Researchers have discovered a shared backend infrastructure between the Jaff ransomware and a black market carder shop.

FireEye said threat actors are using the NSA’s EternalBlue exploit of the same Microsoft SMBv1 vulnerability as WannaCry to spread Nitol and Gh0st RAT.

Rapid7 warned this week that its Nexpose appliances were shipped with a SSH configuration that could have let obsolete algorithms be used for key exchange.

Mike Mimoso and Chris Brook discuss the news of the week, including the ShadowBrokers crowdfunding attempt, errors in WannaCry, a new Wikileaks dump, last week’s Samba vulnerability, and the OneLogin breach.

Pandemic is a Windows implant built by the CIA that turns file servers into Patient Zero on a local network, infecting machines requesting files with Trojanized replacements.

A massive malware campaign has already infected 250 million Windows and Mac OS computers worldwide.

More than 1,000 mobile apps are leaking personal information via unsecured backend platforms such as MongoDB, MySQL and others.

A crowdfunding effort to buy a subscription to the ShadowBrokers’ Monthly Dump Service of stolen exploits and data was shut down citing legal and ethical concerns.

A breach at OneLogin appears to have compromised customer data, including the ability to decrypt encrypted data.

Researchers at Kaspersky Lab have found a number of programming errors in the WannaCry ransomware code that put file recovery within reach of sysadmins.