Mike Mimoso and Chris Brook discuss the news of the week, including the ShadowBrokers crowdfunding attempt, errors in WannaCry, a new Wikileaks dump, last week’s Samba vulnerability, and the OneLogin breach.

Rapid7 warned this week that its Nexpose appliances were shipped with a SSH configuration that could have let obsolete algorithms be used for key exchange.

FireEye said threat actors are using the NSA’s EternalBlue exploit of the same Microsoft SMBv1 vulnerability as WannaCry to spread Nitol and Gh0st RAT.

A breach at OneLogin appears to have compromised customer data, including the ability to decrypt encrypted data.

A crowdfunding effort to buy a subscription to the ShadowBrokers’ Monthly Dump Service of stolen exploits and data was shut down citing legal and ethical concerns.

More than 1,000 mobile apps are leaking personal information via unsecured backend platforms such as MongoDB, MySQL and others.

The ShadowBrokers announced details on how to subscribe to its Monthly Dump Service, which is available for 100 Zcash.

Developers behind FreeRADIUS, an open source implementation of the networking protocol RADIUS, are encouraging users to update to address an authentication bypass found in the server.

Microsoft quietly patched a critical vulnerability found by Google’s Project Zero team in the Malware Protection Engine.

Phishing sites are deploying freely available TLS certificates in order to dupe victims into thinking they’re visiting a safe site.