News

News

• August 15, 2017 15 Aug'17

  Mobile data theft a risk from shared app libraries

  Researchers claim malicious actors could commit mobile data theft by using shared third-party libraries and abusing elevated privileges that the permissions granted.

• August 11, 2017 11 Aug'17

  Microsoft antivirus policy changes under Kaspersky pressure

  Microsoft antivirus policy changes for Windows 10 Fall Creators Update in order to avoid further action in an antitrust case brought by Kaspersky.

• August 11, 2017 11 Aug'17

  FBI's Next Generation Identification system exempt from Privacy Act

  News roundup: The FBI Next Generation Identification biometrics database is exempt from the Privacy Act. Plus, Salesforce fired two top staffers after DEFCON, and more.

• August 11, 2017 11 Aug'17

  U.S. attorney: Gathering cybercrime evidence can be difficult

  Assistant U.S. attorney says jurors and courts are getting smarter about cybercrime evidence, although digital cases overall may be getting more difficult to prosecute.

• August 11, 2017 11 Aug'17

  How threat actors weaponized Mia Ash for a social media attack

  Dell SecureWorks researchers detected suspicious activity on social media accounts of Mia Ash. When they dug deeper, they discovered a new, complex social engineering attack.

• Sponsored News

  • It’s Time to Modernize Your SOC

    Sponsored by Microsoft - With the shift to remote work caused by COVID-19, Security Operations Centers (SOCs) are under more pressure than ever, particularly with many SOC workers also working from home. Today’s reality is that SOCs have to embrace a new way of working in order to keep their analysts and admins effective and to ensure that morale doesn’t collapse under the weight of too much work and pressure. See More

  • 6 Factors to Consider in Building Resilience Now

    Sponsored by Microsoft - COVID-19 has been, and continues to be, a stark reminder of the importance of business resilience. Organizations of all types and sizes have had to adjust to rapidly changing and unpredictable circumstances: A shift to remote work, supply chain disruptions, new digitally driven business models and an environment where uncertainty is the rule, not the exception. See More

  • Why Zero Trust, Why Now

    Sponsored by Microsoft - The concept of a Zero Trust cybersecurity architecture has been around for more than a decade, but adoption didn’t really begin to take hold until the past couple of years. As with many technology innovations, it hasn’t always been clear just what Zero Trust is all about and, more important, how to implement it easily and cost effectively. See More

  • 5 Best Practices To Secure Remote Workers

    Sponsored by Microsoft - The impact of COVID-19 has changed the dynamics and landscape of remote work for at least the foreseeable future and, probably, forever. All of a sudden, organizations across all industries had to scale remote workers at unprecedented intensity and speed. See More

  View All Sponsored News
• August 10, 2017 10 Aug'17

  Risk & Repeat: Voting machine hacking brings good and bad news

  In this week's Risk & Repeat podcast, SearchSecurity editors look back at DEFCON 2017's voting machine hacking and what it could mean for the future of U.S. election security.

• August 09, 2017 09 Aug'17

  Windows 10 Linux subsystem gets first patches

  Microsoft's August 2017 Patch Tuesday brought the first Windows 10 Linux subsystem patches, just as a new version of the Linux subsystem is released for Windows Server.

• August 08, 2017 08 Aug'17

  The Symantec-Google feud can't be swept under the rug

  The Symantec-Google feud regarding the antivirus vendor's web certificate practices appears to be over. But that doesn't mean it should be minimized or ignored.

• August 04, 2017 04 Aug'17

  Ransomware recovery goes beyond data loss for enterprises

  Enterprises may see paying up as a quick path to ransomware recovery, but experts said there are many issues to consider when making that choice.

• August 04, 2017 04 Aug'17

  IoT device security bill mandates security standards

  News roundup: U.S. Senators introduce a bipartisan bill to standardize IoT device security for government vendors. Plus, Anthem suffers another data breach, and more.

• August 03, 2017 03 Aug'17

  MalwareTech arrested for Kronos banking Trojan connection

  The FBI arrested the famed security researcher known as MalwareTech after a two-year investigation into the creation and distribution of the Kronos banking Trojan.

