Someone Is Taking Over Insecure Cameras and Spying on Device Owners

Many brands of webcams, security cameras, pet and baby monitors, use a woefully insecure cloud-based remote control system that can allow hackers to take over devices by performing Internet scans, modifying the device ID parameter, and using a default password to gain control ove … | Continue reading


@bleepingcomputer.com | 6 years ago

Man gets 20 years in jail for attempting to hijack domain at gunpoint

An Iowa man will go to prison for the next 20 years after he attempted to hijack an Internet domain at gunpoint, tased and shot the victim, and got shot back himself. | Continue reading


@bleepingcomputer.com | 6 years ago

New MysteryBot Android Malware Packs a Banking Trojan, Keylogger, and Ransomware

Cybercriminals are currently developing a new strain of malware targeting Android devices which blends the features of a banking trojan, keylogger, and mobile ransomware. | Continue reading


@bleepingcomputer.com | 6 years ago

New SamSam Variant Requires Special Password Before Infection

New versions of the SamSam ransomware will not execute unless the person running the malware's payload enters a special password via the command-line. | Continue reading


@bleepingcomputer.com | 6 years ago

Microsoft Edge Bug Exposes Content from Other Sites via Audio Files

A weird Edge bug that was fixed earlier this month, allows a malicious website to retrieve content from other sites by playing audio files in a malformed manner that produces unintended consequences. | Continue reading


@bleepingcomputer.com | 6 years ago

MacOS Breaks Your OpSec by Caching Data from Encrypted Hard Drives

Apple's macOS surreptitiously creates and caches thumbnails for images and other file types stored on password-protected / encrypted containers (hard drives, partitions), according to Wojciech Reguła and Patrick Wardle, two macOS security experts. | Continue reading


@bleepingcomputer.com | 6 years ago

Rootkit-Based Adware Wreaks Havoc Among Windows 10 Users in the US

Security researchers from Romania-based antivirus vendor Bitdefender say they've discovered a new adware strain named Zacinlo that uses a rootkit component to gain persistence across OS reinstalls, a rootkit component that's even effective against Windows 10 installations. | Continue reading


@bleepingcomputer.com | 6 years ago

Android App Devs Find Clever Trick for Fooling Users into Installing Crapware

An expert in Android security is warning users that some developers of crappy Android apps have come up with a new trick for fooling users into installing their apps. | Continue reading


@bleepingcomputer.com | 6 years ago

Kaspersky Halts Europol and NoMoreRansom Project Coop After EU Parliament Vote

Kaspersky Lab announced it was temporarily halting its cooperation with Europol following the voting of a controversial motion in the European Parliament today. | Continue reading


@bleepingcomputer.com | 6 years ago

17 Backdoored Docker Images Removed from Docker Hub

The Docker team has pulled 17 Docker container images that have been backdoored and used to install reverse shells and cryptocurrency miners on users' servers for the past year. | Continue reading


@bleepingcomputer.com | 6 years ago

Dark Web Drug Vendor Pleads Guilty After Feds Traced His Bitcoin Transactions

Gal Vallerius, a 36-year-old French national pleaded guilty this week in the US of selling narcotics on the Dark Web under the nickname of OxyMonster. | Continue reading


@bleepingcomputer.com | 6 years ago

Trik Spam Botnet Leaks 43M Email Addresses

Over 43 million email addresses have leaked from the command and control server of a spam botnet, a security researcher has told Bleeping Computer today. | Continue reading


@bleepingcomputer.com | 6 years ago

Today, the EU Will Vote If to Ban Kaspersky Products from Official EU Networks

In a plenary session of the European Parliament that will be held today in Strasbourg, France, members of the European Parliament (MEPs) will vote on a motion for resolution which includes a clause to ban the use of software programs "that have been confirmed as malicious, such a … | Continue reading


@bleepingcomputer.com | 6 years ago

Ten Malicious Libraries Found on PyPI – Python Package Index

The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI — Python Package Index — the official third-party software repository for the Python programming language. | Continue reading


@bleepingcomputer.com | 6 years ago

VPNFilter Can Also Infect ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE Devices

The VPNFilter malware that infected over 500,000 routers and NAS devices across 54 countries during the past few months is much worse than previously thought. | Continue reading


@bleepingcomputer.com | 6 years ago

Microsoft Adds Post-Quantum Cryptography to an OpenVPN Fork

Microsoft has recently published an interesting open source project called "PQCrypto-VPN" that implements post-quantum cryptography (PQC) with OpenVPN. This project is being developed by the Microsoft Research Security and Cryptography group as part of their research into post-qu … | Continue reading


@bleepingcomputer.com | 6 years ago

Mobile Devs Making the Same Security Mistakes Web Devs Made in the Early 2000s

Mobile app developers are going through the same growing pains that the webdev scene has gone through in the 90s and 2000s when improper input validation led to many security incidents. | Continue reading


