This week we published a security alert about a new wave of spam campaigns containing the Emotet banking trojan that can exploit Windows admin rights on users’ PC. We also included a protection guide to better fight against these online threats.

1. Top 25 Worst, Most Insecure Passwords Used in 2017

How secure are your passwords? Are you using unique and strong ones? SplashData has released a list of the most popular, and insecure passwords users have been using in 2017. Protect your online accounts and avoid using simple and easily breakable passwords like “123456”, “qwerty”, “12345678”, “admin”, or “iloveyou”.

2. Hidden Backdoor Found in WordPress Captcha Plugin Affects Over 300,000 Sies

If you haven’t updated your WordPress blog or site, you should do it immediately. WordFence security firm found a severe backdoor that could allow the plugin author or attackers to remotely gain administrative access to WordPress websites without requiring any authentication.

3. Lazarus Hackers Phish For Bitcoins, Researchers Warn

Security researchers discovered that the Lazarus hackers group has “launched a malicious spear-phishing campaign using the lure of a job opening for the CFO role at a European-based cryptocurrency company”.

4. This New Android Malware Can Physically Damage Your Phone

Security researchers found a new strain of Android malware lurking in fake antivirus and porn applications, which is capable of performing a plethora of criminal activities—from mining cryptocurrencies to launching DDoS attacks.

5. Amateur Hacker Behind Satori Botnet

Researchers say that a hacker called Nexus Zeta created Satori botnet, which is a variant of the Mirai IoT malware that was released online in October 2016.

6. Twitter Just Got More Serious About Two-Factor Authentication. Here’s How to Better Protect your Account

Twitter introduced a new feature that lets users use third-party apps (such as Google Authenticator, Authy, or 1Password) to verify yourself at login. If you haven’t secured your account with two factor authentication system, you can do it now.

7. Bitcoin Crashes! Bitcoin’s Dead! Bitcoin’s Over! Or Is It? A Brief History of Deaths

The price of Bitcoin has dropped more than 25 percent in four days, so what to expect for the next period? Here’s a perspective of this digital currency over the last years.

8. List of Data Breaches and Cyber Attacks in December 2017

Curious to know what happened in the last month of the year in terms of data breaches and cyber attacks? Here’s a very useful list of data breaches and cyber attacks of 2017 with 33.8 million records leaked.

9. Beware of Cryptocurrency Mining Virus Spreading Through Facebook Messenger

Be extra careful! If you get a video file (packed in zip archive) sent by someone (or your friends) on your Facebook messenger, do not click on it. Researchers found a new cryptocurrency mining bot which is spreading through Facebook Messenger and targeting Google Chrome desktop users.

10. Tech Support Scammers Make Browser Lockers More Resilient

Browser lockers (also known as browlocks) are designed to scare but also to create the illusion that the computer has been locked, which is not quite true. “Tech support scammers have been relying on fraudulent pop-ups for many years in order to scare potential victims into calling for remote assistance.”