The latest ransomware scam is locking down infected machines and displaying localized webpages warning users that their computer contains “banned material” and won’t be unlocked until a fine is paid, according to a report from McAfee’s Naganathan Jawahar.

Not too long ago, it would have been extremely far-fetched to imagine buying crime services a la carte. But that’s the dynamic that emerged in 2012 to plague cybercrime victims on both the consumer and corporate end of the spectrum. The black-market infrastructure that supports cybercriminals is increasingly backboned by packaged malware, exploit kits, as well as hacks and fraud as a service. Expect that to continue and evolve in 2013, experts say.

Samsung downplayed a root exploit vulnerability in some of its Exynos processors, and promised a patch for the flaw, according to a company statement acquired by AndroidCentral.

In the early days of the Obama administration, the president declared cyberspace a critical asset. Since then, little more than lip service has been paid on a policy level to the security of the country’s critical infrastructure, despite increasing public awareness of the problem and high-profile attacks on business and government alike.

A "blast from the past" surfaced recently among those who play Microsoft Excel-based Sudoku puzzles: malware spread by macros.

Spreading malicious code via macros was the rage among the digital underground in the late 1990s, so much so that Microsoft eventually disabled them by default.

Virtualization vendor VMware has patched a critical vulnerability in its VMware View desktop virtualization product that could have led to a directory traversal attack and an attacker reading or downloading files without the need for authentication.

The European Union has set a series of ambitious goals for itself: by 2020, the 27 member states expect to collectively use 20 percent renewable energy, reduce CO2 emissions by 20 percent, and increase energy efficiency by 20 percent. In order to accomplish these goals, Europe will need to perform a major overhaul to its power grid, which will play an integral role in the development of the Union’s proposed energy economy.

UPDATE - A new Apache module, Linux/Chapro.A, is making the rounds, injecting malicious content including a popular Zeus variant into web pages.

UPDATE -- US-CERT issued advisories against a trio of Adobe Shockwave vulnerabilities that could allow an attacker to remotely execute code on systems running the vulnerable media player.

The Federal Trade Commission Tuesday demanded nine data brokerage companies turn over details on how they collect and use consumer information as part of an inquiry into the industry's business practices.

The companies include Acxiom of Little Rock, Ark.; Corelogic of Irvine, Calif.; Datalogix of Westminster, Colo.; eBureau of St. Cloud, Minn.; ID Analytics of San Diego; Intelius of Bellevue, Wash.; Peekyou of New York; Rapleaf of Chicago; and Recorded Future of Cambridge, Mass.