Yahoo officially released part two of its once-secret government documents that were part of its 2007 court battle with the Foreign Intelligence Surveillance Court (FISC) that forced it to reveal sensitive customer data requested by the National Security Agency. This second wave of documents brings fresh insight into Yahoo’s fight to protect its customers from...

Domain registrar GoDaddy fixed a vulnerability affecting systems used by its customer support agents that could have been abused to take over, modify or delete accounts. Researcher Matthew Bryant said that a riff on a cross-site scripting attack called a blind XSS was to blame. A GoDaddy customer, Bryant wrote on Sunday on his blog...

Bangladeshi police this week alleged that technicians associated with the financial network SWIFT introduced vulnerabilities that made it easier for hackers to infiltrate the systems of Bangladesh Bank and carry out a massive heist. Earlier this year hackers used stolen credentials to inject malware into the bank’s SWIFT, or the Society for Worldwide Interbank Financial Telecommunication,...

Two-year-old Bucbi ransomware is making a comeback, with new targeted attacks and a new brute force technique. Researchers at Palo Alto Networks said they spotted the ransomware recently infecting a Windows Server demanding a 5 bitcoins (or $2,320) ransom. Researchers report the ransomware is no longer randomly seeking victims, as it did two years ago, but...

A Twitter business partner, whose service sifts through Twitter’s so-called fire hose of tweets as well as data from other sources to ascertain patterns in breaking news events, has been told to no longer provide its services to the U.S. intelligence community. The Wall Street Journal on Sunday reported that the arrangement between Dataminr—Twitter owns...

Microsoft’s Security Intelligence Report painted a bleak picture when it comes to malware, fraudulent login attempts and the staying power of really old exploits. Key findings in the 198-page biannual report run the gamut illustrating how old threats die hard and what new threats are on the horizon. The report, released Thursday, analyzes the threat...

Mike Mimoso, Chris Brook, and Threatpost’s newest reporter, Tom Spring, discuss the week in news, including a first hand account of an online casino’s experience with a Teslacrypt infection, Brazil shutting down WhatsApp, and attackers mining an ADP portal for W-2s. Download: Threatpost_News_Wrap_May_6_2016.mp3 Music by Chris Gonsalves

PwnedList, an online service that allows subscribers to monitor whether their credentials have been leaked in data breaches, said on Thursday that its decision to shut down has nothing to do with a serious vulnerability that exposed its collection of 866 million compromised credentials. “The site was scheduled for decommission a while back. Due to...

A new vulnerability has been discovered in Lenovo’s much-maligned Lenovo Solution Center (LSC) software. The vulnerability allows attackers with local network access to a PC to execute arbitrary code, said researchers at Trustwave SpiderLabs. The flaw allows an attacker to elevate privileges and is tied to the LSC application’s backend. It opens the door for a malicious attacker...

It’s rare a week goes by now without a new strain of ransomware making headlines. Researchers described one of the latest earlier this week, a relatively affordable ransomware-as-a-service named AlphaLocker. One of the main selling points to AlphaLocker is how cheap it is; the ransomware can be purchased directly from the author for as little...