APT Cobalt Gypsy or OilRig, used a fake persona called “Mia Ash” to ensnare tech-savvy workers in the oil and gas industry into downloading PupyRAT malware.

The Tor Project is launching a public bug bounty program to encourage security researchers to responsibly report issues they find in the software.

Senator Ron Wyden is pushing to mandate government-wide use of the email authentication protocol DMARC “to ensure that hackers cannot send emails that impersonate federal agencies.”

Cloudflare and network operator Credo Mobile suffered a legal defeat when U.S. appeals court ruled to uphold a gag order on FBI surveillance data.

The EFF’s annual Who Has Your Back report singles out giant telecommunications providers for their prioritization of government requests for data over privacy.

Citizen Lab investigates the targeting of Chinese language news websites in a phishing attack that leveraged the NetWire remote access Trojan.

Researchers have found links between the BlackEnergy APT group and threat actors behind the ExPetr malware used in last month’s global attacks.

The global outbreak of the Petya/ExPetr malware wasn’t a ransomware attack, it was wiper malware aimed to sabotage, according to experts.

The FBI’s Internet Crime Complaint Center (IC3) identified ransomware as one of 2016’s top threats, but a relatively small number of attacks were reported.

Mike Mimoso and Chris Brook discuss the news of the week, including Citizen Lab’s latest report, WannaCry hitting Honda, GhostHook, and Fireball.