Hacker Who Worked with FSB Agents in Email Hacks Gets 5 Years in Prison

A 23-year-old Canadian man who hacked into Yahoo and Gmail accounts on behalf of Russian Secret Service (FSB) agents was sentenced to five years in prison and a fine of $250,000. | Continue reading


@bleepingcomputer.com | 6 years ago

Researchers Bypass AMD’s SEV Virtual Machine Encryption

Four researchers from the Fraunhofer Institute for Applied and Integrated Safety in Munich, Germany have published a research paper this week detailing a method of recovering data that is normally encrypted by AMD's Secure Encrypted Virtualization (SEV), a safety mechanism design … | Continue reading


@bleepingcomputer.com | 6 years ago

Python May Let Security Tools See What Operations the Runtime Is Performing

A new feature proposal for the Python programming language wants to add "transparency" to the runtime and let security and auditing tools view when Python may be running potentially dangerous operations. | Continue reading


@bleepingcomputer.com | 6 years ago

Z-Shave Attack Could Impact Over 100M IoT Devices

The Z-Wave wireless communications protocol used for some IoT/smart devices is vulnerable to a downgrade attack that can allow a malicious party to intercept and tamper with traffic between smart devices. | Continue reading


@bleepingcomputer.com | 6 years ago

Amazon Alexa Recorded a Conversation and Sent It to a Contact Without Permission

As much as people enjoy their virtual assistants, sometimes they do things that are downright creepy. Such is the case for a family in Portland who discovered that Amazon Alexa recorded a conversation without permission and sent it to a random person in their contact list. | Continue reading


@bleepingcomputer.com | 6 years ago

Malware Found in the Firmware of 141 Low-Cost Android Devices

Two years after being ousted, a criminal operation that has been inserting malware in the firmware of low-cost Android devices is still up and running, and has even expanded its reach. | Continue reading


@bleepingcomputer.com | 6 years ago

FacePause Chrome Extension Pauses a YouTube Video When You Look Away

A new experimental, and may I dare say, creepy Chrome Extension called FacePause pauses a YouTube video when you look away from the screen.  It does this by utilizing an API called FaceDetector that has been available in Chrome since version 56. | Continue reading


@bleepingcomputer.com | 6 years ago

Mozilla Adds 2FA Support for Firefox Accounts

Mozilla is rolling out support for a two-step authentication process for Firefox Accounts, the credentials system that protects bookmarks, passwords, open tabs and other data synchronized between devices via the Firefox Sync feature. | Continue reading


@bleepingcomputer.com | 6 years ago

BMW Fixes Security Flaws in Several Well-Known Car Models

BMW is working on firmware updates for some of its cars after researchers from the Tencent Keen Security Lab have discovered 14 flaws affecting high-profile car models such as BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series. | Continue reading


@bleepingcomputer.com | 6 years ago

The Facebook Android App Is Asking for Superuser Privileges

The Facebook Android app is asking for superuser permissions, and a bunch of users are freaking out about granting the Facebook app full access to their device, an understandable reaction following the fallout from the Cambridge Analytica privacy scandal. | Continue reading


@bleepingcomputer.com | 6 years ago

Hardcoded Password Found in Cisco Enterprise Software, Again

Cisco released 16 security advisories yesterday, including alerts for three vulnerabilities rated "Critical" and which received a maximum of 10 out of 10 on the CVSSv3 severity score. | Continue reading


@bleepingcomputer.com | 6 years ago

Windows 1803 Update Turns on SSH

With the release of the April 2018 Update, the OpenSSH Client is now officially out of beta and is also installed by default in Windows 10.  The OpenSSH Server for Windows is also out of beta, but still needs to be manually installed. | Continue reading


@bleepingcomputer.com | 6 years ago

Police Seize Servers of Bulletproof Provider Known for Hosting Malware Ops

Dutch police have seized ten servers belonging to a bulletproof hosting provider known for harboring child pornography sites and command and control servers for DDoS botnets, cyber-espionage, malvertising, spam, and malware operations. | Continue reading


@bleepingcomputer.com | 6 years ago

Smarter People Don’t Have Better Passwords, Study Finds

A study carried out at a college in the Philippines shows that students with better grades use bad passwords in the same proportion as students with bad ones. | Continue reading


@bleepingcomputer.com | 6 years ago

Security Flaw Impacts Electron-Based Apps

Security researchers have found a security flaw in Electron, a software framework that has been used in the past half-decade for building a wealth of popular desktop applications. | Continue reading


@bleepingcomputer.com | 6 years ago

Microsoft Now Has a Usable Dark Theme for File Explorer in Windows 10

With today's release of Windows 10 Insider Preview Build 17666, Microsoft added an updated Dark Theme for File Explorer that is for the most part usable. We first reported on the File Explorer Dark Theme back in April, but at that time it was an ugly mess. | Continue reading


