SecHub

Newly-Discovered Malware Targets Unpatched MacOS Flaw (threatpost.com)

Researchers have found samples of malware that targets a recently-disclosed, unpatched MacOS vulnerability.

Serious Security: Rambleed attacks blunted – the OpenSSH way (nakedsecurity.sophos.com)

Here's a way to keep secrets safe in memory, even in a world of hardware-level leakage due to tricks like Rambleed, Spectre and more.

Florida City Pays Ransomware (schneier.com)

Learning from the huge expenses Atlanta and Baltimore incurred by refusing to pay ransomware, the Florida City of Riveria Beach decided to pay up. The ransom amount of almost $600,000 is a lot, but much cheaper than the alternative....

Tracing the Supply Chain Attack on Android (krebsonsecurity.com)

Earlier this month, Google disclosed that a supply chain attack by one of its vendors resulted in malicious software being pre-installed on millions of new budget Android devices. Google didn't exactly name those responsible, but said it believes the offending vendor uses the nicknames "Yehuo" or "Blazefire." What follows is a deep dive into the identity of that Chinese vendor, which appears to have a long and storied history of pushing the envelope on mobile malware.

Malspam Emails Blanket LokiBot, NanoCore Malware With ISO Files (threatpost.com)

A new malicious campaign is spreading LokiBot and NanoCore trojans under the guise of an ISO file claiming to be an invoice.

Recipe for success: tech support scammers zero in via paid search (malwarebytes.com)

We take a deep dive into the recently reported Azure-hosted tech support scam pages, identifying this as one of the most successful scam campaigns in use today.

How to Avoid Becoming the Next Riviera Beach (darkreading.com)

Be prepared by following these five steps so you don't have to pay a ransom to get your data back.

ICO slams UK Met Police for failure to handle public data requests (zdnet.com)

Updated: With GDPR in full swing, the data watchdog wants to help consumers access the information the police have on them.

Companies on Watch After US, Iran Claim Cyberattacks (darkreading.com)

With the cyber conflict between the United States and Iran ramping up, companies traditionally targeted by the countries - such as those in the oil and gas and financial industries - need to bolster their security efforts, experts say.

Malicious URL attacks using HTTPS surge across the enterprise (zdnet.com)

Organizations should be aware of the latest impersonation techniques and file service exploits.