For over a year attackers were able to carry out a malvertising campaign that managed to draw between one and five million client hits a day, according to researchers. The scam infected thousands a day using a one-two-punch of filtering and steganography, the art of hiding information inside messages or image. The attackers behind the campaign...

A new Android Trojan called SpyNote has been identified by researchers who warn that attacks are forthcoming. The Trojan, found by Palo Alto Networks’ Unit 42 team, has not been spotted in any active campaigns. But Unit 42 believes because the software is now widely available on the Dark Web, that it will soon be used...

Mike Mimoso and Chris Brook discuss the news of the week, including a wireless keyboard vulnerability – KeySniffer, NIST’s statement on 2FA, a LastPass remote compromise bug, and a new Tor paper. Download: Threatpost_News_Wrap_July_29_2016.mp3 Music by Chris Gonsalves

Developers with Android’s Security Team peeled back some of the layers on the mobile operating system this week; describing the lengths Google goes to protect the Linux kernel. In a post to Google’s Security Blog, Jeff Vander Stoep clarified several mitigations slated for inclusion in Nougat, the next stable Android build, and steps they’ve taken...

There is no honor among thieves, as the saying goes, and that includes ransomware crooks. In an apparent move to sabotage a ransomware competitor, the authors of the Mischa and Petya ransomware-as-a-service leaked 3,500 decryption keys for its competitor Chimera ransomware. The move appears to be an attempt to push ransomware criminals to ditch Chimera service and...

LastPass has patched a vulnerability in its Firefox add-on found by Google Project Zero researcher Tavis Ormandy that allows attackers complete remote compromise of the password manager, . The divisive Ormandy submitted a bug report on Tuesday to LastPass after a series of tweets hinting at serious problems in the password manager. Ormandy has been behind...

President Barack Obama signed a Cyber Incident Coordination policy directive on Tuesday that puts processes in place for how the government will respond to malicious or accidental threats to the nation’s public and private cyber infrastructure. The White House directive is designed to improve coordination between government agencies and bring clarity between departments in the event...

Donald Trump may have left himself an out today when he urged Russian hackers to find 30,000 emails deleted by Hillary Clinton from her private server. “Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing,” Trump said during a press conference in Florida. “I think you’ll probably be...

A U.S. government agency said the end is nigh for SMS-based two-factor authentication, citing a lack of security around the feature. The latest draft version of the Digital Authentication Guideline issued this week by the U.S. National Institute for Standards and Technology (NIST) said the practice would soon be discouraged. The Digital Authentication Guideline sets the rules that...

Amid the connections being made between the Russian government and the attack on the Democratic National Committee (DNC), researchers on Tuesday reminded us of the challenges security experts have in correctly attributing advanced attacks. In a wide-ranging Reddit AMA, members of Kaspersky Lab’s Global Research and Analysis Team shared some insight into their day-to-day investigations...