WikiLeaks Reveals Grasshopper, CIA's Builder for Windows Malware

WikiLeaks dumped 27 documents today as part of the "Vault 7" series of leaked documents, which the organization claims to belong to the CIA. [...]

https://www.bleepingcomputer.com/news/security/wikileaks-reveals-grasshopper-cias-builder-for-windows-malware/

ClearEnergy - The "In the Wild" SCADA Ransomware Attacks That Never Were

A mini-controversy broke out this week in the infosec community after cyber-security firm CRITIFENCE led journalists and other security experts to believe that they've detected in-the-wild attacks with a new ransomware called ClearEnergy, specialized in targeting ICS/SCADA industrial equipment. [...]

https://www.bleepingcomputer.com/news/security/clearenergy-the-in-the-wild-scada-ransomware-attacks-that-never-were/

Researchers Troll Google Video AI with Images of Audi Cars and Spaghetti

Google's recently launched video classification API is not as smart as people expected, according to new research published by a three-man team from the Univerisity of Washington. [...]

https://www.bleepingcomputer.com/news/technology/researchers-troll-google-video-ai-with-images-of-audi-cars-and-spaghetti/

Matrix Ransomware Spreads to Other PCs Using Malicious Shortcuts

The Matrix Ransomware gears up for higher distribution by using EITest, the Rig Exploit kit, while being able to spread to other computer through malicious shortcuts. [...]

https://www.bleepingcomputer.com/news/security/matrix-ransomware-spreads-to-other-pcs-using-malicious-shortcuts/

Windows 10 Insider Build 16170 Released and Windows Insider for Business Launched

Today Microsoft released Insider Preview Build 16170 to PC insiders on the fast ring, As Microsoft just released the Creators Update, new builds won't have any big changes or features added for the near future. Microsoft also announced that they have officially launched the Windows Insider Program for Business. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-16170-released-and-windows-insider-for-business-launched/

The Week in Ransomware - April 7th 2017 - Fluffy, Matrix, and RensenWare

The big news this week was the POC for a UEFI Ransomware presented at BlackHat Asia, Matrix Ransomware being distributed by RIG and having worm characteristics, and the joke ransomware called RensenWare that required a victim to get a very high score in a game to get a decryption key.  [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-7th-2017-fluffy-matrix-and-rensenware/

Irresponsible Chinese DVR Vendor Still the Target of IoT Botnets One Year Later

A Chinese company that manufactures white-labeled DVRs still hasn't patched a security flaw that's been targeted by IoT botnets for over a year. [...]

https://www.bleepingcomputer.com/news/security/irresponsible-chinese-dvr-vendor-still-the-target-of-iot-botnets-one-year-later/

Unofficial Windows 10 Creators Update Changelog

Microsoft is set to launch the Windows 10 Creators Update next week, on Tuesday, on April 11, at which time we'll have all the official details about the company's next major Windows 10 version. Until then, here's an unofficial changelog. [...]

https://www.bleepingcomputer.com/news/microsoft/unofficial-windows-10-creators-update-changelog/

Server Snafu Exposes Ask.com User Search Queries via Internal Status Page

The Ask.com search engine went through some sort of technical issue late last night, as its servers were exposing the internal Apache server status page, revealing recently processed search queries. [...]

https://www.bleepingcomputer.com/news/technology/server-snafu-exposes-ask-com-user-search-queries-via-internal-status-page/

Shadow Brokers Publish the Password for the Rest the Stolen NSA Hacking Tools

The Shadow Brokers (TSB) are back, and they've released the password for the rest of the hacking tools they claim to have stolen from the NSA last year. [...]

https://www.bleepingcomputer.com/news/security/shadow-brokers-publish-the-password-for-the-rest-the-stolen-nsa-hacking-tools/

Attacks Detected with New Microsoft Office Zero-Day

Cyber-security firms McAfee and FireEye have both disclosed in-the-wild attacks with a new Microsoft Office zero-day that allows attackers to silently execute code on targeted machines and secretly install malware. [...]

https://www.bleepingcomputer.com/news/security/attacks-detected-with-new-microsoft-office-zero-day/

Scientists Create New Material That May Lead to Self-Healing Electronics

Scientists have developed a new type of material that could be used in the future to create self-healing electronics, such as smartphones, batteries, speakers, robotics, and others. [...]

https://www.bleepingcomputer.com/news/technology/scientists-create-new-material-that-may-lead-to-self-healing-electronics/

Hacker Sets off All Tornado Sirens in the City of Dallas in the Middle of the Night

A hacker, or group of hackers, has set off all 156 tornado sirens in the city of Dallas, Texas, on the night between Friday and Saturday, April 7 and 8. [...]

https://www.bleepingcomputer.com/news/security/hacker-sets-off-all-tornado-sirens-in-the-city-of-dallas-in-the-middle-of-the-night/

Spanish Police Arrest Russian Hacker on Suspicion of Meddling in US Election

Spanish police arrested a Russian hacker in Barcelona on the behest of US authorities on suspicion of meddling in last year's US presidential election process. [...]

https://www.bleepingcomputer.com/news/security/spanish-police-arrest-russian-hacker-on-suspicion-of-meddling-in-us-election/

Thousands of Fake Google Maps Cards Redirect Users to Fraudulent Sites Each Month

Tens of thousands of fake listings are added to Google Maps each month, redirecting users to fraudulent websites selling phony or overpriced services, or part of some referral scam. [...]

https://www.bleepingcomputer.com/news/google/thousands-of-fake-google-maps-cards-redirect-users-to-fraudulent-sites-each-month/

HTTPS Certificate Issuance Becomes More Secure Thanks to New CAA Standard

Last week, the CA/Browser Forum voted to implement CAA mandatory checks before the issuance of new SSL/TLS certificates, as a measure to prevent the misissuance of HTTPS certificates. [...]

https://www.bleepingcomputer.com/news/security/https-certificate-issuance-becomes-more-secure-thanks-to-new-caa-standard/

Epic Fail: TP-Link 3G Router Spews Admin Password via SMS

A particular TP-Link router model will spew out its admin password in cleatext to anyone that sends an SMS message to the router's SIM card with a particular script inside, according to German security researcher Jan Hörsch. [...]

https://www.bleepingcomputer.com/news/security/epic-fail-tp-link-3g-router-spews-admin-password-via-sms/

Longhorn Cyber-Espionage Group Is Actually the CIA

Security researchers from Symantec have tied the CIA hacking tools leaked by WikiLeaks last month to a cyber-espionage group responsible for at least 40 hacks in 16 countries. [...]

https://www.bleepingcomputer.com/news/security/longhorn-cyber-espionage-group-is-actually-the-cia/

Mirai Botnet Temporarily Adds Bitcoin Mining Component, Removes It After a Week

For around a week at the end of March, one of the many versions of the Mirai malware was spotted delivering a Bitcoin-mining module to its infected hosts, which typically are routers, DVRs, and IP cameras. [...]

https://www.bleepingcomputer.com/news/security/mirai-botnet-temporarily-adds-bitcoin-mining-component-removes-it-after-a-week/

Microsoft Office Zero-Day Used to Push Dridex Banking Trojan

The operators of the Dridex botnet are using the recently disclosed Microsoft Office zero-day to spread a version of their malware, the infamous Dridex banking trojan. [...]

https://www.bleepingcomputer.com/news/security/microsoft-office-zero-day-used-to-push-dridex-banking-trojan/