@bleepingcomputer.com | 6 years ago

Multiple OS Vendors Release Security Patches After Misinterpreting Intel Docs

Almost all major OS vendors released security patches yesterday after a researcher discovered that some OS makers have misinterpreted an Intel CPU debug feature and left their systems open to attacks. | Continue reading


@bleepingcomputer.com | 6 years ago

PoC Developed for CoinHive Mining in Excel Using Custom JavaScript Functions

Within days of Microsoft announcing that they are introducing custom JavaScript equations in Excel, a security researcher has developed a way to use this method to load the CoinHive in-browser JavaScript miner within Excel. | Continue reading


@bleepingcomputer.com | 6 years ago

Backdoored Python Library Caught Stealing SSH Credentials

Barely a week has passed from the last attempt to hide a backdoor in a code library, and we have a new case today. This time around, the backdoor was found in a Python module, and not an npm (JavaScript) package. | Continue reading


@bleepingcomputer.com | 6 years ago

Microsoft Adds Support for JavaScript Functions in Excel

At the Build 2018 developer conference that's taking place these days in Seattle, USA, Microsoft announced support for custom JavaScript functions in Excel. | Continue reading


@bleepingcomputer.com | 6 years ago

Brexit: European Commission Wants to Cancel 317,000 .eu Domains Owned by Brits

The European Commission announced on Wednesday plans to cancel new registration and domain renewals for .eu domains owned by British citizens. EU citizens residing in the UK are also barred from registering or renewing domains. | Continue reading


@bleepingcomputer.com | 6 years ago

Microsoft Releases a “Windows Command Reference” for Over 250 Console Commands

Microsoft released a 948 page PDF titled the "Windows Command Reference" that contains documentation on over 250 Windows console commands. For each command, Microsoft has included a detailed description of the command, their command line arguments,.and for some commands, what ope … | Continue reading


@bleepingcomputer.com | 6 years ago

New Service Blocks EU Users So Companies Can Save Thousands on GDPR Compliance

A new service called GDPR Shield is making the rounds this week and for all the wrong reasons. The service, advertised as a piece of JavaScript that webmasters embed on their sites, blocks EU-based users from accessing a website, just so the parent company won't have to deal with … | Continue reading


@bleepingcomputer.com | 6 years ago

Chinese Cyberspies Appear to Be Preparing Supply-Chain Attacks

Chinese cyberspies are evolving their tactics, focusing on IT staffers, relying more and more on spear-phishing instead of malware, and gathering code signing certificates from hacked software companies in the preparation of future supply-chain attacks. | Continue reading


@bleepingcomputer.com | 6 years ago

Somebody Tried to Hide a Backdoor in a Popular JavaScript NPM Package

The Node Package Manager (npm) team avoided a disaster today when it discovered and blocked the distribution of a cleverly hidden backdoor mechanism inside a popular —albeit deprecated— JavaScript package. | Continue reading


@bleepingcomputer.com | 6 years ago

DDoS Attacks Go Down 60% Across Europe Following WebStresser's Takedown

Link11, a DDoS mitigation firm, says that DDoS attacks fell 60% across Europe following the takedown of WebStresser, the largest DDoS-for-hire portal on the market. | Continue reading


@bleepingcomputer.com | 6 years ago

Hackers Scan the Web for Vulnerable WebLogic Servers After Oracle Botches Patch

For more than a week hackers have started scanning the Internet, searching for machines running Oracle WebLogic servers. Scans started after April 17, when Oracle published its quarterly Critical Patch Update (CPU) security advisory. | Continue reading


@bleepingcomputer.com | 6 years ago

PDF files can be abused to steal Windows credentials

PDF files can be weaponized by malicious actors to steal Windows credentials (NTLM hashes) without any user interaction, and only by opening a file, according to Assaf Baharav, a security researcher with cyber-security Check Point. | Continue reading


@bleepingcomputer.com | 6 years ago

Long Prison Sentence for Man Who Hacked Jail Computer System to Bust Out Friend

A judge sentenced a Michigan man to 87 months —7 years 3 months— in prison for hacking into a county jail's computer system and modifying prisoner records in an attempt to get an inmate released early. | Continue reading


@bleepingcomputer.com | 6 years ago

Microsoft's Windows 10 “April 2018 Update” Being Released on Monday

Microsoft announced today that the next Windows 10 feature update will be called "April 2018 Update" and will be released this Monday.  With this update Microsoft is focusing on helping people making the most of their time by introducing new features that make it easier and faste … | Continue reading


@bleepingcomputer.com | 6 years ago