Threatpost - Úvod  A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z 

Poslední aktualizace v 10.09.2016 13:04:57


$2.5 Million-a-Year Ransomware-as-a-Service Ring Uncovered
‘Prohibition Era’ Of Security Research May Be Ahead
‘Software Liability Is Inevitable’
‘Surreptitious Sharing’ Android API Flaw Leaks Data, Private Keys
1.7 Million Opera Browser Users Told To Reset Passwords
5.6 Million Fingerprints Stolen In OPM Hack
A Month Without Adobe Flash Player Patches
Academics Make Theoretical Breakthrough in Random Number Generation 
Academics Put Another Dent in Online Anonymity
Adding CIA to DNA
Adobe Back With New Flash Player Security Update
Adobe Fixes 81 Vulnerabilities in Acrobat, Reader, Flash
Adobe Flash Update Includes Patches for 17 Vulnerabilities
Adobe Hotfix Patches XXE Vulnerability in ColdFusion
Adobe Patches 23 Critical Vulnerabilities in Flash Player 
Adobe Patches 31 Vulnerabilities, Flash Zero-Day Under Attack
Adobe Patches 69 Vulnerabilities in Reader, Acrobat, Flash 
Adobe Patches Code Execution Flaws in Flash, Reader, Acrobat
Adobe Patches DOM-XSS Flaw in Analytics AppMeasurement for Flash Library
Adobe Patches Flash Zero Day Under Attack
Adobe Patches Nine Code Execution Flaws in Flash Player
Adobe Patches Two Shockwave Player Vulnerabilities
Adobe Patches XXE Vulnerability in LiveCycle Data Services
Adobe to Patch Reader and Acrobat Next Week
Adobe Warns of Flash Zero Day, Patches Acrobat, Reader
AdobeWorkgroupHelper - Stack Based Buffer Overflow 
Adult FriendFinder Vulnerability Leaves Millions Exposed
Advantech Clears Hard-Coded SSH Keys from EKI Switches
Advantech EKI Vulnerable to Bypass, Possible Backdoor 
AlienSpy RAT Resurfaces as JSocket
Amazon Backtracks On Encryption Removal, Mum On Why
Amazon Certificate Manager Brings Free SSL Certs to AWS Users 
Amazon Inspector Addresses Compliance and Security Challenge
Android Banking Trojan First to Gain Root Privileges
Android Fragmentation Sinks Patching Gains
Android Patch Fixes Nexus 5X Critical Vulnerability
Android Qualcomm Vulnerability Impacts 60 Percent of Devices
Android Ransomware Attacks Using Towelroot, Hacking Team Exploits
Android Stagefright Exploit Code Released to Public 
Android Trojan Switcher Infects Routers via DNS Hijacking
Appeals Court Vacates Lower Court’s Decision on National Security Letters
Apple Addresses Dozens of Vulnerabilities, Embraces Two-Factor Authentication in iOS 9 
Apple Delays App Transport Security Deadline
Apple Deprecates QuickTime For Windows, Won’t Patch New Flaws
Apple Fixes 12 Vulnerabilities in iOS 10.2
Apple Fixes 97 Vulnerabilities Across macOS, iTunes, Safari, iCloud
Apple Gatekeeper Bypass Opens Door for Malicious Code 
Apple Goes All-In on Privacy
Apple Must Forever Threat Model Against Itself
Apple Patches 100+ Vulnerabilities in OS X, Safari, iOS 
Apple Patches Critical OS X DYLD Flaw in Monster Update
Apple Patches iOS Flaw Exploitable by Malicious JPEG
Apple Patches iTunes, iCloud for Windows, Xcode Server
Apple Patches Trident Vulnerabilities in OS X, Safari
Apple Releases Patches for iOS, OS X and Safari
Apple Squashes 68 Security Bugs With Sierra Release
Apple To Block WoSign Intermediate Certificates
Apple to Remove 256 iOS Apps Using Private APIs, Collecting Personal Data 
Apple Updates Xcode’s Git Implementation
Apple watchOS2 Includes Host of Code-Execution Patches
Apple Zero Day Remains Unpatched
Apple: Court Order Turns Back Clock on iPhone Security 
