Turkish Hackers Deface Hundreds of Websites and Twitter Accounts

The Turkish-Dutch political conflict has spewed into cyberspace during the past few days as Turkish hackers have defaced hundreds of websites and Twitter accounts with political messages and pictures of Turkish President Recep Tayyip Erdogan. [...]

https://www.bleepingcomputer.com/news/security/turkish-hackers-deface-hundreds-of-websites-and-twitter-accounts/

US Charges Four Hackers in Yahoo 2014 Security Breach, Including Two FSB Agents

The US Department of Justice (DoJ) charged four suspects today for orchestrating the 2014 Yahoo data breach during which attackers stole details for over 500 million Yahoo users. [...]

https://www.bleepingcomputer.com/news/security/us-charges-four-hackers-in-yahoo-2014-security-breach-including-two-fsb-agents/

Revenge Ransomware, a CryptoMix Variant, Being Distributed by RIG Exploit Kit

A new CryptoMix variant called Revenge has been discovered by Broad Analysis that is being distributed via the RIG exploit kit.  This variant contains many similarities to its predecessor CryptoShield, which is another CryptoMix variant, but includes some minor changes that are described below. [...]

https://www.bleepingcomputer.com/news/security/revenge-ransomware-a-cryptomix-variant-being-distributed-by-rig-exploit-kit/

Researchers Find Vulnerability in WhatsApp and Telegram's Web Clients

WhatsApp and Telegram have patched their respective web clients against a common security flaw discovered by researchers from Israeli firm Check Point, a security issue that would have allowed an attacker to take over user accounts and spy on conversations or steal user account data. [...]

https://www.bleepingcomputer.com/news/security/researchers-find-vulnerability-in-whatsapp-and-telegrams-web-clients/

Russian Hacker "Kolypto" Who Worked on Citadel Trojan Extradited to the US

Yesterday, a Russian national accused of helping develop the Citadel banking trojan was arraigned in front of a US judge for the first time, after being extradited from Fredrikstad, Norway. [...]

https://www.bleepingcomputer.com/news/security/russian-hacker-kolypto-who-worked-on-citadel-trojan-extradited-to-the-us/

Trend: Ransomware Hidden in NSIS Installers Harder to Detect

Ransomware operators have changed tactics again, making the job of security vendors harder once more, as they switched to a new method of packing their malware inside NSIS installers. [...]

https://www.bleepingcomputer.com/news/security/trend-ransomware-hidden-in-nsis-installers-harder-to-detect/

Windows 10 UAC Bypass Uses Backup and Restore Utility

A new User Access Control (UAC) bypass technique relies on altering Windows registry app paths and using the Backup and Restore utility to load malicious code without any security warning. [...]

https://www.bleepingcomputer.com/news/security/windows-10-uac-bypass-uses-backup-and-restore-utility/

Samsung Leaking Customer Information via Shipper's Website

The website of a company handling the shipment of Samsung products is currently leaking data about Samsung customers in an appalling manner. [...]

https://www.bleepingcomputer.com/news/security/samsung-leaking-customer-information-via-shippers-website/

North Americans Targeted by New MajikPOS Dual Threat Malware

A new POS (Point Of Sale) malware family is targeting payment systems in the US and Canada. Called MajikPOS, this new strain features a modular design and support for many features often found in RAT (Remote Access Trojans), allowing crooks to scout and select which systems they want to infect. [...]

https://www.bleepingcomputer.com/news/security/north-americans-targeted-by-new-majikpos-dual-threat-malware/

Another Years-Old Flaw Fixed in the Linux Kernel

The Linux team has patched a "dangerous" vulnerability in the Linux kernel that allowed attackers to elevate their access rights and crash affected systems. [...]

https://www.bleepingcomputer.com/news/security/another-years-old-flaw-fixed-in-the-linux-kernel/

Tech Support Scam Synchs Alerts with App Crashes in Windows Event Logs

An application named Event Monitor is a tech support scam with a twist, working by monitoring the Windows event logs, and showing a popup with an alarming message every time it detects an app crash. [...]

https://www.bleepingcomputer.com/news/security/tech-support-scam-synchs-alerts-with-app-crashes-in-windows-event-logs/

Microsoft Forces Owners of Recent CPU Architectures to Use Windows 10

Users of new CPU architectures will not receive Windows 7 and 8.1 updates anymore, according to a Microsoft support topic published last week. [...]

https://www.bleepingcomputer.com/news/hardware/microsoft-forces-owners-of-recent-cpu-architectures-to-use-windows-10/

Google Home Devices Start Playing Ads, Forcing Many to Reconsider Their Purchase

Earlier today, several Google Home owners complained online about how their personal assistants started spewing ads out of the blue. [...]

https://www.bleepingcomputer.com/news/google/google-home-devices-start-playing-ads-forcing-many-to-reconsider-their-purchase/

Star Trek Themed Kirk Ransomware Brings us Monero and a Spock Decryptor!

Boldly going where no man has gone before, the Kirk Ransomware brings so much nerdy goodness to the table that it could make anyone in IT interested. We have Star Trek, Low Orbital Ion Cannons, a cryptocurrency payment other than Bitcoin, and a decryptor named Spock! Need I say more? [...]

https://www.bleepingcomputer.com/news/security/star-trek-themed-kirk-ransomware-brings-us-monero-and-a-spock-decryptor/

Ubiquiti Devices Exposed to Hacking via 20-Years-Old PHP Version

Some Ubiquiti network device models can be hacked thanks to an unpatched vulnerability, allowing attackers to gain control over the device, or use it as a pivot point in the victim's network to hack other nearby equipment. [...]

https://www.bleepingcomputer.com/news/security/ubiquiti-devices-exposed-to-hacking-via-20-years-old-php-version/

US-CERT: Security Products That Perform HTTPS Interception Weaken Security

In an advisory sent to enterprises across the US, the Department of Homeland Security's US-CERT group is warning that security products which perform HTTPS interception might weaken a company's overall security. [...]

https://www.bleepingcomputer.com/news/security/us-cert-security-products-that-perform-https-interception-weaken-security/

Ask.com Toolbar Network Compromised Twice in Two Months

The Ask Partner Network (APN) was compromised for the second time in two months, as crooks found a way to deliver malware to computers running the Ask.com Toolbar. [...]

https://www.bleepingcomputer.com/news/security/ask-com-toolbar-network-compromised-twice-in-two-months/

Some Firefox 52 Users on Linux Left Without Sound

Many Firefox users on Linux were left without the ability to play sound in their browser after updating to Firefox 52, released last week. [...]

https://www.bleepingcomputer.com/news/software/some-firefox-52-users-on-linux-left-without-sound/

Former IT Admin Accused of Leaving Backdoor Account, Accessing It 700+ Times

An Oregon sportswear company is suing its former IT administrator, alleging he left backdoor accounts on their network and used them more than 700 times to search for information for the benefit of its new employer. [...]

https://www.bleepingcomputer.com/news/legal/former-it-admin-accused-of-leaving-backdoor-account-accessing-it-700-times/

Polish Authorities Confirm Hack of Bitcurex Bitcoin Exchange, Launch Investigation

Polish authorities in the town of Lodz have launched an official investigation into the closure of Bitcurex, a Bitcoin trading platform that launched in 2012, and closed earlier this year. [...]

https://www.bleepingcomputer.com/news/security/polish-authorities-confirm-hack-of-bitcurex-bitcoin-exchange-launch-investigation/