Mike Mimoso and Chris Brook recap the news of the week, including the EternalRocks worm, the latest on WannaCry, a subtitle hack, and a Twitter flaw.

Phishing sites are deploying freely available TLS certificates in order to dupe victims into thinking they’re visiting a safe site.

A recently released extension for Chrome, developed by the public key crypto database Keybase, brought end-to-end encrypted messaging to several apps this week.

Rep. Tom Graves has revised a draft of the Active Cyber Defense Certainty Act with new provisions that include mandatory notification and permission to recovery or destroy stolen data on the attacker’s computer.

A linguistics analysis of the 28 ransom notes included with WannaCry indicate that native Chinese and English speakers wrote the original note, Flashpoint said.

The Samba Team has patched a severe bug that leaves computers vulnerable to wormable exploit.

The market for automated credential stuffing tools is growing fast, because of a record number of breaches.

Researchers warn two features, not flaws, in Android can be used together to open devices up to attack.

Twitter fixed a flaw in its Twitter Ads service could have allowed an attacker to tweet as any user.

An academic paper to be presented today at IEEE posits that analysis of network signals provides a better early warning of malware than infections than current practices.