• August 03, 2017 03 Aug'17

  Symantec Website Security, certificate authority business sold to DigiCert

  DigiCert agrees to buy majority stake in Symantec Website Security just days after Google releases an April 2018 distrust date for Symantec certificates.

• August 02, 2017 02 Aug'17

  Hacking voting machines takes center stage at DEFCON

  DEFCON attendees were successful in hacking voting machines and now that there is proof the systems are insecure, more work needs to be done to change election laws and practices.

• August 02, 2017 02 Aug'17

  Risk & Repeat: Black Hat 2017 highlights

  In this week's Risk & Repeat podcast, SearchSecurity editors recap Black Hat 2017 and discuss some of the big news from the event, including the Broadpwn remote exploit.

• August 01, 2017 01 Aug'17

  Experts debate Vulnerabilities Equities Process disclosure

  Experts debated how the government should weigh disclosure in the Vulnerabilities Equities Process and whether to err on the side of offense or defense.

• July 28, 2017 28 Jul'17

  Breaking down the Broadpwn exploit, world's first Wi-Fi worm

  At Black Hat 2017, Exodus Intelligence researcher Nitay Artenstein unveiled the Broadpwn exploit, which he called the world's first Wi-Fi worm and which puts billions of iOS and Android devices at risk.

• July 28, 2017 28 Jul'17

  Risk & Repeat: Why are Amazon S3 buckets spilling on the web?

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the series of enterprise data leaks through misconfigured Amazon S3 buckets and what should be done about them.

• July 28, 2017 28 Jul'17

  Adobe's Flash end of life scheduled, finally, for 2020

  News roundup: Adobe announced that Flash end of life will happen by the end of 2020. Plus, Microsoft expands its bug bounty program, the 2017 Pwnie Awards winners, and more.

• July 28, 2017 28 Jul'17

  Who are the Shadow Brokers? Signs point to an intelligence insider

  At Black Hat 2017, security researcher Matt Suiche analyzed the Shadow Brokers dumps, postings and behavior to get to the bottom of one of the infosec industry's biggest questions.

• July 28, 2017 28 Jul'17

  Cyber-risk analysis, time are keys to infosec says game theory

  Analyzing infosec through the lens of game theory shows that cyber-risk analysis and wasting attacker time may be highly effective cybersecurity strategies.

• July 28, 2017 28 Jul'17

  Samsung Knox platform: Can it improve Android device security?

  Application security expert Michael Cobb discusses the Samsung Knox platform and its ability to improve Android device security in the enterprise.

• July 27, 2017 27 Jul'17

  Phishing research shows troubling trends for enterprise users

  Karla Burnett of Stripe presented sobering results of phishing research from her company at Black Hat 2017, suggesting phishing training is ineffective against today's threats.

• July 27, 2017 27 Jul'17

  Industroyer malware a turning point for ICS security

  Security researchers at Black Hat 2017 analyzed the Industroyer malware, the attack on Ukraine's power grid and what it means for industrial control system security in the U.S.

• July 26, 2017 26 Jul'17

  Stamos preaches defensive security research in Black Hat keynote

  Facebook's Alex Stamos used his Black Hat 2017 keynote to address a wide variety of issues, including defensive security research and diversity in the infosec community.

• July 26, 2017 26 Jul'17

  At Black Hat 2017, an industry hits a milestone and finds new directions

  Long a conference that has thrived on technical sophistication and nuanced attacks, Black Hat USA 2017 in Las Vegas also found room for softer themes.

• July 25, 2017 25 Jul'17

  Fancy Bear C&C servers taken down by Microsoft lawsuit

  Experts applaud Microsoft for clever use of a lawsuit to claim command and control server domains used by malicious Russian APT group Fancy Bear.

• July 21, 2017 21 Jul'17

  Dark web markets' shutdown may lead to more arrests

  Cooperation between law enforcement from around the world led to the shutdown of the AlphaBay and Hansa dark web markets and potential leads of illegal vendors.

• July 21, 2017 21 Jul'17

  Bipartisan group launches effort to improve election security

  News roundup: The Defending Digital Democracy project brings together security experts to tackle election security. Plus, government shake-ups could hit cybersecurity, and more.