@bleepingcomputer.com | 6 years ago

CSS Is So Overpowered It Can Deanonymize Facebook Users

Some of the recent additions to the Cascading Style Sheets (CSS) web standard are so powerful that a security researcher has abused them to deanonymize visitors to a demo site and reveal their Facebook usernames, avatars, and if they liked a particular web page of Facebook. | Continue reading


@bleepingcomputer.com | 6 years ago

Vermont Entices Remote Workers to Relocate by Paying Their Expenses

As if Ben and Jerry's, beautiful landscape, and legalized marijuana wasn't enough of an incentive, Vermont has passed legislation called the "New Remote Worker Grant Program" that will pay a remote worker's expenses if they move to Vermont. | Continue reading


@bleepingcomputer.com | 6 years ago

CSS Is So Overpowered It Can Deanonymize Facebook Users

Some of the recent additions to the Cascading Style Sheets (CSS) web standard are so powerful that a security researcher has abused them to deanonymize visitors to a demo site and reveal their Facebook usernames, avatars, and if they liked a particular web page of Facebook. | Continue reading


@bleepingcomputer.com | 6 years ago

Malicious Git Repository Can Lead to Code Execution on Remote Systems

The developers behind Git and various companies providing Git repository hosting services have pushed out a fix to patch a dangerous vulnerability in the Git source code versioning software. | Continue reading


@bleepingcomputer.com | 6 years ago

Hacker Who Worked with FSB Agents in Email Hacks Gets 5 Years in Prison

A 23-year-old Canadian man who hacked into Yahoo and Gmail accounts on behalf of Russian Secret Service (FSB) agents was sentenced to five years in prison and a fine of $250,000. | Continue reading


@bleepingcomputer.com | 6 years ago

Researchers Bypass AMD’s SEV Virtual Machine Encryption

Four researchers from the Fraunhofer Institute for Applied and Integrated Safety in Munich, Germany have published a research paper this week detailing a method of recovering data that is normally encrypted by AMD's Secure Encrypted Virtualization (SEV), a safety mechanism design … | Continue reading


@bleepingcomputer.com | 6 years ago

Python May Let Security Tools See What Operations the Runtime Is Performing

A new feature proposal for the Python programming language wants to add "transparency" to the runtime and let security and auditing tools view when Python may be running potentially dangerous operations. | Continue reading


@bleepingcomputer.com | 6 years ago

Z-Shave Attack Could Impact Over 100M IoT Devices

The Z-Wave wireless communications protocol used for some IoT/smart devices is vulnerable to a downgrade attack that can allow a malicious party to intercept and tamper with traffic between smart devices. | Continue reading


@bleepingcomputer.com | 6 years ago

Amazon Alexa Recorded a Conversation and Sent It to a Contact Without Permission

As much as people enjoy their virtual assistants, sometimes they do things that are downright creepy. Such is the case for a family in Portland who discovered that Amazon Alexa recorded a conversation without permission and sent it to a random person in their contact list. | Continue reading


@bleepingcomputer.com | 6 years ago

Malware Found in the Firmware of 141 Low-Cost Android Devices

Two years after being ousted, a criminal operation that has been inserting malware in the firmware of low-cost Android devices is still up and running, and has even expanded its reach. | Continue reading


@bleepingcomputer.com | 6 years ago

FacePause Chrome Extension Pauses a YouTube Video When You Look Away

A new experimental, and may I dare say, creepy Chrome Extension called FacePause pauses a YouTube video when you look away from the screen.  It does this by utilizing an API called FaceDetector that has been available in Chrome since version 56. | Continue reading


@bleepingcomputer.com | 6 years ago

Mozilla Adds 2FA Support for Firefox Accounts

Mozilla is rolling out support for a two-step authentication process for Firefox Accounts, the credentials system that protects bookmarks, passwords, open tabs and other data synchronized between devices via the Firefox Sync feature. | Continue reading


@bleepingcomputer.com | 6 years ago

BMW Fixes Security Flaws in Several Well-Known Car Models

BMW is working on firmware updates for some of its cars after researchers from the Tencent Keen Security Lab have discovered 14 flaws affecting high-profile car models such as BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series. | Continue reading


@bleepingcomputer.com | 6 years ago

The Facebook Android App Is Asking for Superuser Privileges

The Facebook Android app is asking for superuser permissions, and a bunch of users are freaking out about granting the Facebook app full access to their device, an understandable reaction following the fallout from the Cambridge Analytica privacy scandal. | Continue reading


@bleepingcomputer.com | 6 years ago

Hardcoded Password Found in Cisco Enterprise Software, Again

Cisco released 16 security advisories yesterday, including alerts for three vulnerabilities rated "Critical" and which received a maximum of 10 out of 10 on the CVSSv3 severity score. | Continue reading


