Insecure Hadoop and CouchDB installations are the latest attack targets of cybercriminals who are hijacking and deleting stolen data.

The U.S. Army released the results of its Hack the Army bug bounty, and said that close to $100,000 was paid out, and 118 unique and actionable vulnerabilities were reported.

Mike Mimoso, Tom Spring, and Chris Brook discuss security-wise what they hope will and won’t change under a Trump presidency, then discuss the news of the week, including SHA-1 deprecation, Carbanak’s return, and the WhatsApp “backdoor” debacle.

Carbanak has moved away from its exclusive focus on financial services, branching out to attacks against hospitality and retail.

Encrypted email service ProtonMail announced early Thursday that it had added its own Tor hidden service.

Researchers say the Necurs spam botnet is limping back into action with two new campaigns that could be the telltale signs of a future full-scale attack.

Facebook dismisses a researcher who says multimedia content sent via Facebook Messenger can be intercepted by a third party under certain conditions.

Google this week explained how it weighs potentially harmful Android apps using the Verify Apps malware scanner and a scoring system it calls Dead or Insecure.

MedSec CEO Justine Bone talks to Mike Mimoso about the St. Jude Medical vulnerabilities, the considerations her company and Muddy Waters made in short selling St. Jude stock, and the current state of medical device security. Download: Justine_Bone_on_St._Jude_Vulnerabilities_and_Medical_Device_Security.mp3 Music by Chris Gonsalves

Carbanak has surfaced again with new campaigns using Google hosted services such as Forms and Sheets as command and control channels.