CryptXXX ransomware has received a major overhaul by its authors, putting it on the fast track to unseat Locky as top moneymaker for criminals. Researchers at Proofpoint said that on May 26, cybercriminals released an updated CryptXXX 3.100 version of the ransomware that includes a new StillerX credential-stealing module that gives attackers additional capabilities to monetize an attack....

Mike Mimoso and Chris Brook discuss the news of the week, including the back and forth around whether or not TeamViewer was hacked, the fallout around the years-old MySpace and Tumblr breaches, and a 90K Windows zero day.

A WordPress plugin was patched Thursday night, close to a week after reports began to surface of public attacks against a zero-day vulnerability. WP Mobile Detector was pulled from the WordPress Plugin Directory once the attacks went public. It was restored last night and users are urged to update to version 3.7 immediately. The plugin...

Ransomware as a business is maturing and nowhere is that better illustrated than in Russia, according to Flashpoint researchers. The security firm released two reports on Thursday, one on a burgeoning ransomware-as-a-service business model (PDF) in Russia and the second on new developments in Russian ransomware kingpins targeting hospitals (PDF). Researchers conclude, the ransomware industry...

Forced to come clean on breaches against the U.S. Federal Reserve, the Fed on Wednesday revealed the agency that drives financial markets around the world has been breached as many as 50 times in the past five years. As part of a Freedom of Information Act request by the Reuters news agency, the public is...

Google on Wednesday updated the Chrome browser for the third time since the start of May. Chrome 51.0.2704.79 for Windows, Mac, and Linux patched 15 vulnerabilities. It also paid out $14,000 in bounties to prolific bug hunters Mariusz Mlynski ($7,500) and Rob Wu ($6,500). The previous Chrome update on May 27 addressed 42 flaws with...

Lenovo has waved the white flag on a vulnerable component of its pre-installed software updater and recommends that users uninstall it from more than 110 notebook and desktop models running Windows 10. The decision to have users yank the Lenovo Accelerator Application comes days after a Duo Labs study on bloatware vulnerabilities exposing machines from...

Remote support software company TeamViewer continues to contest claims this week it was hacked and instead claims that password reuse and careless user actions may have led to some of its customers’ machines being compromised. The German company has been vigilant with its stance since posting a statement on the issue last Monday, but that...

New malware that targets industrial control systems called Irongate was found by researchers who say the discovery should serve as another wakeup call to the security industry to shore up its detection capabilities around ICS and SCADA threats. Irongate, which shares some of the same attributes as the lethal Stuxnet malware, was found by researchers...

Russian law enforcement has made 50 arrests in connection with a five-year operation to steal three billion rubles (just shy of $45 million USD) from the country’s largest bank, Sberbank. The hackers are alleged to have exploited websites, including popular news sites, to infect victims with the Lurk Trojan, a downloader that grabs more malware...