• July 20, 2017 20 Jul'17

  Industry reacts to Symantec certificate authority trust remediation

  As the Symantec certificate authority scrambles to transition its certificate-issuance operations to a subordinate certificate authority, the CA industry sharpens its knives.

• July 19, 2017 19 Jul'17

  Risk & Repeat: Kaspersky Lab removed from GSA Schedule 70

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Trump administration's removal of Kaspersky Lab from the GSA Schedule 70 for federal IT contracts.

• July 19, 2017 19 Jul'17

  Symantec agrees to transfer certificate issuance to third party

  Symantec has agreed to a plan that would transfer its certificate issuance and validation operations to as-yet-unnamed third-party partner starting Dec. 1.

• July 18, 2017 18 Jul'17

  Another AWS data leakage due to misconfiguration

  Dow Jones becomes the latest organization to be affected by an AWS cloud data leakage due to misconfiguration and user error.

• July 14, 2017 14 Jul'17

  Google tackles Android app privacy with machine learning

  Google will use machine learning and automated peer review scans to improve Android app privacy and limit app permissions overreach.

• July 14, 2017 14 Jul'17

  AWS S3 bucket leak exposes millions of Verizon customers' data

  News roundup: An AWS S3 bucket leak containing personal data of millions of Verizon customers was exposed to the public. Plus, DNC hack victims are suing the Trump campaign, and more.

• July 13, 2017 13 Jul'17

  Petya malware behavior may change based on AV installed

  Researchers found changes in malware behavior when Petya detected certain security products, but experts are unsure why these features might exist.

• July 13, 2017 13 Jul'17

  Symantec certificate authority business reportedly for sale

  As Google and Mozilla prepare plans to reduce trust for Symantec's certificate authority, the antivirus vendor is reported to be seeking a buyer for its web certificate business.

• July 12, 2017 12 Jul'17

  Windows NTLM vulnerabilties addressed in July 2017 Patch Tuesday

  Client-side security takes the forefront in Microsoft's July 2017 Patch Tuesday, which includes a fix for legacy Windows NTLM authentication processes.

• July 12, 2017 12 Jul'17

  Risk & Repeat: Should IAM systems be run by machine learning?

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the identity and access management industry and how machine learning algorithms could govern IAM systems.

• July 12, 2017 12 Jul'17

  IT diversity and the cyberskills gap Q&A with Jules Okafor

  Jules Okafor discusses the skills gap in the cybersecurity industry, how better IT diversity could help, and what is needed to bring in more women and minorities.

• July 12, 2017 12 Jul'17

  Q&A: Ping CEO on contextual authentication, intelligent identity

  Ping Identity CEO Andre Durand talks with SearchSecurity about the data-driven move toward contextual authentication and intelligent identity and what this means for enterprises.

• July 11, 2017 11 Jul'17

  Android Samba app from Google only uses broken SMBv1

  Experts said the new Android Samba app from Google supported only unsafe SMBv1 despite susceptibility to WannaCry exploits and unclear demand from users.

• July 10, 2017 10 Jul'17

  WoSign CA certificates get end-of-trust date in Chrome

  Google to distrust all WoSign CA certificates in Chrome starting in September, as the troubled certificate authority passed a key audit and is seeking a new CEO to help return trust.

• July 07, 2017 07 Jul'17

  Tax software backdoor allowed NotPetya ransomware attacks

  Researchers analyze the software backdoor used to deliver NotPetya ransomware to Ukraine targets, while the threat actors behind the attacks ask for more money.

• July 07, 2017 07 Jul'17

  Flawed Broadcom Wi-Fi chipsets get a fix, but flaw remains a mystery

  Broadpwn, a flaw in Broadcom Wi-Fi chipsets, is patched, but Google withholds details. Plus, the latest in the antivirus drama between the U.S. and Russia, and more.

• July 07, 2017 07 Jul'17

  Cybersecurity skills gap fixes must support minorities

  A new survey shows a majority of organizations are facing a cybersecurity skills gap and experts say more focus on women and minorities could be key to finding talent.

• July 05, 2017 05 Jul'17

  Risk & Repeat: NotPetya ransomware raises the stakes

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the NotPetya ransomware, its impact and the growing trend of sophisticated ransomware attacks.

