New WikiLeaks Dump Provides Details on CIA's Mac and iPhone Hacking Tools

WikiLeaks dumped 12 new documents today that provide a more in-depth look at the hacking techniques the CIA allegedly used to hack Apple devices, such as Macs and iPhones. [...]

https://www.bleepingcomputer.com/news/government/new-wikileaks-dump-provides-details-on-cias-mac-and-iphone-hacking-tools/

Google Reducing Trust in Symantec Certificates Following Numerous Slip-Ups

Google Chrome engineers announced plans today to gradually remove trust in old Symantec SSL certificates and intent to reduce the accepted validity period of newly issued Symantec certificates, following repeated slip-ups on the part of Symantec. [...]

https://www.bleepingcomputer.com/news/security/google-reducing-trust-in-symantec-certificates-following-numerous-slip-ups/

Nearly One Million Android Users Installed 87 Malicious Minecraft Mods

News of malicious Android apps hosted on the Google Play Store doesn't seem to stop coming these days, as ESET and Zscaler researchers recently disclosed they've reported nearly 100 malicious apps they recently come across. [...]

https://www.bleepingcomputer.com/news/security/nearly-one-million-android-users-installed-87-malicious-minecraft-mods/

Today's Most Installed Software: Google Chrome, Adobe Reader, Flash Player

As everyone kind of expected, Google Chrome, the world's leading browser with a comfortable market share of above 50%, is also the most installed software package. [...]

https://www.bleepingcomputer.com/news/software/todays-most-installed-software-google-chrome-adobe-reader-flash-player/

New Attack "XSSJacking" Combines Clickjacking, Pastejacking, and Self-XSS

Security researcher Dylan Ayrey detailed last week a new web-based attack named XSSJacking that combines three other techniques — Clickjacking, Pastejacking, and Self-XSS — to steal data from careless users. [...]

https://www.bleepingcomputer.com/news/security/new-attack-xssjacking-combines-clickjacking-pastejacking-and-self-xss/

Almost 1,000 Online Stores Under Attack from GiftGhostBot Botnet

A botnet specialized in gift card fraud is using the infrastructure of nearly 1,000 websites to check the balance of several types of electronic gift cards in order to defraud legitimate card owners. [...]

https://www.bleepingcomputer.com/news/security/almost-1-000-online-stores-under-attack-from-giftghostbot-botnet/

The Week in Ransomware - March 23th 2017 - Decline of Locky & Spora Stats

Lots and lots of little crappy ransomware released this week with nothing new or innovative. We do have some interesting Spora stats, a story on the decline of Locky, and of course an updated decryptor by Fabian Wosar who continues to kick ransomware in the buttocks. Other than that, not really any of significance. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-23th-2017-decline-of-locky-andamp-spora-stats/

14,766 Let's Encrypt SSL Certificates Issued to PayPal Phishing Sites

During the past year, Let's Encrypt has issued a total of 15,270 SSL certificates that contained the word "PayPal" in the domain name or the certificate identity. Of these, approximately 14,766 (96.7%) were issued for domains that hosted phishing sites. [...]

https://www.bleepingcomputer.com/news/security/14-766-lets-encrypt-ssl-certificates-issued-to-paypal-phishing-sites/

Google Talk to Be Shut Down on June 26

Yesterday, Google announced plans to completely shut down the Google Talk service after June 26, 2017. [...]

https://www.bleepingcomputer.com/news/google/google-talk-to-be-shut-down-on-june-26/

Users File Class Action Lawsuit Against Microsoft over Botched Windows 10 Upgrades

Three angry Windows 10 users have filed a lawsuit against Microsoft over botched Windows 10 upgrades, which plaintiffs claim destroyed their data, damaged computers, and incurred lost time and money. [...]

https://www.bleepingcomputer.com/news/microsoft/users-file-class-action-lawsuit-against-microsoft-over-botched-windows-10-upgrades/