APT Group Gets Selective About Data it Steals
AT&T Facilitated NSA Surveillance Efforts, Reports
Attack Leverages Windows Safe Mode
Attacker Compromised Mozilla Bug System, Stole Private Vulnerability Data 
Attackers Behind GozNym Trojan Set Sights on Europe
Attackers Can Use SAP to Bridge Corporate, Operational ICS Networks 
Attackers Embracing Steganography to Hide Communication 
Attackers Hiding Stolen Credit Card Numbers in Images
Attackers Replacing Firmware on Cisco Routers
Attackers Targeting Critical SAP Flaw Since 2013
Attacks On MongoDB Rise As Hijackings Continue
AutoIt Used in Targeted Attacks to Move RATs
Backdoor In A Backdoor Identified in 600,000 Arris Modems
Backdoored D-Link Router Should be Trashed, Researcher Says
Banking Malware Moving Over Facebook Hosted in Cloud
Bartalex Variants Spotted Dropping Pony, Dyre Malware
BASHLITE Family Of Malware Infects 1 Million IoT Devices
Belkin’s WeMo Gear Can Hack Android Phones
Beta Firmware Updates Available for Vulnerable Netgear Routers
Bitcoin Extortionist Copycats on the Rise, Experts Say 
BlackBerry CEO Defends Lawful Access Principles, Supports Phone Hack
BlackNurse Low-Volume DoS Attack Targets Firewalls
BLEKey Device Breaks RFID Physical Access Controls
Bluetooth Hack Leaves Many Smart Locks, IoT Devices Vulnerable
Bot Fraud to Cost Advertisers $7 Billion in 2016
BREACH Attacks Revived to Steal Private Messages from Gmail, Facebook
Breach Forces Password Change on Oracle MICROS PoS Customers
Broken IBM Java Patch Prompts Another Disclosure
Browser Address Bar Spoofing Vulnerability Disclosed
Bucbi Ransomware Gets a Big Makeover
Buffer Overflow in BSD libc Library Patched
Bug Hunters Prefer Communication Ovear Compensation
Bug Hunting Cyber Bots Set to Square Off at DEF CON
Bugs in Signal Messaging App Corrupt Attachments, Crash App
Bypass Developed for Microsoft Memory Protection, Control Flow Guard
Bypassing ASLR in 60 Milliseconds
Canceled Talk Re-Ignites Controversy Over Legitimate Security Research 
Car Hacking Gets the Attention of Detroit and Washington
Census Bureau Says Breach Didn’t Compromise Sensitive Data
Cerber Ransomware On The Rise, Fueled By Dridex Botnets 
CERT Warns of Hard-Coded Credentials in DSL SOHO Routers
CERT Warns of Slew of Bugs in Belkin N600 Routers
Cisco ‘High Severity’ Flaw Lets Malware Bypass FirePower Firewall
Cisco Fixes DoS Vulnerability in ASR 1000 Routers
Cisco Jabber Client Vulnerable to Man-in-the-Middle Attack 
Cisco Patches Critical Bug In Video Conferencing Server Hardware
Cisco Patches Critical Bugs in 900 Series Routers, Prime Home Server
Cisco Patches Critical Vulnerability in Facility Events Response System
Cisco Patches Critical WebEx Meetings Server Vulnerability
Cisco Patches File Overwrite Bug in IMC Supervisor and UCS Director
Cisco Warns of Command Injection Flaw in Cloud Platform
Cisco Warns of Critical Flaw in CloudCenter Orchestrator Systems
Cisco Warns of Critical Flaw in Email Security Appliances
Cisco Warns of Critical Flaws in Nexus Switches
Cisco Warns of IOS Flaw Vulnerable to ShadowBrokers Attack
Citovat Wassenaar, HP vytáhne z Mobile Pwn2Own
Class Action Suit Against Neiman Marcus Over Data Breach Revived
Claudio Guarnieri on Security Without Borders
Clever Facebook Hack Reveals Private Email Address of Any User
Clever Gmail Hack Let Attackers Take Over Accounts
Click-Malware Podvod Šíření přes JavaScript Přílohy
Cloudflare Shares National Security Letter It Received in 2013
