Marriott International said Friday that up to 500 million guests’ information may have been accessed as part of a data breach of its Starwood guest reservation database.

The world’s largest hotel chain said it determined on Nov. 19 that an “unauthorized party” had accessed the database as early as 2014…

https://www.nbcnews.com/news/us-news/marriott-says-data-breach-compromised-info-500-million-guests-n942041

Akamai has detected an ingenious malware campaign that alters configurations on home and small office routers to open connections toward internal networks so crooks can infect previously isolated computers.

MORE SECURITY NEWS
Hackers can exploit this bug in surveillance cameras to tamper with footage
GCHQ: We don’t tell tech companies about every software flaw
Dunkin’ Donuts accounts may have been hacked in credential stuffing attack
Dell announces security breach
The way hackers achieve this, Akamai said, is via a technique known as UPnProxy, which the company first detailed in April this year…

https://www.zdnet.com/article/hackers-are-opening-smb-ports-on-routers-so-they-can-infect-pcs-with-nsa-malware/

The Department of Justice has unsealed indictments against eight people who allegedly ran the infamous online advertising scams 3ve and Methbot. The defendants, who are primarily from Russia, are accused of collecting more than $36 million from companies who thought they were paying to place ads on websites. But the ads were never seen by a human being — instead, the defendants allegedly used a server farm and a botnet to simulate billions of visits to real pages…

https://www.theverge.com/2018/11/27/18115230/3ve-methbot-operation-eversion-online-ad-fraud-arrest-indictment

Google has taken swift action after it was discovered that more than a dozen apps that install malware on user devices were found in the Google Play store.

The company has yanked the 13 Android apps, which included car and truck driving simulations as well as a couple that actually got featured in the store’s trending section. However, that removal came after a researcher claimed that at least 500,000 users had download the apps in total, risking the installation of malware on their devices….

https://bgr.com/2018/11/25/google-play-store-apps-removed-malware-found/

Facebook users are reporting one of the stranger bugs to plague the platform of late: years-old Messenger threads resurfacing automatically, without context or explanation. First reported by users on Twitter, the company now confirms that older messages are being treated as new, unread ones and popping up in the Messenger tab on Facebook.com. The explanation, however, remains elusive…

https://www.theverge.com/2018/11/26/18113539/facebook-messenger-old-threads-conversations-resurfacing-no-reason

Right wing conspiracy theorist Alex Jones has been ripping off his Infowars audience for years by selling overpriced vitamin supplements of dubious effectiveness, but now security researchers have discovered that the Infowars store has been infected with malware that steals his customers’ credit card information, according to Gizmodo.

The malware, known as Magecart, was discovered by Dutch security researcher Willem de Groot on every Infowars store page. The code would spring to life when customers checked out, mining their payment data and sending their credit card information every 1.5 seconds to a server located in in Lithuania…

https://www.rawstory.com/2018/11/alex-jones-infowars-infected-malware-steals-credit-card-information/

In March, Twitter CEO Jack Dorsey held a clear-the-air livestream discussion to address concerns about the #health of the company’s platform. Abuse and disinformation were top of mind, but Dorsey also spoke to another problem as well: the proliferation of cryptocurrency giveaway scams.

Send us a small bit of bitcoin, an account made to look like @ElonMusk or @realDonaldTrump would say, pledging in true Nigerian Prince fashion that it would deliver a much larger amount in return. These were unsophisticated schemes, but they were widespread. Dozens of bogus scam-peddling celebrity accounts were being created every day, and that was alarming to Dorsey and to Twitter’s vice president of trust and safety, Del Harvey. On the livestream, Dorsey and Harvey promised quick, tactical action against them, noting that Twitter would use pattern matching and machine learning to eliminate a problem that seemingly came out of nowhere…

https://www.buzzfeednews.com/article/janelytvynenko/twitter-cryptocurrency-scams-verified-accounts-russia-target

As leader of the Autobots, you’d think that Optimus Prime would always know what time it is. However, Casio, in collaboration with Transformer toymaker Takara Tomy, Casio has unveiled a special edition Transformer with a G-Shock watch installed right in his heart. The promotion celebrates the 35th anniversary of G-Shock, and the 35th anniversary of the Transformers in 2019, Casio said…

https://www.engadget.com/2018/11/16/casio-g-shock-transformer/