In the security world where Trojans remake themselves more often than a fading Hollywood actor, the Marcher Trojan is no exception. The 3-year-old Marcher has found new relevance targeting Android users visiting porn sites, according to a report from security firm Zscaler. Over the past month, researchers observed a new Marcher campaign where attackers are attempting...

Threatpost Editor Mike Mimoso talks to Synack director of research and well-known OS X hacker Patrick Wardle about the discovery of an OS X malware dropper that likely was developed by the Hacking Team. [embedded content]

Mike Mimoso and Chris Brook discuss the week in news, including how Amazon is backtracking on encryption when it comes to their devices, a new set of alleged passcode bypasses for iOS, and the new OS X ransomware KeRanger. Download: Threatpost_News_Wrap_March_11_2016.mp3 Music by Chris Gonsalves

The Justice Department took off the gloves in its latest volley against Apple and its refusal to comply with a court order to unlock a terrorist’s iPhone. “Apple deliberately raised technological barriers that now stand between a lawful warrant and an iPhone containing evidence related to the terrorist mass murder of 14 Americans,” wrote attorneys...

Researchers are tracking a massive spam campaign pelting inboxes with Locky ransomware downloaders in the form of JavaScript attachments. The huge spike, reported by security firm Trustwave, represents an extraordinary uptick in the attempted distribution of the Locky ransomware. Trustwave said over the last seven days, malware-laced spam has represented 18 percent of total spam...

Samsung laptop owners are being urged to update their Windows PCs after the discovery of a vulnerability that can allow remote attackers to download files onto a targeted system and gain complete control over the laptop. The flaw is tied to a feature called “Samsung SW Update Tool 2.2.5.16” designed keep Samsung laptop users’ drivers...

The divide between developers and hackers is real. So, apparently, is the effort to bring them together and make them play nicely. “It’s not just a knowledge gap, but an empathy gap,” said I Am The Cavalry founder Josh Corman during a panel discussion at last week’s RSA Conference. “One common thing between the two...

Adobe today released a new version of Flash Player that patches 18 vulnerabilities, all of which can result in remote code execution attacks. On Tuesday, Adobe pushed out security updates for Reader, Acrobat and Digital Editions, and gave users a head’s up about an upcoming Flash update. Today’s Flash release patches a host of memory-related...

Users of secure messaging apps such as Pidgin, Adium and others built upon libotr, the Off-the-Record protocol, are being urged to update immediately to current versions after the discovery of a critical flaw that can be used in targeted attacks to expose encrypted communication. The OTR development team yesterday pushed out libotr 4.1.1 which patches...

Despite the rush to patch systems at risk to the massive transport layer security (TLS) vulnerability, known as DROWN, hundreds of cloud services are still at risk of attack. According to two independent research firms, Netskope and Skyhigh Networks, a week after the vulnerability was identified DROWN still presents a high risk to companies. Skyhigh...