At this point, Ars readers have heard countless tales of computer users  being forced to pay significant sums to unlock files encrypted with malicious ransomware. So we were a bit surprised when word started to trickle out about a new bit of ransomware that doesn’t ask for money. Instead, “Rensenware” forces players to get a high Read More …

WikiLeaks today dumped a smaller subset of documents from its “Vault 7” collection of files from a CIA software developer server. . Yet again, these documents are more important from the perspective of WikiLeaks having them than for showing any revelatory content. The exploits detailed in these new files are for vulnerabilities that have largely Read More …

Cisco Systems said that more than 300 models of switches it sells contain a critical vulnerability that allows the CIA to use a simple command to remotely execute malicious code that takes full control of the devices. There currently is no fix.   Cisco researchers said they discovered the vulnerability as they analyzed a cache Read More …

Contestants at this year’s Pwn2Own hacking competition in Vancouver just pulled off an unusually impressive feat: They compromised Microsoft’s heavily fortified Edge browser in a way that escapes a VMware virtual machine it runs in. The hack fetched a prize of $105,000, the highest awarded so far over the past three days.   According to Read More …

Credit and debit card payments giant Verifone [NYSE: PAY] is investigating a breach of its internal computer networks that appears to have impacted a number of companies running its point-of-sale solutions, according to sources. Verifone says the extent of the breach was limited to its corporate network and that its payment services network was not Read More …

Researchers at Cisco’s Talos threat research group are publishing research today on a targeted attack delivered by a malicious Microsoft Word document that goes to great lengths to conceal its operations. Based entirely on Windows PowerShell scripts, the remote access tool communicates with the attacker behind it through a service that is nearly never blocked: Read More …

Thursday’s watershed attack on the widely used SHA1 hashing function has claimed its first casualty: the version control system used by the WebKit browser engine, which became completely corrupted after someone uploaded two proof-of-concept PDF files that have identical message digests.   The bug resides in Apache SVN, an open-source version control system that WebKit Read More …

Cloudflare, a service that helps optimize the security and performance of more than 5.5 million websites, warned customers today that a recently fixed software bug exposed a range of sensitive information that could have included passwords and cookies and tokens used to authenticate users.   A combination of factors made the bug particularly severe. First, Read More …

Encrypted connections established by at least 949 of the top 1 million websites are leaking potentially sensitive data because of a recently discovered software vulnerability in appliances that stabilize and secure Internet traffic, a security researcher said Thursday.   The bug resides in a wide range of firewalls and load balancers marketed under the F5 Read More …

Michael A. Persaud, a California man profiled in a Nov. 2014 KrebsOnSecurity story about a junk email purveyor tagged as one of the World’s Top 10 Worst Spammers, was indicted this week on federal wire fraud charges tied to an alleged spamming operation.   According to an indictment returned in federal court in Chicago, Persaud Read More …