ICYMI: WhatsApp vCard vuln, Simplocker on Android, harbouring ransomware, Gozi hacker guilty and new zero-days in FireEye and Kaspersky

In this week's In Case You Missed It (ICYMI) - the top five most read stories on our site: Update WhatsApp over vCard vuln, Simplocker ransomware bypasses Android security, 140m websites harbour ransomware, Gozi hacker pleads, and Revealed: zero-day vulnerabilities in FireEye and Kaspersky.

New Simplocker ransomware uses XMPP to bypass Android security apps
New Simplocker ransomware uses XMPP to bypass Android security apps

Users urged to update WhatsApp Web to shut down vCard vulnerability

The web-based extension of the popular WhatsApp application is vulnerable to an exploit that would allow attackers to trick victims into executing malware on their machines in a new, sophisticated way. That's according to Check Point security researcher Kasif Dekel who found that to exploit the vulnerability, an attacker simply needs to send a WhatsApp user a seemingly innocent vCard contact card, containing malicious code. [Read more]

New Simplocker ransomware uses XMPP to bypass Android security apps

Check Point has discovered a variant of the Simplocker ransomware program that uses a novel communications technique to bypass security. Researchers also garnered enough communications data to determine the success rate of the ransomware – estimated to be around 10 percent. [Read more]

Ransomware risk from more than 140 million websites, researcher warns

Around 142 million legitimate websites could be serving up ransomware to their unwitting users due to out-of-date software, according to a new study. The research carried out by IT security firm Heimdal Security found that hackers were using the Neutrino Exploit Kit to inject malicious scripts into outdated webserver software that could potentially reach 400 million users. [Read more]

Gozi Trojan financial web injection hacker pleads guilty

Latvian malware code engineer Deniss Calovskis has appeared in court in Manhattan this month to plead guilty to charges concerning the transmission of the Gozi Trojan. Gozi infected more than a million computers around the world including a number at NASA. [Read more]

War of words as researchers reveal Kaspersky and FireEye zero-days

A war of words has broken out after researchers revealed zero-day vulnerabilities in FireEye and Kaspersky's security software during the US Labor Day holiday weekend - leaving the two firms scrambling to patch the problems. [Read more]