Ransomware Gang Made Over $100,000 by Exploiting Apache Struts Zero-Day

For more than a month, at least ten groups of attackers have been compromising systems running applications built with Apache Struts and installing backdoors, DDoS bots, cryptocurrency miners, or ransomware, depending if the machine is running Linux or Windows. [...]

https://www.bleepingcomputer.com/news/security/ransomware-gang-made-over-100-000-by-exploiting-apache-struts-zero-day/

New Password Protected Word Document SPAM Installing Urlsnif Keylogger

A large SPAM campaign is underway where victims receive an email that pretends to be a requested invoice and contains a password for a password protected encrypted Word document attachment. These password protected word documents contain embedded VBScript files that will download and install the Urlsnif keylogger. [...]

https://www.bleepingcomputer.com/news/security/new-password-protected-word-document-spam-installing-urlsnif-keylogger/

Sathurbot Malware Spreads via Torrent Files, Attacks WordPress Sites

Security researchers from ESET have discovered a new malware called Sathurbot that relies on malicious torrent files to spread to new victims and carries out coordinated brute-force attacks on WordPress sites. [...]

https://www.bleepingcomputer.com/news/security/sathurbot-malware-spreads-via-torrent-files-attacks-wordpress-sites/

Windows 10 Creators Update Lets You Uninstall OneDrive with One Click

Microsoft adds Uninstall button for OneDrive. Users no longer have to walk on nails and sacrifice lambs to the Microsoft deity in order to uninstall OneDrive from their PCs. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-creators-update-lets-you-uninstall-onedrive-with-one-click/

WikiLeaks Reveals Grasshopper, CIA's Builder for Windows Malware

WikiLeaks dumped 27 documents today as part of the "Vault 7" series of leaked documents, which the organization claims to belong to the CIA. [...]

https://www.bleepingcomputer.com/news/security/wikileaks-reveals-grasshopper-cias-builder-for-windows-malware/

ClearEnergy - The "In the Wild" SCADA Ransomware Attacks That Never Were

A mini-controversy broke out this week in the infosec community after cyber-security firm CRITIFENCE led journalists and other security experts to believe that they've detected in-the-wild attacks with a new ransomware called ClearEnergy, specialized in targeting ICS/SCADA industrial equipment. [...]

https://www.bleepingcomputer.com/news/security/clearenergy-the-in-the-wild-scada-ransomware-attacks-that-never-were/

Researchers Troll Google Video AI with Images of Audi Cars and Spaghetti

Google's recently launched video classification API is not as smart as people expected, according to new research published by a three-man team from the Univerisity of Washington. [...]

https://www.bleepingcomputer.com/news/technology/researchers-troll-google-video-ai-with-images-of-audi-cars-and-spaghetti/

Matrix Ransomware Spreads to Other PCs Using Malicious Shortcuts

The Matrix Ransomware gears up for higher distribution by using EITest, the Rig Exploit kit, while being able to spread to other computer through malicious shortcuts. [...]

https://www.bleepingcomputer.com/news/security/matrix-ransomware-spreads-to-other-pcs-using-malicious-shortcuts/

Windows 10 Insider Build 16170 Released and Windows Insider for Business Launched

Today Microsoft released Insider Preview Build 16170 to PC insiders on the fast ring, As Microsoft just released the Creators Update, new builds won't have any big changes or features added for the near future. Microsoft also announced that they have officially launched the Windows Insider Program for Business. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-16170-released-and-windows-insider-for-business-launched/

The Week in Ransomware - April 7th 2017 - Fluffy, Matrix, and RensenWare

The big news this week was the POC for a UEFI Ransomware presented at BlackHat Asia, Matrix Ransomware being distributed by RIG and having worm characteristics, and the joke ransomware called RensenWare that required a victim to get a very high score in a game to get a decryption key.  [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-7th-2017-fluffy-matrix-and-rensenware/

Irresponsible Chinese DVR Vendor Still the Target of IoT Botnets One Year Later

A Chinese company that manufactures white-labeled DVRs still hasn't patched a security flaw that's been targeted by IoT botnets for over a year. [...]

https://www.bleepingcomputer.com/news/security/irresponsible-chinese-dvr-vendor-still-the-target-of-iot-botnets-one-year-later/

Unofficial Windows 10 Creators Update Changelog

Microsoft is set to launch the Windows 10 Creators Update next week, on Tuesday, on April 11, at which time we'll have all the official details about the company's next major Windows 10 version. Until then, here's an unofficial changelog. [...]

https://www.bleepingcomputer.com/news/microsoft/unofficial-windows-10-creators-update-changelog/

Server Snafu Exposes Ask.com User Search Queries via Internal Status Page

The Ask.com search engine went through some sort of technical issue late last night, as its servers were exposing the internal Apache server status page, revealing recently processed search queries. [...]

https://www.bleepingcomputer.com/news/technology/server-snafu-exposes-ask-com-user-search-queries-via-internal-status-page/

Shadow Brokers Publish the Password for the Rest the Stolen NSA Hacking Tools

The Shadow Brokers (TSB) are back, and they've released the password for the rest of the hacking tools they claim to have stolen from the NSA last year. [...]

https://www.bleepingcomputer.com/news/security/shadow-brokers-publish-the-password-for-the-rest-the-stolen-nsa-hacking-tools/

Attacks Detected with New Microsoft Office Zero-Day

Cyber-security firms McAfee and FireEye have both disclosed in-the-wild attacks with a new Microsoft Office zero-day that allows attackers to silently execute code on targeted machines and secretly install malware. [...]

https://www.bleepingcomputer.com/news/security/attacks-detected-with-new-microsoft-office-zero-day/

Scientists Create New Material That May Lead to Self-Healing Electronics

Scientists have developed a new type of material that could be used in the future to create self-healing electronics, such as smartphones, batteries, speakers, robotics, and others. [...]

https://www.bleepingcomputer.com/news/technology/scientists-create-new-material-that-may-lead-to-self-healing-electronics/

Hacker Sets off All Tornado Sirens in the City of Dallas in the Middle of the Night

A hacker, or group of hackers, has set off all 156 tornado sirens in the city of Dallas, Texas, on the night between Friday and Saturday, April 7 and 8. [...]

https://www.bleepingcomputer.com/news/security/hacker-sets-off-all-tornado-sirens-in-the-city-of-dallas-in-the-middle-of-the-night/

Spanish Police Arrest Russian Hacker on Suspicion of Meddling in US Election

Spanish police arrested a Russian hacker in Barcelona on the behest of US authorities on suspicion of meddling in last year's US presidential election process. [...]

https://www.bleepingcomputer.com/news/security/spanish-police-arrest-russian-hacker-on-suspicion-of-meddling-in-us-election/

Thousands of Fake Google Maps Cards Redirect Users to Fraudulent Sites Each Month

Tens of thousands of fake listings are added to Google Maps each month, redirecting users to fraudulent websites selling phony or overpriced services, or part of some referral scam. [...]

https://www.bleepingcomputer.com/news/google/thousands-of-fake-google-maps-cards-redirect-users-to-fraudulent-sites-each-month/

HTTPS Certificate Issuance Becomes More Secure Thanks to New CAA Standard

Last week, the CA/Browser Forum voted to implement CAA mandatory checks before the issuance of new SSL/TLS certificates, as a measure to prevent the misissuance of HTTPS certificates. [...]

https://www.bleepingcomputer.com/news/security/https-certificate-issuance-becomes-more-secure-thanks-to-new-caa-standard/