As Apple’s attorneys mull over their legal options for having the FBI explain how it hacked Syed Farook’s iPhone, a separate case playing out involving the security service and the anonymity software Tor may have a hand in predicting the outcome. According to a court filing earlier this week, the FBI is refusing to comply with a judge’s request...

New ransomware called KimcilWare is targeting websites running the Magento ecommerce platform, used by the likes of Vizio, Olympus and Nike. According to security experts from the MalwareHunterTeam, hackers exploit vulnerabilities in the Magento ecommerce platform and install the KimcilWare ransomware on the webserver. Once installed, attackers use Rijndael block ciphers to encrypt website files and demanding...

The Department of Defense announced today that registration for its Hack the Pentagon bug bounty trial program is open, and that the program will be run on the HackerOne platform. The trial of the government’s first bug bounty program will run April 18 to May 12. The DoD said only certain public-facing websites will be...

The American Civil Liberties Union has dug up more proof that from the get-go the FBI’s attempt to crack open an iPhone used by the San Bernardino shooter Syed Rizwan Farook was not just about the one phone. The ACLU found court documents and on Wednesday published an interactive map visualizing the Justice Department’s 63 requests through the courts since 2008...

Apple’s Developer Enterprise Program has been abused in the recent past to push malicious apps onto iOS devices, most notably with the WireLurker, XcodeGhost and YiSpecter attacks. In all three cases, attackers legitimately obtained certificates under the program, which is available to enterprises wishing to develop and internally distribute mobile apps for their workforces without...

Wall Street-savvy hackers are behind a data breach that involves a who’s-who of New York City legal firms. Federal investigators are looking into the breach that included Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP, both high-profile New York-based law firms. Cravath Swaine & Moore said told Threatpost its computer networks were infiltrated...

When the Internet’s root name servers are in the line of fire of a DDoS attack, people start to sweat, and with good reason since they are the authoritative servers used to resolve IP addresses. The most recent attacks against the root servers happened over a two-day period starting last Nov. 30, and impacted services...

More than 1,400 vulnerabilities exist in a widely used drug cabinet system, according to an advisory issued by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) on Tuesday. The problems exist in Pyxis SupplyStation, an automated medical supply cabinet manufactured by CareFusion. The systems, common in nursing setups in facilities across the healthcare sector,...

Portions of the hospital chain MedStar Health remain offline Wednesday as a result of a major malware attack that occurred Monday and crippled the hospital’s computer systems and forced one of the largest healthcare providers in Maryland and Washington, D.C. to turn patients away. The healthcare provider said the attack forced it to shut down its...

In a conversation from RSA Conference, Mike Mimoso talks to Endgame chief technology officer Jamie Butler about what’s new–if anything–with targeted attacks, the proliferation of ransomware, and what defenders are doing about detecting attacks on their networks. Download: Jamie_Butler_RSA.mp3 Music by Chris Gonsalves