Mike Mimoso and Chris Brook discuss the news of the week, including a wireless keyboard vulnerability – KeySniffer, NIST’s statement on 2FA, a LastPass remote compromise bug, and a new Tor paper. Download: Threatpost_News_Wrap_July_29_2016.mp3 Music by Chris Gonsalves

There is no honor among thieves, as the saying goes, and that includes ransomware crooks. In an apparent move to sabotage a ransomware competitor, the authors of the Mischa and Petya ransomware-as-a-service leaked 3,500 decryption keys for its competitor Chimera ransomware. The move appears to be an attempt to push ransomware criminals to ditch Chimera service and...

Donald Trump may have left himself an out today when he urged Russian hackers to find 30,000 emails deleted by Hillary Clinton from her private server. “Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing,” Trump said during a press conference in Florida. “I think you’ll probably be...

Yahoo has been given until August 31 to comply with a court order asking how the company was able to recover emails that were presumed deleted. Yahoo’s policy guide claims it cannot recover emails from a user’s account that have been deleted but defense lawyers for a convicted U.K. drug trafficker are speculating whether the company...

More than 100 malicious Tor Hidden Services Directories (HSDirs) were found to be snooping on the services they host, and in some cases, operators were actively using the data collected to attack the services. While at first blush, the discovery would seem to put another dent in the privacy and anonymity aspects so heavily associated...

A PHP vulnerability that exposed adult website PornHub’s user data to hackers and allowed for code execution on servers hosting the site, earned a trio of German researchers $22,000 as part of a bug bounty program. PHP patched the vulnerability in June. The flaw is tied to a use-after-free memory corruption bug that takes place when...

Mike Mimoso and Chris Brook discuss the news of the week, including privacy and Pokemon GO, a new MIT anonymity system, the Fiat Chrysler bug bounty program, and a patched printer spooler vulnerability. Download: Threatpost_News_Wrap_July_15_2016.mp3 Music by Chris Gonsalves

Researchers from MIT believe a new anonymity scheme they’ve devised dubbed Riffle could contend with Tor, claiming it’s every bit as secure as Tor, and bandwidth-efficient, to boot. According to a paper, “Riffle: An Efficient Communication System With Strong Anonymity,” (.PDF) released this week, the system can guarantee anonymity among a large group of users, as...

Niantic, Inc. – the company behind the ubiquitous, can’t-go-10-minutes-without-hearing-about-it Pokémon GO game – said Monday night it wasn’t the company’s intent to request full access permission of its users’ Google accounts. The company, a Google spinoff, was put in the crosshairs over its security, or lack thereof, earlier this week after it was discovered the app had...

Google last week announced changes in the way it will handle trusted Certificate Authorities in Nougat, the latest version of the Android operating system. The changes are expected to cut into the likelihood of a successful man-in-the-middle attack, or a device falling victim to an attacker-supplied custom certificate. This also takes a bit of pressure...