Attackers are not through testing the limits of what they can do with new features in ransomware samples. That latest found in the wild is called PowerWare and it was discovered a week ago targeting a company in the healthcare industry, researchers at Carbon Black told Threatpost. What sets PowerWare apart from other crypto-ransomware samples...

Mike Mimoso and Chris Brook recap the week in news, including how the FBI vacated Tuesday’s Apple hearing, a crypto iMessage bug that was patched, and the latest hospital to be hit by the ransomware Locky. The two also preview Badlock and what, if any, implications this week’s announcement may have. Download: Threatpost_News_Wrap_March_25_2016.mp3 Music by Chris...

If it ain’t broke, don’t fix it. If there’s one thing the recent surge in threats using macros to spread malware has shown, it’s that the vector is clearly working for attackers. Developers at Microsoft hope a feature in the latest version of Microsoft Office will reduce the frequency of those attacks by giving administrators...

For a strain of ransomware that’s only been in the wild for a little more than a month, Locky has sure been able to make a name for itself. The malware gained notoriety last month when it confounded administrators at the Hollywood Presbyterian Medical Center in Los Angeles and apparently took another victim this week in...

Home Depot agreed to pay $19.5 million to compensate the 40 million cardholders it said were impacted by a massive 2014 data breach. As part of a proposed settlement by Home Depot, it admits no wrongdoing or liability in the breach, according to court filings with the US District Court for the Northern District of...

Millions of Android users are at risk of a new Metaphor exploit that can take over Samsung, LG and HTC phones in under 20 seconds. The hack gives attackers access to the targeted phones including the ability to inject malware and take control over key smartphone functions. Discovered by Israeli-based security firm NorthBit, the vulnerability...

Mitre Corporation will introduce a new pilot program for classifying Common Vulnerabilities and Exposures (CVE) in the coming weeks. The move is in response to a backlash in the security community where some critics contend Mitre is failing to keep pace with a massive influx in the number of reported vulnerabilities to the organization. The...

Apple iOS devices are in the crosshairs of another malware attack that has already infected an estimated six million non-jailbroken iOS devices in China, according to researchers. Palo Alto Networks found the new malware called AceDeceiver that infects iOS devices via Windows PCs and which leverages design flaws in Apple’s DRM software. So far, AceDeceiver has only impacted iOS...

American Express has begun notifying cardholders that their data may have been compromised in a third-party breach. A notification letter filed on March 10 with California’s attorney general indicates that AmEx account numbers, user names and other information including expiration dates may have been accessed. “We became aware that a third party service provider engaged...

Big-name websites were hit with a cunning malvertising campaign over the weekend that attempted to sneak TeslaCrypt ransomware on computers vulnerable to the potent Angler Exploit Kit. Top sites running the malicious ads included The New York Times owned NYTimes.com, Answers.com and AOL.com, according three separate security firms that spotted a spike in malvertising over...