It resembles Mirai in many ways, with the difference that it doesn't just use default password guesses to break into IoT devices but known security exploits. More than a million devices are already infected.
Dubbed "Bad Rabbit", it pretended to be an Adobe Flash Installer on news sites and asked to be installed. It took down public transport in Kiev, Odessa's airport and a few Russian news agencies.
Controlled Folder Access (CFA) is a nifty feature that let's you designate 'protected folders'. If a non-whitelisted process, such as ransomware, tries to modify those folders, it will be blocked and you will be alerted.
The applications were infected with the Proton malware, which is capable of stealing keychain passwords, cryptocurrency, browser information, etc. It's unknown when the infection started. If you installed any of these apps you'll need a full system wipe.
A US bill has been proposed that would allow companies to 'hack back' at their attackers. That might seem like a good idea at first, but take a moment to think some more on it and then read the article on why it is actually a terrible, terrible idea.
Canada's CSE, basically their equivalent of the NSA, has released a tool called AssemblyLine. Files go in, get analysed, and roll out with a score to help separate new from old malware, determining which files require a closer look by a human. The repository can be found on Bitbucket here.
Now that Chrome shows non-HTTPS pages as "Insecure" whenever they have an input field, Troy Hunt explains step by step how to get your website on HTTPS, including HSTS (HTTPS Strict Transport Security) and CSP (Content Security Policy).
A Github repository with all movies, TV shows and documentaries on hackers and cybersecurity :-)
Attackers only need to find and exploit one vulnerability in your web application to create havoc.