End of An Era As Kelihos Botnet Operator Jailed
A Russian man pleaded guilty this week to running Kelihos, a botnet that for years helped facilitate a lengthy spam and credential-harvesting campaign.
Stealing Passcodes Over the Air
Researchers have published a paper on a new side-channel attack that essentially turns Android devices into sonar systems. It allows attackers, via acoustic signals, to track a person's finger movements on devices, something which could allow them to capture sensitive data, like passwords.
Protect Ya Neck (and Instagram Pics)
Instagram enabled support for two factor authentication and account verification - giving users an added step to protect their data - in an update to the app this week.
Ryuk Ransomware Goes After the Big Fish
Over the last two weeks attackers have been using the Ryuk ransomware to carry out tailored attacks against large organizations.
Facebook and the Attribution Conundrum
Facebook this week said it removed a series of pages believed to be involved in a deceptive political influence campaign.
The ‘Not Secure’ Web
After years of hinting it would do so, Google finally began marking HTTP pages that collect information as "Not Secure" in Chrome this week.
Mobile Attack Campaign Used MDM to Intercept Traffic
Researchers recently discovered a narrowly focused attack that targets iPhone users with data-stealing, location tracking malware.
USB the Hard Way
Apple made it trickier for anyone looking to download the contents of an iOS device this week with a new feature that prevents USB accessories from communicating with devices that haven't been unlocked in an hour.
Mozilla Fixes Critical Flaws, Adds Have I Been Pwned Integration in Firefox
The latest version of Firefox includes a new feature that integrates Have I Been Pwned, a service by security expert Troy Hunt that alerts users if their credentials have been compromised.
Preventing a Ban on Encryption
A bipartisan bill, the ENCRYPT Act, has resurfaced in the House of Representatives this week. The legislation would block states and governments from compelling companies to weaken encryption with a backdoor.
