A botnet comprised entirely of internet-enabled closed circuit TV devices used a barrage of HTTP requests to knock a small jewelry store offline for days. Researchers who came across the botnet recently said they weren’t surprised that IoT devices were being used to carry out a distributed denial of service attack but were caught off...

Researchers have identified a recent wave of malware targeting the Google Play app marketplace that entices users to download utilities and games that when installed surreptitiously root devices. The exploit, which mobile security firm Lookout calls autorooting malware, gives attackers complete control of the infected device. It was discovered by researchers in an app called LevelDropper....

A hacker selling upwards to 655,000 healthcare records on the dark web allegedly obtained them after exploiting a vulnerability in how companies implement remote desktop protocol, or RDP, functionality. The hacker, who goes by the handle “thedarkoverlord,” allegedly penetrated three healthcare organizations and made off with a database from each, according to Deep Dot Web, who...

Last week Apple cleared the air as to whether or not it intentionally released an unencrypted version of its iOS 10 beta kernel to the developer community, stating the move was intentional. “The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operating system’s performance without compromising security,”...

Crooks behind the fast spreading CryptXXX ransomware updated the latest variant with better encryption technology and new methods to evade detection by researchers. This latest version of CryptXXX was spotted by researchers at SetinelOne that say the new updated sample has already earned ransomers approximately $50,000 in bitcoin payouts in the last 17 days. The...

A scathing rebuke of medical professionals’ attitudes toward information security reveals nurses and doctors fumble over protocols often putting patients at risk. The revealing study, “Workarounds to Computer Access in Healthcare Organizations (PDF),” offers a fascinating look behind the privacy curtains at hospitals. The study, sponsored by the University of Pennsylvania, Dartmouth College and the...

The FBI’s apparent capability to unmask users of the Tor Network has caused hand-wringing among those concerned with privacy and civil liberties, many of whom are busy trying to win legal battles to get law enforcement to confess as to how they’re doing it. A team of academics and researchers, however, have come up with...

White hat hacker Chris Vickery uncovered a database of 154 million U.S. voter profiles on an unprotected server chockfull of sensitive data that includes voter names, addresses, email addresses, phone numbers, gun ownership information, preferences on gay marriage and links to individual social media accounts. The data was owned by voter data broker L2 which sold...

Mike Mimoso and Chris Brook recap the news of the week, including a Bitcoin phishing campaign, the Kaspersky Lab ransomware report, misconfigured email servers, and a decline in Angler exploit kit traffic. Download: Threatpost_News_Wrap_June_24_2016.mp3 Music by Chris Gonsalves

An anime site popular in Mexico and South America has been infected with malware redirecting visitors to a Neutrino Exploit Kit landing page. The site, Jkanime, streams anime video and has 33 million monthly visitors. Neutrino is currently the top dog among exploit kits after two of the bigger kits, Angler and Nuclear, have apparently...