A never-before-seen malware family known as RIPPER is being blamed for a rash of ATM heists in Thailand last week. The malware, found by researchers at FireEye, is responsible for the theft of 12 million baht ($378,000) from ATMs at banks across Thailand. The discovery of the malware coincided with news reports from the Bangkok...

A never-before-seen malware family known as RIPPER is being blamed for a rash of ATM heists in Thailand last week. The malware, found by researchers at FireEye, is responsible for the theft of 12 million baht ($378,000) from ATMs at banks across Thailand. The discovery of the malware coincided with news reports from the Bangkok...

A serious vulnerability in the TCP implementation in Linux systems deployed since 2012 (version 3.6 of the Linux kernel) can be used by attackers to identify hosts communicating over the protocol and ultimately attack that traffic. Researchers from the University of California, Riverside and the U.S. Army Research Laboratory are expected today at the USENIX...

Threatpost Op-Ed is a regular feature where experts contribute essays and commentary on what’s happening in security and privacy. Today’s contributors are Dave Dittrich and Katherine Carpenter. The terms “cyber war” and “cyber weapon” are thrown around casually, often with little thought to their non-“cyber” analogs. Many who use the terms “cyber war” and “cyber...

A botnet comprised entirely of internet-enabled closed circuit TV devices used a barrage of HTTP requests to knock a small jewelry store offline for days. Researchers who came across the botnet recently said they weren’t surprised that IoT devices were being used to carry out a distributed denial of service attack but were caught off...

The libarchive programming library was recently patched against three critical memory-related vulnerabilities that could be abused to execute code on computers running the vulnerable software. As is the case with most open source software packages, patching the core library is only half the battle; admins must now ensure that third-party software running the library is...

Among the more than three dozen vulnerabilities Microsoft patched on Tuesday was a fix for a bug that the researcher who found it said has “probably the widest impact in the history of Windows.” “There were also some wide impact vulnerabilities before, but maybe not like this extensive,” Chinese researcher Yang Yu, founder of Tencent’s...

More than a year after hackers managed to manipulate the system the Internal Revenue Service has reinstated its Get Transcript service.

Mike Mimoso and Chris Brook discuss news from the week, including how the recent data breaches have fed off password reuse, how a Canadian university paid $20K CDN following a ransomware attack, a scan that showed a lack of secured services on the internet, and more. Download: Threatpost_News_Wrap_June_9_2016.mp3 Music by Chris Gonsalves

Yahoo has forced a password reset on Tumblr account holders after it discovered that someone had accessed email addresses, and salted and hashed passwords from early 2013. A Tumblr spokesperson would not disclose who had accessed the data, where it was found, nor how many email addresses were impacted and how many of those are...