After months of relative dormancy, ransomware CTB-Locker or Critroni is back and this time finding new life targeting websites. Researchers are calling this variant “CTB-Locker for Websites” because it targets websites, encrypts their content, and demands a 0.4 bitcoin ($425) ransom for access to the decryption key. In a technical breakdown of “CTB-Locker for Websites”,...

The U.S. Federal Trade Commission announced a settlement with ASUSTeK Computer over sloppy security settings tied to its routers that left the personal data of 12,900 consumers’ publicly available. On Tuesday, the Taiwanese electronics company agreed to 20 years of periodic security audits along with fines of $16,000 per incident that could reach as much...

A five-year campaign primarily focused on extracting sensitive information from Japanese oil, gas, and electric utilities was outlined by researchers on Tuesday. Referred to as Operation Dust Storm (.PDF) by researchers at Cylance, the campaign has managed to stay persistent over the years, and especially lately, by using dynamic DNS domains and customized backdoors. While the group...

Apple CEO Tim Cook’s major argument in objecting to the FBI’s request to assist in unlocking San Bernardino shooter Syed Farook’s iPhone 5c is the precedent it would set in doing so. As it turns out, Cook had a leg to stand on when he defiantly objected to a federal magistrate’s order last week. Apple...

Child safety firm uKnowKids is blasting a security researcher who discovered the company exposed 1,700 identities of the children they were supposed to be protecting. On Monday, security researcher Chris Vickery alerted uKnowKids, a company that helps parents keep tabs on their kid’s online activities, that one of its databases containing sensitive company information and...

The nation-state sponsored hacker group allegedly behind the 2014 attack against Sony Pictures Entertainment has been linked to similar intrusions against a number of companies in South Korea including the Dark Seoul and Operation Troy attacks. A coalition of security companies called Operation Blockbuster, including Kaspersky Lab, Novetta, AlienVault, Invincea, ThreatConnect, Volexity, Symantec, and PunchCyber today published...

Apple removed an iOS application from its Chinese iTunes App Store that allowed users of non-jailbroken iOS devices to install pirated and jailbroken apps. Researchers at Palo Alto Networks, who discovered the rogue application, said the app was not malicious, but presented a serious security risk if developers behind the application used the crack in...

Threatpost editor Mike Mimoso talks with Roberto Martinez and Santiago Pontiroli, researchers with Kaspersky Lab’s Global Research and Analysis Team (GReAT) about ATM malware, jackpotting, and why it works so well in Latin America. [embedded content]

Wireless keyboards and mice are the latest peripherals to put enterprise networks and user data at risk. Researchers at Bastille Networks today said that non-Bluetooth devices from seven manufacturers including Logitech, Dell and Lenovo are vulnerable to so-called Mousejack attacks that would allow a hacker within 100 meters to abuse this attack vector and install...

Exploits for a vulnerability in Microsoft Silverlight have found their way into the dangerous Angler Exploit Kit a little more than a month after it was patched. French security researcher Kafeine said he was able to get independent confirmation from researchers at Kaspersky Lab that the exploit targeted CVE-2016-0034, which was fixed by Microsoft in...