A team of researchers from New York University said they identified a severe flaw in General Electric Multilin protection relays, which are widely deployed in the US energy sector.
Kaspersky labs analyzed Backdoor.Win32.Denis, malware using DNS tunneling as a communication infrastructure. Base64 is not an encryption, tough.
Check Point researchers have discovered a new Mac malware family that uses nag screens to obtain admin privileges, Tor to hide traffic diverted to a remote proxy, and a rogue certificate to intercept encrypted browser traffic. It's spreading via email spam.
A critical vulnerability (CVE 2017-5135) in the implementation of the SNMP protocol allows an attacker to take over at least 78 cable modem models.
Wired wrote about the research of Android applications that turns the smartphone into a file server, exposing open ports to the internet, and why is it dangerous. https://www.wired.com/2017/04/obscure-app-flaw-creates-backdoors-millions-smartphones/
CIAs document tracking program Scribbles allegedly embeds a web beacon-style tag into watermarks located on Microsoft Word documents that can report document analytics back to the CIA.
The Antminer, bitcoin mining hardware, has a backdoor that can disable miner remotely. http://www.antbleed.com/ https://www.reddit.com/r/Bitcoin/comments/67qwqv/antbleed_exposing_the_malicious_backdoor_on/dgsk6cf/
Troy Hunt published blog about some of the most insane password reset schemes, security questions, and corporate responses he saw through the career.