Reminder: Microsoft Will Pull the Plug on Windows Vista in Two Weeks

We're almost two weeks away from Windows Vista's official End of Life (EoL) date, April 11, 2017, more than ten years after Microsoft officially launched Windows, back in January 2007. [...]

https://www.bleepingcomputer.com/news/microsoft/reminder-microsoft-will-pull-the-plug-on-windows-vista-in-two-weeks/

W3C Pushes Past Critics as DRM Gets Closer to Becoming an Official Web Standard

The World Wide Web Consortium (W3C) has elevated the Encrypted Media Extensions (EME) to the status of "Proposed Recommendation," the last step before becoming an official W3C standard, pending a vote from its members. [...]

https://www.bleepingcomputer.com/news/software/w3c-pushes-past-critics-as-drm-gets-closer-to-becoming-an-official-web-standard/

Hackers Breached Department of Labor Job Seekers Portal

Hackers have breached America's Job Link Alliance (AJLA), a job portal offered by the Department of Labor (DOL), and stolen personal details from an undisclosed number of job seekers. [...]

https://www.bleepingcomputer.com/news/security/hackers-breached-department-of-labor-job-seekers-portal/

Microsoft Patches Third Zero-Day Used in Massive Malvertising Campaign

Microsoft has patched a zero-day vulnerability that was used in the massive AdGholas malvertising campaign and later integrated into the Neutrino exploit kit. [...]

https://www.bleepingcomputer.com/news/security/microsoft-patches-third-zero-day-used-in-massive-malvertising-campaign/

Adware Replaces Phone Numbers for Security Firms Returned in Search Results

A new adware family named Crusader will rewrite tech support phone numbers returned in Google search results, display ads, and show popups pushing tech support scams. [...]

https://www.bleepingcomputer.com/news/security/adware-replaces-phone-numbers-for-security-firms-returned-in-search-results/

Researcher Says API Flaw Exposed Symantec Certificates, Including Private Keys

Flaws in the API used by Symantec partners would have allowed an attacker to retrieve certificates, including private keys, security researcher Chris Byrne said in a Facebook post published over the weekend. [...]

https://www.bleepingcomputer.com/news/security/researcher-says-api-flaw-exposed-symantec-certificates-including-private-keys/

Microsoft Quietly Patched Windows Zero-Day Used in Attacks by Zirconium Group

Without making too much fuss about it, Microsoft patched a zero-day vulnerability used in live attacks by a cyber-espionage group named Zirconium. The zero-day, tracked as CVE-2017-0005, affects the Windows Win32k component in the Windows GDI (Graphics Device Interface), included in all Windows OS versions. [...]

https://www.bleepingcomputer.com/news/security/microsoft-quietly-patched-windows-zero-day-used-in-attacks-by-zirconium-group/

FBI Alert Urges Companies to Secure FTP Servers

In an alert sent to medical and dental healthcare entities, the FBI is asking organizations to mind and secure their FTP servers in the face of hackers trying to get protected health information (PHI) and personally identifiable information (PII). [...]

https://www.bleepingcomputer.com/news/security/fbi-alert-urges-companies-to-secure-ftp-servers/

Unskilled Group Behind Many Junk Ransomware Strains

A person or group of malware authors calling themselves "Mafia Malware Indonesia" claimed responsibility for writing a collection of ransomware families that includes threats such as KimcilWare, MireWare, MafiaWare, CryPy, and the recent SADStory and the eponymous Mafia Malware Indonesia ransomware. [...]

https://www.bleepingcomputer.com/news/security/unskilled-group-behind-many-junk-ransomware-strains/

Yesterday's iOS 10.3 Update Bring Safari Ransomware Campaign to an End

iOS 10.3, released yesterday, has thwarted a screen-locking ransomware campaign that used a bug in mobile Safari to lock users' browsers and demand a ransom paid in iTunes pre-paid gift cards. [...]

https://www.bleepingcomputer.com/news/security/yesterdays-ios-10-3-update-bring-safari-ransomware-campaign-to-an-end/