Malware authors, ad farmers, and scammers are abusing a Firefox bug to trap users on malicious sites.

This wouldn’t be a big deal, as the web is fraught with this kind of malicious sites, but these websites aren’t abusing some new never-before-seen trick, but a Firefox bug that Mozilla engineers appear to have failed to fix in the 11 years ever since it was first reported back in April 2007…

https://www.zdnet.com/article/malicious-sites-abuse-11-year-old-firefox-bug-that-mozilla-failed-to-fix/

For all donut lovers out there, it’s time to reset your account passwords if you have been a customer of Dunkin Donuts. Allegedly, after facing a cyber attack, Dunkin Donuts reset passwords of its users’ accounts out of an abundance of caution. Fortunately, the company did not suffer any data security breach. However, the credential stuffing attack clearly shows that the hackers already possess users’ accounts login details…

https://latesthackingnews.com/2018/11/30/dunkin-donuts-resets-passwords-after-enduring-credential-stuffing-attack/

Marriott International said Friday that up to 500 million guests’ information may have been accessed as part of a data breach of its Starwood guest reservation database.

The world’s largest hotel chain said it determined on Nov. 19 that an “unauthorized party” had accessed the database as early as 2014…

https://www.nbcnews.com/news/us-news/marriott-says-data-breach-compromised-info-500-million-guests-n942041

Akamai has detected an ingenious malware campaign that alters configurations on home and small office routers to open connections toward internal networks so crooks can infect previously isolated computers.

MORE SECURITY NEWS
Hackers can exploit this bug in surveillance cameras to tamper with footage
GCHQ: We don’t tell tech companies about every software flaw
Dunkin’ Donuts accounts may have been hacked in credential stuffing attack
Dell announces security breach
The way hackers achieve this, Akamai said, is via a technique known as UPnProxy, which the company first detailed in April this year…

https://www.zdnet.com/article/hackers-are-opening-smb-ports-on-routers-so-they-can-infect-pcs-with-nsa-malware/

The Department of Justice has unsealed indictments against eight people who allegedly ran the infamous online advertising scams 3ve and Methbot. The defendants, who are primarily from Russia, are accused of collecting more than $36 million from companies who thought they were paying to place ads on websites. But the ads were never seen by a human being — instead, the defendants allegedly used a server farm and a botnet to simulate billions of visits to real pages…

https://www.theverge.com/2018/11/27/18115230/3ve-methbot-operation-eversion-online-ad-fraud-arrest-indictment

Google has taken swift action after it was discovered that more than a dozen apps that install malware on user devices were found in the Google Play store.

The company has yanked the 13 Android apps, which included car and truck driving simulations as well as a couple that actually got featured in the store’s trending section. However, that removal came after a researcher claimed that at least 500,000 users had download the apps in total, risking the installation of malware on their devices….

https://bgr.com/2018/11/25/google-play-store-apps-removed-malware-found/

Facebook users are reporting one of the stranger bugs to plague the platform of late: years-old Messenger threads resurfacing automatically, without context or explanation. First reported by users on Twitter, the company now confirms that older messages are being treated as new, unread ones and popping up in the Messenger tab on Facebook.com. The explanation, however, remains elusive…

https://www.theverge.com/2018/11/26/18113539/facebook-messenger-old-threads-conversations-resurfacing-no-reason