Top 10 Stories

If you're not up-to-date with your Intel CPU Meltdown patches for Windows 7 or Server 2008 R2, get busy with that, because exploit code for Microsoft's own-goal flaw is available. Microsoft issued an update in late March after Swedish researcher Ulf Frisk turned up what he dubbed “Total Meltdown.” The bug Frisk found was that in Microsoft's Windows 7 and Server 2008 R2 mitigations for the Meltdown design flaw in Intel chips, released in January and February, Microsoft made the...

A new crimeware kit for sale on a hacking forum is offering aspiring cybercriminals a cheap way to launch malware spam campaigns. Uncovered by researchers at Flashpoint, the kit was first offered for sale in February for $500; two months later, the price has already been reduced to just $120 for a three-month license. It's available on high-profile Russian-speaking and English-speaking underground forums and has been observed being used by various cybercriminal groups of different sizes, reflecting...

A new spam campaign designed to infect victims with GandCrab ransomware has surged over the past few days, as the criminals behind the scheme look to infect as many victims as possible. Analysis by researchers at security company Fortinet found that three new samples of GandCrab 2.1 are being distributed as the payload in a single mass spam campaign. View full story ORIGINAL SOURCE: ZDNet

A new in-development ransomware was discovered that has an interesting characteristic. Instead of the distributed executable performing the ransomware functionality, the executables compiles an embedded encrypted C# program at runtime and launches it directly into memory. View full story ORIGINAL SOURCE: Bleeping Computer

The UK's election watchdog has apologised after mistakenly releasing details of donors to a pro-Union campaign group. The Electoral Commission tried to redact details of 168 individuals who had donated to Scotland in Union, after a Freedom of Information request. But a "technical issue" meant the full names could be seen simply by cutting and pasting the spreadsheet. The body now faces investigation by the Information Commissioner's Office. View full story ORIGINAL SOURCE: BBC

A vulnerability in the Outage app of electricity network provider Vector may have exposed the personal information of more than 35,000 customers in New Zealand. Following the severe storm which battered the country earlier this month, the company was “made aware” of an API vulnerability within its application. As a result, the glitch has allowed users with an understanding of web applications to identify the vulnerability and potentially exploit it to see information about other...

More than seven in 10 large charities have fallen victim to cyber attacks or breaches in the past year, new research from the Department for Digital, Culture, Media and Sport has found. A report based on the research, the Cyber Security Breaches Survey 2018, found that 73 per cent of the charities with annual incomes of more than £5m that took part in the survey had fallen victim to cyber attacks or breaches over the past...

Necurs, the world's largest spam botnet, with millions of infected computers under its control, has updated its arsenal and is currently utilizing a new technique to infect victims. This new technique consists of sending an email to a potential victim containing an archive file, which unzips to a file with the extension of .URL. This is a typical Windows shortcut file that opens a web page directly into a browser, instead of a location on...

Necurs, the world's largest spam botnet, with millions of infected computers under its control, has updated its arsenal and is currently utilizing a new technique to infect victims. This new technique consists of sending an email to a potential victim containing an archive file, which unzips to a file with the extension of .URL. This is a typical Windows shortcut file that opens a web page directly into a browser, instead of a location on...

Even with all Apple's expertise and investment in cybersecurity, there are some security problems that are so intractable the tech titan will require a whole lot more time and money to come up with a fix. Such an issue has been uncovered by Don A. Bailey, founder of Lab Mouse Security, who described to Forbes a hack that, whilst not catastrophic, exploits iOS devices' trust in Internet of Things devices like connected toasters and TVs. And, as he describes the attack, it can...