• June 30, 2017 30 Jun'17

  The ELSA project enables hackers to track and store geolocation data

  News roundup: The ELSA project -- one of the released CIA hacking tools -- can track device locations. Plus, Senators move to ban Kaspersky Lab products from the military, and more.

• June 30, 2017 30 Jun'17

  NotPetya ransomware trend moving toward sophistication

  NotPetya represented advanced malware compared to its cousin WannaCry, but also showed sophistication that experts worry may be a ransomware trend.

• June 30, 2017 30 Jun'17

  Q&A: How the Cyber Threat Alliance solved threat intelligence sharing

  Palo Alto Networks CSO Rick Howard talks with SearchSecurity about his experiences with the Cyber Threat Alliance and how the group approaches threat intelligence sharing.

• June 29, 2017 29 Jun'17

  Risk & Repeat: RNC voter database left open to the public

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss how the Republican National Committee's voter database was accidentally exposed in an Amazon S3 bucket.

• June 28, 2017 28 Jun'17

  Petya ransomware scam: Lost files can't be restored

  Researchers discovered the rash of Petya-like attacks are nothing more than a ransomware scam, and list files are impossible to restore.

• June 28, 2017 28 Jun'17

  Petya-like global ransomware attack can be mitigated

  A new global ransomware attack has been spreading quickly using the same exploits as WannaCry, but researchers have already found ways to protect users from the damage.

• June 27, 2017 27 Jun'17

  Windows Defender bug could allow full-system takeover

  A newly disclosed Windows Defender bug, which could allow an attacker to fully take over a target system and create admin accounts, marks yet another major antivirus vulnerability.

• June 26, 2017 26 Jun'17

  Security code reviews by Russian agencies cause concern

  Demands for security code reviews by Russia have been on the rise, and not all experts or U.S. companies want to comply with the requests.

• June 23, 2017 23 Jun'17

  Brutal Kangaroo USB malware could be reverse-engineered

  The Brutal Kangaroo USB malware leaked from the CIA's Vault 7 could pose a threat to air-gapped computers if hackers reverse-engineer it.

• June 23, 2017 23 Jun'17

  Privileged user management trips up NSA

  News roundup: DOD inspector general found NSA failed to implement secure privileged user management post-Snowden. Plus, Honda hit by WannaCry, Trump met with tech CEOs and more.

• June 22, 2017 22 Jun'17

  Malware in encrypted traffic uncovered with machine learning

  Cisco claims it can accurately detect malware activity in encrypted traffic using machine learning, but some experts worry about privacy implications.

• June 22, 2017 22 Jun'17

  Machine learning in cybersecurity is coming to IAM systems

  Machine learning in cybersecurity applications for identity management systems are becoming more common today. But will algorithms be the best option for authenticating and authorizing users?

• June 21, 2017 21 Jun'17

  RNC leak of voter database exposes poor cloud security practices

  A massive voter database RNC leak underscores the poor cloud security practices in place in the U.S. government and many enterprises.

• June 21, 2017 21 Jun'17

  Ping embeds multifactor authentication security in mobile apps

  At the 2017 Cloud Identity Summit, Ping Identity launched a new software development kit that will embed multifactor authentication security features in mobile apps.

• June 20, 2017 20 Jun'17

  Valerie Plame warns of increased nation-state cyberattacks

  At the 2017 Cloud Identity Summit, former covert CIA officer Valerie Plame discussed the increasing risks of nation-state cyberattacks focused on geopolitical influence.

• June 16, 2017 16 Jun'17

  Router security issues highlighted by CIA's CherryBlossom project

  The latest WikiLeaks release on CIA hacking tools includes the CherryBlossom project, which highlights router security issues, including a lack of firmware signing validation.

• June 16, 2017 16 Jun'17

  Hidden Cobra hackers target U.S. with DeltaCharlie malware

  News roundup: DeltaCharlie malware is a threat to the U.S., according to a US-CERT warning about Hidden Cobra. Plus, a DVR flaw could create a bigger botnet than Mirai, and more.

• June 15, 2017 15 Jun'17

  Microsoft to disable SMBv1 by default in fall Windows updates

  Microsoft claims recent WannaCry attacks did not influence the decision to disable SMBv1 by default in the next major Windows updates.

