A hacker going by "xerub" has published the decryption key for Apple's Secure Enclave Processor firmware. The Secure Enclave coprocessor within iOS handles cryptography for data protection key management—mostly it processes Touch ID, unlocks the phone with the user's fingerprint, and approves purchases the fingerprint sensor authorizes. Apple says user data aren't at risk, but the leak will give the curious, whether well- or ill-intentioned, opportunities to explore the software.
Spam representing itself as distribution of a court order is in fact distributing a newly observed strain of ransomware. Emsisoft says "SyncCrypt" avoids detection by concealing its malicious zip file inside a jpg image.
Two older varieties of ransomware, Locky and Mamba, are back in the wild, circulating in evolved forms.
Beyond Security has disclosed a proof-of-concept Chrome exploit. Google will not patch older affected versions of Chrome, instead advising users to move to the current version.
In other patching news, Cisco has fixed two serious bugs in its Application Policy Infrastructure Controller (APIC), and Drupal addresses access bypass issues in its CMS software.
"Profexor," the Ukrainian hacker talking to Ukrainian authorities and the US FBI about Fancy Bear's operations against the DNC during the last US election cycle, may not have any particular insight to offer. The P.A.S. tool probably wasn't involved, according to experts, and the GRIZZLYSTEPPE report cited by the New York Times is itself now regarded as problematic.
CyberScoop reports that the FBI is quietly advising companies—for OPSEC reasons—to stop using Kaspersky products.