingcomputer.com/news/security/intel-security-mcafee-releases-rootkit-scanner-following-vault-7-cia-leak/

This Device Works as a Firewall for Your USB Ports

The USG is an USB attachment that allows users to connect USB flash drives and other USB devices to their computer without any of the risks. [...]

https://www.bleepingcomputer.com/news/hardware/this-device-works-as-a-firewall-for-your-usb-ports/

Millions of Smart Meters May Over-Inflate Readings by up to 600%

Lab tests carried out by Dutch scientists have shown that some of today's "smart" electrical meters may give out false readings that in some cases can be 582% higher than actual energy consumption. [...]

https://www.bleepingcomputer.com/news/hardware/millions-of-smart-meters-may-over-inflate-readings-by-up-to-600-percent/

"Super Malware" Steals Encryption Keys from Intel SGX Enclaves

In a research paper published at the end of February, a team of five scientists from the Graz University of Technology has described a novel method of leaking data from SGX enclaves, a secure environment created by Intel CPUs for storing sensitive information for each process, such as encryption keys, passwords, and other. [...]

https://www.bleepingcomputer.com/news/hardware/-super-malware-steals-encryption-keys-from-intel-sgx-enclaves/

University Expels Student After Hacking Professors' Emails

A young student at the Technion Institute of Technology in Haifa, Israel was expelled this past week after the University discovered he hacked into the email inboxes of several of his professors. [...]

https://www.bleepingcomputer.com/news/security/university-expels-student-after-hacking-professors-emails/

New macOS Proton RAT Available for Sale on Russian Hacking Forum

A new remote access tool (RAT) targeting macOS users is currently being advertised on Russian underground hacking forums, a custom website, and through YouTube videos, security researchers from Sixgill have discovered. [...]

https://www.bleepingcomputer.com/news/security/new-macos-proton-rat-available-for-sale-on-russian-hacking-forum/

13 Google Play Store Apps Caught Stealing Instagram Credentials

Instagram users are once again the targets of malicious Android apps hosted on the Play Store, apps which steal their credentials on false claims of boosting their account's follower numbers. [...]

https://www.bleepingcomputer.com/news/security/13-google-play-store-apps-caught-stealing-instagram-credentials/

Embittered Enjey Ransomware Developer Launches DDoS Attack on ID Ransomware

Over the last two days, the ID Ransomware service was hit by two DDoS attacks launched by the author of the Enjey ransomware, embittered after ID Ransomware's creator, Michael Gillespie, had found a way to decrypt his ransomware. [...]

https://www.bleepingcomputer.com/news/security/embittered-enjey-ransomware-developer-launches-ddos-attack-on-id-ransomware/

Google Launches Invisible reCAPTCHA with No User Interaction Required

Google has launched the latest version of the reCAPTCHA service, which won't ask users to click a checkbox, as it did until now. [...]

https://www.bleepingcomputer.com/news/google/google-launches-invisible-recaptcha-with-no-user-interaction-required/

Google Kicks Chamois Android Adware off the Play Store

Following an internal audit, Google engineers say they'd discovered a new massive ad-fraud botnet that was infecting users via Android apps hosted on the official Play Store. [...]

https://www.bleepingcomputer.com/news/security/google-kicks-chamois-android-adware-off-the-play-store/

New Imeij IoT Malware Targets AVTech Equipment

A new malware strain named Imeij has been detected in the wild targeting equipment made by Taiwanese manufacturer AVTech. According to Trend Micro researchers, the malware is exploiting a security flaw which AVTech engineers failed to patch in October 2016. [...]

https://www.bleepingcomputer.com/news/security/new-imeij-iot-malware-targets-avtech-equipment/

PetrWrap Ransomware Is a Petya Offspring Used in Targeted Attacks

A heavily modified, but "unauthorized" version of the Petya ransomware has been seen by Kaspersky researchers used in targeted attacks on a small number of organizations. [...]

https://www.bleepingcomputer.com/news/security/petrwrap-ransomware-is-a-petya-offspring-used-in-targeted-attacks/

Malwarebytes Researchers Hack into Soon-to-be-Launched RaaS Portal

A ransomware author's plans to launch a RaaS portal were foiled last week after security researchers from Malwarebytes managed to infiltrate the crook's command and control server, hosted on a common shared hosting provider. [...]

https://www.bleepingcomputer.com/news/security/malwarebytes-researchers-hack-into-soon-to-be-launched-raas-portal/

Adobe fixes 8 Security Vulnerabilities in Adobe Flash Player & Shockwave Player

Adobe has released updates for Adobe Flash Player and Adobe Shockwave Player that resolves a combined 8 security vulnerabilities. Of these 8 vulnerabilities, 7 of them are rated as Critical because they could lead to information disclosure or remote code execution.  [...]

https://www.bleepingcomputer.com/news/security/adobe-fixes-8-security-vulnerabilities-in-adobe-flash-player-andamp-shockwave-player/

Chrome 57 Limits Background Tabs Usage to 1% per CPU Core

Starting with Chrome 57, released last week, Google has put a muzzle on the amount of resources background tabs can use. [...]

https://www.bleepingcomputer.com/news/software/chrome-57-limits-background-tabs-usage-to-1-percent-per-cpu-core/

Microsoft's March 2017 Patch Tuesday Contains 17 Security Updates

Today is the March 2017 Microsoft Patch Tuesday and we have 17 security updates being released by Microsoft. Of these seventeen updates, seven of them are rated as Critical as they allow remote code execution on the affected computer.  [...]

https://www.bleepingcomputer.com/news/microsoft/microsofts-march-2017-patch-tuesday-contains-17-security-updates/

Windows Insider Build 15058 Released for PC

Today Microsoft released Insider Preview Build 15058 to PC insiders on the fast ring, Like the last few releases, this releases focuses on bug fixes and improvements. Unfortunately, no new features added to this release. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-insider-build-15058-released-for-pc/