• June 14, 2017 14 Jun'17

  More Windows XP fixes in June Patch Tuesday release

  Microsoft's June 2017 Patch Tuesday saw another set of Windows XP fixes released in order to secure systems against leaked NSA cyberweapons.

• June 14, 2017 14 Jun'17

  Symantec CA remediation plan faces more delays

  The battle over Symantec CA operations continues as the antivirus vendor pushes back against a consensus remediation proposal from the web browser community.

• June 14, 2017 14 Jun'17

  Risk & Repeat: Comey warns of more election hacking

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss former FBI Director James Comey's testimony on election hacking and election interference from Russia.

• June 13, 2017 13 Jun'17

  IPv6 update: A look at the security and privacy improvements

  The recent IPv6 update from the IETF introduces new security and privacy recommendations. Expert Fernando Gont explains these changes and what they mean for organizations.

• June 13, 2017 13 Jun'17

  (ISC)2 CEO on cybersecurity workforce expansion and 2017 Congress

  Recently, SearchSecurity editorial director Robert Richardson checked in with (ISC)2's CEO David Shearer as the organization prepares for its fall Security Congress.

• June 13, 2017 13 Jun'17

  CrashOverride ICS attack targets vulnerable electrical grid

  Researchers discovered new details of a Kiev ICS attack from December using CrashOverride malware that could be used to disrupt an insecure electrical grid.

• June 12, 2017 12 Jun'17

  Q&A: Cyber attribution matters, RSA GM Peter Tran says

  RSA's GM Peter Tran sheds light on the value of cyber attribution, explains why the 'how' and 'why' of an attack may be more important than finding who did it.

• June 09, 2017 09 Jun'17

  Microsoft accused of blocking independent antivirus competition

  News roundup: Kaspersky files a complaint against Microsoft's handling of independent antivirus software for Windows 10. Plus, hackers use Instagram to spread malware, and more.

• June 09, 2017 09 Jun'17

  Black Hat 2017: Special conference coverage

  The SearchSecurity team covers the threats and vulnerabilities at this year's Black Hat USA with news, features, interviews and more from Las Vegas.

• June 08, 2017 08 Jun'17

  Risk & Repeat: Shadow Brokers launch zero-day exploit service

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Shadow Brokers' monthly service for zero-day exploits and how it may affect enterprise security efforts.

• June 08, 2017 08 Jun'17

  Hardcoded passwords could cause full IoT camera compromise

  IoT cameras could be fully compromised due to multiple vulnerabilities, including hardcoded passwords that can be used regardless of user settings.

• June 08, 2017 08 Jun'17

  Researchers port EternalBlue exploit to Windows 10

  The EternalBlue exploit behind the WannaCry ransomware attacks has been successfully ported to an older version of Windows 10, but newer versions of the OS are protected.

• June 07, 2017 07 Jun'17

  Election cyberattack proves people are still the biggest flaw

  A new NSA leak allegedly shows Russian agents engaged in election cyberattacks against local U.S. governments and proves people are still the hardest cybersecurity risk to mitigate.

• June 06, 2017 06 Jun'17

  Symantec certificate authority aims for more delays on browser trust

  Is the Symantec certificate authority operation too big to fail? That seems to be the message the security giant is sending in its latest response to a proposal from the browser community to turn ...

• June 02, 2017 02 Jun'17

  International data privacy laws create inconsistent rules

  A new cybersecurity law in China highlights the trend of inconsistent international data privacy laws being enacted around the world.

• June 02, 2017 02 Jun'17

  Users' SSO information at risk after OneLogin security breach

  News roundup: OneLogin security breach puts SSO data at risk but is vague about the details. Plus, Gmail boosts its phishing detection features, and more.

• June 02, 2017 02 Jun'17

  Risk & Repeat: GDPR compliance clock is ticking

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss GDPR compliance and how the EU law will affect enterprise data privacy and security across the globe.

• June 01, 2017 01 Jun'17

  IT security trends: 2017 prioritizes cloud, network, endpoints

  The 2017 TechTarget IT Priorities Survey reports a number of key IT security trends about where enterprises and infosec professionals place their time and resources.

