BlackRouter Ransomware Promoted as a RaaS by Iranian Developer

Security - Posted On:2019-01-17 17:59:59 Source: bleepingcomputer

A ransomware called BlackRouter has been discovered being promoted as a Ransomware-as-a-Service on Telegram by an Iranian developer. This same actor previousl distributed another ransomware called Blackheart and promotes other infections such as a RAT. [...]

Read More

Twitter Fixes Four Year Old Bug in Android App Exposing Private Tweets

Security - Posted On:2019-01-17 17:30:00 Source: bleepingcomputer

Twitter announced today that an issue in its app for Android exposed some users' protected tweets for over four years, if they made certain changes to their account settings. [...]

Read More

Data Breach Collection with 773 Million Email Entries Leaked Online

Security - Posted On:2019-01-17 16:15:00 Source: bleepingcomputer

A giant 87 gigabyte archive consisting of 773 million unique email addresses and their associated cracked, or dehashed, passwords has been spotted being promoted on an online hacking forum. This file is being called "Collection #1" and was designed to easily be used in credential stuffing attacks. [...]

Read More

ES File Explorer Flaws Put 100 Million Users' Data at Risk, Fix Promised

Security - Posted On:2019-01-17 15:29:59 Source: bleepingcomputer

ES File Explorer users now have to wait to see what issue will be fixed in the next update: the always-on web server giving access to all their files to anyone on the same Wi-Fi network or the MitM attack vulnerability [...]

Read More

Android Apps Steal Banking Info, Use Motion Sensor to Evade Detection

Security - Posted On:2019-01-17 13:30:00 Source: bleepingcomputer

Two Android apps infected with a banking malware dropper were found on the Google Play Store, already having been installed on thousands of Android devices and sporting dozens of fake five-star ratings. [...]

Read More

Microsoft Launches Azure DevOps Bounty Program

Security - Posted On:2019-01-17 13:30:00 Source: bleepingcomputer

Microsoft Security Response Center (MSRC) announced the launch of a bug bounty program starting January 17 and targeting the Azure DevOps services and the latest release of Azure DevOps server [...]

Read More

Fake GPS Apps with 50M Installs Just Show Ads and Run Google Maps

Security - Posted On:2019-01-17 11:30:01 Source: bleepingcomputer

19 Android apps with over 50 million installs were found on the Google Play store that state that they are full featured GPS apps, but instead simply show an advertisement and then show Google Maps. [...]

Read More

Rocke's Cryptominers Kills Competition, Uninstall Cloud Security Products

Security - Posted On:2019-01-17 11:15:01 Source: bleepingcomputer

Analysis of new malware samples used by the Rocke group for cryptojacking reveals code that uninstalls from Linux servers multiple cloud security and monitoring products developed by Tencent Cloud and Alibaba Cloud [...]

Read More

Flaw in Telegram Reveals Awful OpSec from Malware Author

Security - Posted On:2019-01-17 08:44:57 Source: bleepingcomputer

A weakness in the protection of messages delivered using the Telegram Bot API gave researchers access to the communication flow between a piece of malware and its operator. [...]

Read More

Emsisoft Browser Security Protects You from Malicious Sites

Security - Posted On:2019-01-17 06:14:58 Source: bleepingcomputer

For those looking for extra protection while browsing the web, Emsisoft has a released a browser extension that will block you from interacting with known phishing, malware, or scam sites. [...]

Read More

Banks in West Africa Hit with Off-The-Shelf Malware, Free Tools

Security - Posted On:2019-01-17 06:14:58 Source: bleepingcomputer

Attacks hitting financial organizations in West Africa since at least mid-2017 rely on off-the-shelf malware, free hacking tools, and utilities already available on the target systems to steal credentials, install backdoors, and run commands. [...]

Read More

Bipartisan Bill Introduced to Ban Sale of US Tech to Chinese Companies

Security - Posted On:2019-01-17 02:14:58 Source: bleepingcomputer

Bipartisan Telecommunications Denial Order Enforcement Act (H.R. 7255) was introduced today to impose a ban on selling US technology to Huawei and ZTE, as well as other Chinese companies in violation of sanctions laws and export control. [...]

Read More

Windows 10 19H1 Update Splits Up Windows Search and Cortana

Security - Posted On:2019-01-16 16:15:00 Source: bleepingcomputer

Windows 10 19H1 which is supposed to launch in April 2019 will finally split up Windows Search and Cortana to offer the best search and voice-first digital assistant experience. [...]

Read More

Microsoft and VirusTotal Team Up to Detect Malicious Signed MSI Files

Security - Posted On:2019-01-16 15:45:00 Source: bleepingcomputer

Microsoft and Chronicle's VirusTotal have teamed up to better detect signed MSI files that have been modified to include malicious Java archives.  [...]

Read More

Windows 10 Insider Build 18317 Released and Breaks WSL Again

Security - Posted On:2019-01-16 14:45:00 Source: bleepingcomputer

The latest update to Windows 10 19H1 separates Cortana from search, improves the Windows Insider page and also focuses on Start Menu reliability. [...]

Read More

EU Copyright Directive to Turn Google into Ghost Town

Security - Posted On:2019-01-16 14:15:00 Source: bleepingcomputer

Google's search results will look like a deserted town according to the search giant, with no article titles, no images, and no news summaries if the SERP templates following the EU Copyright Directive provisions will go live [...]

Read More

Over 140 International Airlines Affected by Major Security Breach

Security - Posted On:2019-01-16 12:15:01 Source: bleepingcomputer

Potential attackers could view and change private information in flight bookings made by millions of customers of major international airlines because of a security issue in the Amadeus online booking system [...]

Read More

LoJax Command and Control Domains Still Active

Security - Posted On:2019-01-16 11:45:00 Source: bleepingcomputer

Security researchers have uncovered new details about the infrastructure used by LoJax UEFI rootkit used in attacks from APT28. The analysis revealed two command and control (C2) servers were still active in early 2019. [...]

Read More

MageCart Skimmer Hits Hundreds of Sites In Ad Supply Chain Attack

Security - Posted On:2019-01-16 10:44:57 Source: bleepingcomputer

Most attackers who utilize malicious scripts known as MageCart to steal payment information usually try to keep a low profile to stay undetected on the sites they compromise. New research shows how one MageCart criminal group recently compromised an advertising script to inject MageCart into hundreds of sites at the same time. [...]

Read More

NVIDIA Tesla T4 GPUs in Beta on the Google Cloud Platform

Security - Posted On:2019-01-16 09:59:57 Source: bleepingcomputer

The Google Cloud Platform is the first cloud vendor to provide its customers with access to NVIDIA's professional Tesla T4 GPU, via a beta program with instances available for customers from Brazil, India, Netherlands, Singapore, Tokyo, and the United States. [...]

Read More