Mike Mimoso and Chris Brook recap the news of the week, including the Badlock bust, encryption legislation (Burr-Feinstein, the California decryption bill) and the dawn of ‘cryptoworms’ – Mike also discusses last week’s Infiltrate Conference in Miami. Download: Threatpost_News_Wrap_April_15_2016.mp3 Music by Chris Gonsalves

The Zero Day Initiative has publicly disclosed a pair of serious vulnerabilities in Apple QuickTime for Windows that will not be patched because Apple is deprecating the product for the Microsoft platform. US-CERT today pushed out an alert advising QuickTime for Windows users that the only mitigation is to uninstall the software. “Computers running QuickTime...

Two powerful Trojans, Nymaim and Gozi ISFB, have been combined to create a “double-headed beast” called GozNym. The Trojan has managed to steal $4 million since it was first discovered just two weeks ago, according to IBM X-Force Research. It reports the hybrid Trojan is currently engaged in an active campaign with 72 percent of...

Google on Wednesday pushed its third Chrome update since the beginning of March, patching a pair of high-severity vulnerabilities in the browser. Yesterday’s update brings Chrome to version 50.0.2662.75 and patched 20 vulnerabilities, according to the Google Chrome Releases blog. Eight of the bugs qualified for a reward under Google’s bug bounty program, the remaining...

Menacing ransomware called Jigsaw threatened to delete thousands of files an hour if victims didn’t pay 0.4 Bitcoins or $150. Worse, restarting your PC, according to the attackers, would also cost victims 1,000 deleted files. The icing on the cake was a menacing image of “Billy the Puppet” from the horror movie franchise Saw and...

The Qbot malware is back and hard at work again with infections reported on 54,517 machines, according to researchers at BAE Systems—with 85 percent of those impacted systems residing in the United States. Qbot’s latest incarnation has learned new tricks since its early days in 2009, and is riling security professionals with its ability to evade...

For the second time in two weeks, researchers have discovered a three-year-old broken patch for a vulnerability in IBM’s Java SDK implementation. The flaw allows for an attacker to execute code outside the Java sandbox, and still affects current versions of IBM SDK, 7 and 8, released in January. Details of the vulnerability and proof-of-concept...

Microsoft today released a lucky 13 bulletins for April, with six rated critical and the others important. In total, Microsoft patched 29 unique CVEs for this round, with the most anticipated patch tied to Badlock. Microsoft addressed a number of critical browser vulnerabilities found in Internet Explorer and Edge. In the case of IE, Microsoft...

Weeks of anxiety and concern over the Badlock vulnerability ended today with an anticlimactic thud. Badlock was the security boogeyman since the appearance three weeks ago of a website and logo branding the bug as something serious in Samba, an open source implementation of the server message block (SMB) protocol that provides file and print...

Old nemeses die hard, especially when you’re banking malware named ZeuS. According to Denmark-based Heimdal Security, the potent 9-year-old malware ZeuS has morphed into the up-and-coming Atmos malware – now targeting banks in France. Researchers are warning that the criminals behind Atmos have been putting the finishing touches on this latest malware threat – perfecting how,...