Hackers are escalating recent attacks against hospitals with new strains of server-side ransomware dubbed SamSam and Maktub. Unlike traditional ransomware samples that rely on gullible users to click on a malware-infected email attachment or visit a booby-trapped website, this new breed of ransomware is installed once attackers have exploited unpatched server vulnerabilities. To date, only...

Researchers are encouraging Android users who may have downloaded a popular caller identification application to update, as a previous version of the app inadvertently leaked user information. The app, Truecaller, specializes in phone call management and has been installed at least 100,000,000 times, according to its listing on Google’s Play marketplace. While the app is...

A six-week public standoff between Apple and the FBI ended today when the Department of Justice said it had accessed encrypted data stored on the San Bernardino terrorist’s iPhone. The DOJ said in its motion that it no longer needed Apple’s help as mandated in a Feb. 16 court order and asked that the order...

Popular open source shopping cart app Zen Cart is warning its users of dozens of cross-site scripting vulnerabilities found in its software. Affected websites, security experts say, risk exposing customers to malware, theft of cookies data and site defacement. Researchers at the security firm Trustwave discovered the vulnerabilities in September 2015 and have worked closely...

Facebook was quick to fix an issue earlier this month that could’ve let an attacker break into four percent of all active, locked Instagram accounts, meaning it affected approximately one million users. Belgium-based IT security consultant Arne Swinnen discovered the issue two weeks ago when he stumbled upon two bugs, a combination of missing authentication and an insecure...

As more US companies snuff out point of sale malware by deploying chip-and-PIN bankcard technology, attackers are rushing to exploit existing magnetic strip card systems still vulnerable to malware. A group of hackers that go by the name Bears Inc. are behind the latest barrage of attacks with a custom-built point of sale malware called...

Despite the Badlock hype machine cranked up high, we don’t know much about this impending soul-crushing vulnerability other than it could be bad, it could be in the Windows Server Message Block and it already has its own requisite logo and website. Nonetheless, we have a little more than two weeks before the next Microsoft...

Verizon is in the process of notifying customers of its Enterprise Solutions division that their data has been breached. The news comes a few days after a treasure trove of information on 1.5 million Verizon Enterprise customers reportedly made its way onto an underground cybercrime forum, according to KrebsonSecurity.com, which broke the news on Thursday. The seller...

Mike Mimoso and Chris Brook recap the week in news, including how the FBI vacated Tuesday’s Apple hearing, a crypto iMessage bug that was patched, and the latest hospital to be hit by the ransomware Locky. The two also preview Badlock and what, if any, implications this week’s announcement may have. Download: Threatpost_News_Wrap_March_25_2016.mp3 Music by Chris...

Google pushed out the latest version of Chrome Thursday afternoon, fixing five issues, four of them critical. The update remedies an out-of-bounds read in Chrome’s open source JavaScript engine V8, two use-after-free vulnerabilities – one in Navigation and one in Extensions – and a buffer overflow in the libANGLE library. The V8 vulnerability fetched Wen...