@bleepingcomputer.com | 6 years ago

Windows 1803 Update Turns on SSH

With the release of the April 2018 Update, the OpenSSH Client is now officially out of beta and is also installed by default in Windows 10.  The OpenSSH Server for Windows is also out of beta, but still needs to be manually installed. | Continue reading


@bleepingcomputer.com | 6 years ago

Police Seize Servers of Bulletproof Provider Known for Hosting Malware Ops

Dutch police have seized ten servers belonging to a bulletproof hosting provider known for harboring child pornography sites and command and control servers for DDoS botnets, cyber-espionage, malvertising, spam, and malware operations. | Continue reading


@bleepingcomputer.com | 6 years ago

Smarter People Don’t Have Better Passwords, Study Finds

A study carried out at a college in the Philippines shows that students with better grades use bad passwords in the same proportion as students with bad ones. | Continue reading


@bleepingcomputer.com | 6 years ago

Security Flaw Impacts Electron-Based Apps

Security researchers have found a security flaw in Electron, a software framework that has been used in the past half-decade for building a wealth of popular desktop applications. | Continue reading


@bleepingcomputer.com | 6 years ago

Microsoft Now Has a Usable Dark Theme for File Explorer in Windows 10

With today's release of Windows 10 Insider Preview Build 17666, Microsoft added an updated Dark Theme for File Explorer that is for the most part usable. We first reported on the File Explorer Dark Theme back in April, but at that time it was an ugly mess. | Continue reading


@bleepingcomputer.com | 6 years ago

Multiple OS Vendors Release Security Patches After Misinterpreting Intel Docs

Almost all major OS vendors released security patches yesterday after a researcher discovered that some OS makers have misinterpreted an Intel CPU debug feature and left their systems open to attacks. | Continue reading


@bleepingcomputer.com | 6 years ago

PoC Developed for CoinHive Mining in Excel Using Custom JavaScript Functions

Within days of Microsoft announcing that they are introducing custom JavaScript equations in Excel, a security researcher has developed a way to use this method to load the CoinHive in-browser JavaScript miner within Excel. | Continue reading


@bleepingcomputer.com | 6 years ago

Backdoored Python Library Caught Stealing SSH Credentials

Barely a week has passed from the last attempt to hide a backdoor in a code library, and we have a new case today. This time around, the backdoor was found in a Python module, and not an npm (JavaScript) package. | Continue reading


@bleepingcomputer.com | 6 years ago

Microsoft Adds Support for JavaScript Functions in Excel

At the Build 2018 developer conference that's taking place these days in Seattle, USA, Microsoft announced support for custom JavaScript functions in Excel. | Continue reading


@bleepingcomputer.com | 6 years ago

Brexit: European Commission Wants to Cancel 317,000 .eu Domains Owned by Brits

The European Commission announced on Wednesday plans to cancel new registration and domain renewals for .eu domains owned by British citizens. EU citizens residing in the UK are also barred from registering or renewing domains. | Continue reading


@bleepingcomputer.com | 6 years ago

Microsoft Releases a “Windows Command Reference” for Over 250 Console Commands

Microsoft released a 948 page PDF titled the "Windows Command Reference" that contains documentation on over 250 Windows console commands. For each command, Microsoft has included a detailed description of the command, their command line arguments,.and for some commands, what ope … | Continue reading


@bleepingcomputer.com | 6 years ago

New Service Blocks EU Users So Companies Can Save Thousands on GDPR Compliance

A new service called GDPR Shield is making the rounds this week and for all the wrong reasons. The service, advertised as a piece of JavaScript that webmasters embed on their sites, blocks EU-based users from accessing a website, just so the parent company won't have to deal with … | Continue reading


@bleepingcomputer.com | 6 years ago

Chinese Cyberspies Appear to Be Preparing Supply-Chain Attacks

Chinese cyberspies are evolving their tactics, focusing on IT staffers, relying more and more on spear-phishing instead of malware, and gathering code signing certificates from hacked software companies in the preparation of future supply-chain attacks. | Continue reading


@bleepingcomputer.com | 6 years ago

Somebody Tried to Hide a Backdoor in a Popular JavaScript NPM Package

The Node Package Manager (npm) team avoided a disaster today when it discovered and blocked the distribution of a cleverly hidden backdoor mechanism inside a popular —albeit deprecated— JavaScript package. | Continue reading


@bleepingcomputer.com | 6 years ago

DDoS Attacks Go Down 60% Across Europe Following WebStresser's Takedown

Link11, a DDoS mitigation firm, says that DDoS attacks fell 60% across Europe following the takedown of WebStresser, the largest DDoS-for-hire portal on the market. | Continue reading


@bleepingcomputer.com | 6 years ago

Hackers Scan the Web for Vulnerable WebLogic Servers After Oracle Botches Patch

For more than a week hackers have started scanning the Internet, searching for machines running Oracle WebLogic servers. Scans started after April 17, when Oracle published its quarterly Critical Patch Update (CPU) security advisory. | Continue reading


@bleepingcomputer.com | 6 years ago