The Rakhni Trojan is now giving bad actors the ability to infect victims either with a ransomware cryptor or a miner.

Mike Mimoso, Tom Spring, and Chris Brook discuss security-wise what they hope will and won’t change under a Trump presidency, then discuss the news of the week, including SHA-1 deprecation, Carbanak’s return, and the WhatsApp “backdoor” debacle.

Cisco rolls out a bevy of patches tied to vulnerabilities found in its cloud services platform, IOS software and Prime Home products.

At last week’s Apple Worldwide Developer Conference, Apple announced some security upgrades around Gatekeeper and a new filesystem that includes native support for encryption. Mac hacker Patrick Wardle, director of research at Synack, explains whether this a big deal and how the upgrades address some problems he’d disclosed to Apple. Download: Patrick_Wardle_on_MacOS_Gatekeeper_Security.mp3 Music by Chris Gonsalves

Browser makers and other tech companies have gone to great pains to beef up weak crypto libraries, in particular those that are exposed to fallback attacks such as POODLE. Attackers exploiting these vulnerabilities are able to dial back the encryption protecting communication to SSLv2 and SSLv3, for example, forcing servers to fall back to these...

Mike Mimoso and Chris Brook discuss the news of the week, including the LinkedIn breach, TeslaCrypt closing up shop, and a breakthrough in random number generation. The two also recap this week’s Source conference in Boston. Download: Threatpost_News_Wrap_May_20_2016.mp3 Music by Chris Gonsalves

Google clarified this week exactly when it plans to disable support for the RC4 stream cipher and the SSLv3 protocol on the company’s SMTP servers and Gmail’s web servers. It turns out the end will come sooner than later; the company announced it will begin to disable both a month from now, on June 16....

The digital gaming platform Steam was quick to patch a cryptographic issue in its client recently that could have allowed an attacker to read sensitive information sent over its network, take over an account, or view plain-text passwords. Valve, the Bellevue, Wash.-based video game developer that oversees the platform, rolled out new code on its servers...

Mike Mimoso and Chris Brook discuss the news of the week, including BlackBerry CEO’s stance on lawful access principles, the FBI/Apple hearing, Viber adding end-to-end crypto, Teslacrypt, and more. http://traffic.libsyn.com/digitalunderground/Threatpost_News_Wrap_April_22_2016.mp3 Download: Threatpost_News_Wrap_April_22_2016.mp3 Music by Chris Gonsalves

In addition to fixing the serious crypto vulnerabilities in iMessage that surfaced yesterday, Apple also deployed patches for nearly all of its products, including Safari, OS X, iOS, Apple TV’s tvOS, and watchOS. The iOS update, 9.3, is arguably the most pressing given the cryptographic issue dug up by researchers at Johns Hopkins University, but it...