A newly discovered backdoor and double chats could have enabled REvil ransomware-as-a-service operators to hijack victim cases and snatch affiliates’ cuts of ransom payments.

https://threatpost.com/how-revil-may-have-ripped-off-its-own-affiliates/174887/

VMware urged immediate patching of the max-severity, arbitrary file upload flaw in Analytics service, which affects all appliances running default 6.5, 6.7 and 7.0 installs.

https://threatpost.com/vmware-ransomware-bug-vcenter-server/174901/

The action is the first of its kind in the U.S., as the government increases efforts to get a handle on cybercrime.

https://threatpost.com/feds-sanctions-suex-cryptocurrency-ransomware/174895/

Nick Kael, CTO at Ericom, discusses how phishing is gaining sophistication and what it means for businesses.

https://threatpost.com/hackers-deep-sea-phishing/174868/

“TinyTurla,” simply coded malware that hides away as a legitimate Windows service, has flown under the radar for two years.

https://threatpost.com/turla-apt-backdoor-afghanistan/174858/

Critical infrastructure appears to be targeted in latest ransomware attack, diminishing the hopes of governments to curb such attacks.

https://threatpost.com/blackmatter-strikes-iowa-farmers-cooperative-demands-5-9m-ransom/174846/

With the help of malicious insiders, a fraudster was able to install malware and remotely divorce iPhones and other handsets from the carrier’s U.S. network – all the way from Pakistan.

https://threatpost.com/att-phone-unlocking-malware/174787/

Bitdefender worked with law enforcement to create a key to unlock victims encrypted in ransomware attacks before REvil’s servers went belly-up on July 13.

https://threatpost.com/revil-sodinokibi-ransomware-universal-decryptor/169498/

John Hammond, security researcher with Huntress, discusses a wallet-hijacking RAT, and how law enforcement recovered millions in Bitcoin after the Colonial Pipeline attack.

https://threatpost.com/financial-cybercrime-cryptocurrency-public-ledgers/169987/

A spyware effort bent on stealing cookies and logins is being driven by unsophisticated attackers cashing in on the initial-access-broker boom.

https://threatpost.com/airline-credential-theft-campaign/174264/

Microsoft and RiskIQ researchers have identified several campaigns using the recently patched zero-day, reiterating a call for organizations to update affected systems.

https://threatpost.com/microsoft-mshtml-ryuk-ransomware/174780/