• May 31, 2017 31 May'17

  Shadow Brokers dump crowdfunding raises ethical questions

  The prospect of monthly NSA cyberweapons leaks in new Shadow Brokers dump raises questions about the ethics of paying criminals for stolen goods.

• May 31, 2017 31 May'17

  GDPR breach notification rule could complicate compliance

  Don't forget the huge fines: When it comes to the new 72-hour GDPR breach notification rule, the cost of compliance must be weighed against harsh GDPR penalties.

• May 30, 2017 30 May'17

  EU GDPR compliance puts focus on data tracking, encryption

  The EU's General Data Protection Regulation is less than a year away. Experts explain why data tracking, encryption and other measures are crucial for GDPR compliance.

• May 26, 2017 26 May'17

  Samba vulnerability brings WannaCry fears to Linux/Unix

  A widespread Samba vulnerability has raised the possibility of attacks similar to WannaCry hitting Linux and Unix systems, but mitigation options are available.

• May 26, 2017 26 May'17

  Target data breach settlement requires security improvements

  News roundup: The Target settlement following the 2013 data beach requires the company to adopt a stronger security program. Plus, experts knock the FCC's DDoS claim, and more.

• May 26, 2017 26 May'17

  Voting machine hacking to be taken on at DEFCON 2017

  Possible voting machine hacking has been a topic of conversation since before the 2016 election and at DEFCON 2017; professional pentesters will find out what damage can be done.

• May 25, 2017 25 May'17

  Risk & Repeat: Microsoft slams NSA over EternalBlue

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss Microsoft's sharp criticism of the NSA over the EternalBlue Windows vulnerability and WannaCry ransomware.

• May 24, 2017 24 May'17

  GDPR compliance help is on the way for Microsoft cloud customers

  With GDPR compliance set to be mandatory in one year, Microsoft will help get its cloud customers ready for the new data protection regulation.

• May 24, 2017 24 May'17

  Seven NSA cyberweapons used in EternalRocks exploit

  Following the worldwide impact of WannaCry, EternalRocks arrived abusing seven NSA cyberweapons but holding back on its malicious intent.

• May 24, 2017 24 May'17

  WannaCry ransomware decryptor brings hope to victims

  Security researchers uncovered more info on how WannaCry spread, and a ransomware decryptor emerged to save files for those affected.

• May 24, 2017 24 May'17

  Q&A: GDPR compliance tips from CSPi's Gary Southwell

  With one year left, it's time to prioritize GDPR compliance; Gary Southwell, CSPi's general manager, offers advice for protecting personal data under the EU's new privacy regulation.

• May 23, 2017 23 May'17

  Risk & Repeat: WannaCry ransomware worm shakes tech industry

  In this week's Risk & Repeat podcast, SearchSecurity editors look at the devastation caused by the WannaCry ransomware worm and discuss how it could have been prevented.

• May 23, 2017 23 May'17

  Q&A: Time to get GDPR compliant, CSPi's Gary Southwell says

  Companies doing business in EU face challenge to get GDPR compliant as enforcement of the strict new General Data Protection Regulation is just one year away.

• May 19, 2017 19 May'17

  Q&A: Juniper's Kevin Walker on data manipulation, ransomware threats

  Juniper's Kevin Walker talks with SearchSecurity about the evolving threat landscape and how some attackers are incorporating data manipulation into their schemes.

• May 19, 2017 19 May'17

  Google Play Protect looks to bolster Android app security

  News roundup: The new Google Play Protect system aims to improve Android app security. Plus, Google Cloud IoT Core adds layer of device security, and more.

• May 18, 2017 18 May'17

  Vulnerability remediation of WannaCry flaw raises concerns

  Between patch delays and NSA disclosure issues, experts said the vulnerability remediation for WannaCry was poorly handled and caused more damage.

• May 18, 2017 18 May'17

  Risk & Repeat: Reviewing Trump's cybersecurity executive order

  This week's Risk & Repeat podcast looks at President Trump's cybersecurity executive order and how it aims to address federal government and critical infrastructure issues.

• May 17, 2017 17 May'17

  Vulnerabilities Equities Process may be law with PATCH Act

  The bipartisan PATCH Act aims to codify the Vulnerabilities Equities Process into law in the wake of a global ransomware attack based on a stolen NSA cyberweapon.