On 27 February 2020, MalwareMustDie (MMD), a workgroup focused on the research and study of Linux malware, analysed and shared a new type of malware they called RHOMBUS. This malware was compiled for different architectures, had persistence mechanisms and dropped a second-stage payload. —Lisandro Ubiedo

Security researchers witnessed the deployment of PonyFinal ransomware at the end of extended human-operated attack campaigns. In a series of tweets, Microsoft Security Intelligence revealed it had observed human-operated campaigns laying in wait for the right moment to deploy PonyFinal ransomware as their final payload. —David Bisson

NetWalker (also known as Mailto) is the name given to a sophisticated family of Windows ransomware that has targeted corporate computer networks, encrypting the files it finds, and demanding that a cryptocurrency payment is made for the safe recovery of the encrypted data. —Graham Cluley

Memory isolation is a cornerstone security feature in the construction of every modern computer system. Allowing the simultaneous execution of multiple mutually distrusting applications at the same time on the same hardware, it is the basis of enabling secure execution of multiple processes on the same machine or in the cloud. The operating system is in charge of enforcing this isolation, as well as isolating its own kernel memory regions from other users.

Recently, I was tipped off about certain sites performing localhost port scans against visitors, presumably as part of a user fingerprinting and tracking or bot detection. This didn’t sit well with me, so I went about investigating the practice, and it seems many sites are port scanning visitors for dubious reasons. —Charlie Belmer

Cybersecurity researchers today uncovered a new advanced version of ComRAT backdoor, one of the earliest known backdoors used by the Turla APT group, that leverages Gmail’s web interface to covertly receive commands and exfiltrate sensitive data. —Ravie Lakshmanan

Modern Intel and AMD processors are susceptible to a new form of side-channel attack that makes flush-based cache attacks resilient to system noise, newly published research shared with The Hacker News has revealed. —Ravie Lakshmanan

It has been over a year since ransomware-as-a-service RobbinHood appeared in a major attack against the city government of Baltimore. While initially described as amateur and unsophisticated among cybersecurity pros, the ransomware has since changed in ways that make it a threat to watch. —Kelly Sheridan

The concept of network devices being programmable computers that can be re-coded at will with new features and protocols just like the original IMP is back. That’s quite a change from today, but what does this mean for the network engineers of tomorrow? —Juha Saarinen

Here there be controversy

Various organizations, such as the EFF, have been weighing in on their platforms to support section 230, which allows social media networks to claim the status of “publisher” in some cases and “platform” in others. It seems useful to think about what the “other side of the story” might be—what arguments are being made against section 230. Whether you agree or disagree with this, it is always worth listening.

I’ve been writing and speaking about this question for a while, most recently in Newsweek, because it has stirred internecine conflict on the Right between individuals who think social media companies should remain free from policy intervention (ignoring, of course, that they thrive as a result of Section 230, itself a government policy) and those, like me, who believe that these corporations have accumulated a troubling amount of power over our lives, data, behavior, and the free market. —Rachel Bovard

Finally, a sad article about deaths of despair in the world of IT…

In the front seat of a pickup truck sat the lifeless body of Kevin Flanagan beside a 12-gauge Remington. Behind him were boxes of his personal effects from his office at Bank of America, where the programmer had worked for nearly a decade. —Pedro Gonzalez