The Polski-Vortex-Flotera Ransomware Connection

A malware author that loves Polish hip hop music appears to be behind the Polski, Vortex, and Flotera (spelled ?l?t???) ransomware families that have made a small number of victims between January and March this year [...]

https://www.bleepingcomputer.com/news/security/the-polski-vortex-flotera-ransomware-connection/

Spam Sent by Necurs Botnet Is Trying & Succeeding in Altering Stock Market Prices

The Necurs botnet is back and active again, but instead of spreading the Locky ransomware or the Dridex banking trojan, its operators are engaged in a spam scheme that tries to boost a company's stock market price artificially. [...]

https://www.bleepingcomputer.com/news/security/spam-sent-by-necurs-botnet-is-trying-andamp-succeeding-in-altering-stock-market-prices/

New Attack Uses Microsoft's Application Verifier to Hijack Antivirus Software

A new technique named DoubleAgent, discovered by security researchers from Cybellum, allows an attacker to hijack security products and make them take malicious actions. [...]

https://www.bleepingcomputer.com/news/security/new-attack-uses-microsofts-application-verifier-to-hijack-antivirus-software/

Chinese Crooks Use Fake Cellular Telephony Towers to Spread Android Malware

Malware authors in China are using fake base transceiver stations (BTSs), which is equipment usually installed on cellular telephone towers, to send spoofed SMS messages that contain links to Android malware. [...]

https://www.bleepingcomputer.com/news/security/chinese-crooks-use-fake-cellular-telephony-towers-to-spread-android-malware/

New LLTP Ransomware Appears to be a Rewritten Venus Locker

A new ransomware was discovered today by MalwareHunterTeam called LLTP Ransomware or LLTP Locker that is targeting Spanish speaking victims. On a closer look, this ransomware appears to be a rewritten version of the VenusLocker ransomware. [...]

https://www.bleepingcomputer.com/news/security/new-lltp-ransomware-appears-to-be-a-rewritten-venus-locker/

LastPass Bugs Allow Malicious Websites to Steal Passwords

LastPass says it patched one of two separate bugs that affected its Chrome and Firefox browser extensions, which if exploited, would have allowed a third-party to extract passwords from users visiting a malicious website. [...]

https://www.bleepingcomputer.com/news/security/lastpass-bugs-allow-malicious-websites-to-steal-passwords/

Opera 44 Released with Support for Apple's Touch Bar

Opera Software released today version 44 of the Opera web browser. This release's main feature is support for Apple's new Touch Bar display, which the company added for recent MacBook models. [...]

https://www.bleepingcomputer.com/news/software/opera-44-released-with-support-for-apples-touch-bar/

Malvertising Campaign on Adult Sites Spreads Ramnit Trojan

Security researchers from Malwarebytes have discovered a new malvertising campaign targeting visitors of several adult websites, spreading the Ramnit trojan and focusing on users from Canada and the UK. [...]

https://www.bleepingcomputer.com/news/security/malvertising-campaign-on-adult-sites-spreads-ramnit-trojan/

Sneaky Lithuanian Crook Stole $100 Million from Two US Tech Companies

A Lithuanian man swindled two US tech companies out of over $100 million after he tricked employees into wiring money to his own company's bank accounts. [...]

https://www.bleepingcomputer.com/news/business/sneaky-lithuanian-crook-stole-100-million-from-two-us-tech-companies/

Most Industrial Control Systems Get Infected with Malware by Accident

The vast majority of malware incidents that take place at industrial facilities around the world are just accidental infections, albeit a very small number of targeted attacks have also been detected. [...]

https://www.bleepingcomputer.com/news/security/most-industrial-control-systems-get-infected-with-malware-by-accident/

The Next Big Thing for Android Malware Is "Plugin Frameworks"

Android malware is evolving, and a clear trend has become visible in the past six months, with several malware strains implementing their malicious behavior via plugin frameworks. [...]

https://www.bleepingcomputer.com/news/security/the-next-big-thing-for-android-malware-is-plugin-frameworks-/

Word Document Spreads Macro Malware Targeting Both Windows and macOS

After last month security researchers discovered the first-ever Word document spreading macro malware on macOS, last week, researchers from Fortinet spotted a Word document that contained macro scripts that distributed both Windows and macOS malware at the same time, depending on the OS it managed to infect. [...]

https://www.bleepingcomputer.com/news/security/word-document-spreads-macro-malware-targeting-both-windows-and-macos/

SAP Infrastructure Could Be Used to Deploy Ransomware on Enterprise Networks

A remote code execution flaw in the SAP Windows client opens the door for ransomware attacks targeting enterprises that rely on various SAP products to manage and keep track of their business operations. [...]

https://www.bleepingcomputer.com/news/security/sap-infrastructure-could-be-used-to-deploy-ransomware-on-enterprise-networks/

Bluetooth Bug Lets Burglars Disable Google Nest Cams

Burglars can use a recently disclosed security flaw affecting several Google Nest cams to make vulnerable cameras go offline for approximately 60 to 90 seconds. The flaw can be exploited via the cameras' Bluetooth connection and can provide thieves with the time window they need to get close and break into a home unseen. [...]

https://www.bleepingcomputer.com/news/security/bluetooth-bug-lets-burglars-disable-google-nest-cams/

This Security Expert Wants to Turn Defunct Online Stores into Malware Honeypots

Willem de Groot, a Dutch security expert, is asking owners of defunct or soon-to-be-dead online stores to donate their domains so he can set up honeypots and track credit card stealing malware and other types of cyber-attacks on e-commerce targets. [...]

https://www.bleepingcomputer.com/news/security/this-security-expert-wants-to-turn-defunct-online-stores-into-malware-honeypots/

New WikiLeaks Dump Provides Details on CIA's Mac and iPhone Hacking Tools

WikiLeaks dumped 12 new documents today that provide a more in-depth look at the hacking techniques the CIA allegedly used to hack Apple devices, such as Macs and iPhones. [...]

https://www.bleepingcomputer.com/news/government/new-wikileaks-dump-provides-details-on-cias-mac-and-iphone-hacking-tools/

Google Reducing Trust in Symantec Certificates Following Numerous Slip-Ups

Google Chrome engineers announced plans today to gradually remove trust in old Symantec SSL certificates and intent to reduce the accepted validity period of newly issued Symantec certificates, following repeated slip-ups on the part of Symantec. [...]

https://www.bleepingcomputer.com/news/security/google-reducing-trust-in-symantec-certificates-following-numerous-slip-ups/

Nearly One Million Android Users Installed 87 Malicious Minecraft Mods

News of malicious Android apps hosted on the Google Play Store doesn't seem to stop coming these days, as ESET and Zscaler researchers recently disclosed they've reported nearly 100 malicious apps they recently come across. [...]

https://www.bleepingcomputer.com/news/security/nearly-one-million-android-users-installed-87-malicious-minecraft-mods/

Today's Most Installed Software: Google Chrome, Adobe Reader, Flash Player

As everyone kind of expected, Google Chrome, the world's leading browser with a comfortable market share of above 50%, is also the most installed software package. [...]

https://www.bleepingcomputer.com/news/software/todays-most-installed-software-google-chrome-adobe-reader-flash-player/

New Attack "XSSJacking" Combines Clickjacking, Pastejacking, and Self-XSS

Security researcher Dylan Ayrey detailed last week a new web-based attack named XSSJacking that combines three other techniques — Clickjacking, Pastejacking, and Self-XSS — to steal data from careless users. [...]

https://www.bleepingcomputer.com/news/security/new-attack-xssjacking-combines-clickjacking-pastejacking-and-self-xss/