Attackers are not through testing the limits of what they can do with new features in ransomware samples. That latest found in the wild is called PowerWare and it was discovered a week ago targeting a company in the healthcare industry, researchers at Carbon Black told Threatpost. What sets PowerWare apart from other crypto-ransomware samples...

Mike Mimoso and Chris Brook recap the week in news, including how the FBI vacated Tuesday’s Apple hearing, a crypto iMessage bug that was patched, and the latest hospital to be hit by the ransomware Locky. The two also preview Badlock and what, if any, implications this week’s announcement may have. Download: Threatpost_News_Wrap_March_25_2016.mp3 Music by Chris...

Google pushed out the latest version of Chrome Thursday afternoon, fixing five issues, four of them critical. The update remedies an out-of-bounds read in Chrome’s open source JavaScript engine V8, two use-after-free vulnerabilities – one in Navigation and one in Extensions – and a buffer overflow in the libANGLE library. The V8 vulnerability fetched Wen...

System Integrity Protection (SIP) was implemented in OS X El Capitan and imposes limitations on what actions that Mac computers’ root accounts can take against protected paths of the operating system. Yesterday at the SysCan360 conference in Singapore, a researcher from SentinelOne disclosed details of a vulnerability that was patched by Apple this week only...

The U.S. government on Thursday indicted seven hackers affiliated with the Iranian government for attacks it called “a frightening new frontier in cybercrime.” Accusing the men of carrying out a series of distributed denial of service (DDoS) attacks against 46 financial companies, the Department of Justice announced the charges in a press conference Thursday morning in Washington,...

If it ain’t broke, don’t fix it. If there’s one thing the recent surge in threats using macros to spread malware has shown, it’s that the vector is clearly working for attackers. Developers at Microsoft hope a feature in the latest version of Microsoft Office will reduce the frequency of those attacks by giving administrators...

Oracle yesterday released an emergency patch for a Java vulnerability that was improperly patched in 2013. Researchers at Security Explorations in Poland two weeks ago disclosed that a Java patch for an issue the company reported in 2013, CVE-2013-5838, was still trivially exploitable, and it enabled attackers to remotely execute code and bypass the Java...

While the iMessage crypto bug got most of the attention among this week’s Apple patches, another vulnerability that was addressed represents a nasty trend of privilege escalation flaws that merit watching. Researchers at Cisco on Wednesday disclosed details on a flaw in an OS X graphics kernel driver that begs to be chained with any number of...

For a strain of ransomware that’s only been in the wild for a little more than a month, Locky has sure been able to make a name for itself. The malware gained notoriety last month when it confounded administrators at the Hollywood Presbyterian Medical Center in Los Angeles and apparently took another victim this week in...

Threatpost Editor in Chief Mike Mimoso talks to crypto pioneer and security expert Bruce Schneier of Resilient Systems about the early days of the RSA Conference, the integration of privacy and security, and the current FBI-Apple debate over encryption and surveillance. [embedded content]