Commodity ‘Exaspy’ Spyware Found Targeting High-Level Execs
Comodo Issues Eight Forbidden Certificates
Congressional Group Says Encryption Backdoors Are a Bad Idea
Congressional Leaders Demand Answers on Yahoo Breach
Core Infrastructure Initiative Launches Open Source Security Badge Program
CoreBot Malware Steals Credentials-For Now
Corruption, Code Execution Vulnerabilities Patched in Open Source Archiver 7-Zip 
Costin Raiu on the Importance of Using YARA
Credentials Accessible in Siemens-Branded CCTV Cameras
Criminals Peddling Affordable AlphaLocker Ransomware
Critical Flaws Found in Network Management Systems
Critical Java Bug Extends to Oracle, IBM Middleware
Critical MySQL Vulnerability Disclosed
Critical Vulnerability Patched in Roundcube Webmail
Cry Ransomware Uses UDP, Imgur, Google Maps
CSRF Flaw Patched in Popular Spring Social Core Library
Curbing the For-Profit Cybercrime Food Chain
Custom Google App Engine Tweak Still Leads to Java Sandbox Escapes 
DailyMotion Hack Leaks Emails, Passwords of 87M Users
Darkhotel APT Latest to Use Hacking Team Zero Day
DARPA Protecting Software From Reverse Engineering Through Obfuscation 
Data Theft Hole Identified in LG G3 Smartphones
Data-Stealing Mac OS X Backdoor Uncovered
Decryption Tool Stifles Jigsaw Ransomware
Defining Threat Intelligence Requirements
Denial-of-Service Flaw Patched in DHCP
Dennis Fisher On Security, Journalism, and the Origins of Threatpost 
Details Surface on Patched Bugzilla Privilege Escalation Flaw 
Details Surface on Patched Sandbox Violation Vulnerability in iOS
DHS Announces Intent to Draft IoT Security Framework
DHS Raises Privacy Concerns With Senate Cyber Threat Sharing Bill
DHS Urges Vigilance in Protecting Networking Gear
Diary of a Ransomware Victim
Dirty Cow Vulnerability Patched in Android Security Bulletin
Disappearing Messages Added to Signal App
D-Link Accidentally Leaks Private Code-Signing Keys 
DMCA Exemptions Lift Hacking Restrictions
DNSChanger Exploit Kit Hijacks Routers, Not Browsers
DoD Publishes Vulnerability Disclosure Policy
Dow Jones & Company Latest Financial Firm Hit With Data Breach 
Dridex Banking Malware Back in Circulation
Dridex Borrows Tricks From Dyre, Targets U.K. Users
Dropbox Forces Password Reset for Older Users
Drupal Fixes ‘Moderately Critical’ Vulnerabilities in Core Engine
Drupal Patches Three Vulnerabilities in Core Engine
DualToy Windows Trojan Attacks Android, iOS Devices
Dutch Police Arrest Alleged CoinVault Ransomware Authors
Dyn Confirms DDoS Attack Affecting Twitter, Github, Many Others
Dyn DDoS Could Have Topped 1 Tbps
Dyn DDoS Work of Script Kiddies, Not Politically Motivated Hackers
Dyreza Trojan Targeting IT Supply Chain Credentials 
eBay Fixes XSS Flaw in Subdomain
eBay Vulnerability Exposes Users to Phishing, Data Theft
EFF Blasts DEA in Ongoing Secret ‘Super Search Engine’ Lawsuit
EFF Blasts Microsoft Over ‘Malicious’ Windows 10 Rollout Tactics
EFF, AdBlock and Others Launch New Do Not Track Standard
Election Leaks Failed to Move Needle on Polls
Embedded Devices Share, Reuse Private SSH Keys, HTTPs Certificates 
Emergency IE Patch Fixes Vulnerability Under Attack
Empty DDoS Threats Still Net Attackers $100,000
Encryption, Lock Mechanism Vulnerabilities Plague AppLock
Endress+Hauser Patches Buffer Overflow In Dozens of ICS Products
Experian Breach Spills Data on 15 Million T-Mobile Customers 
Experts Warn of Novel PDF-Based Phishing Scam
Experts Weigh-In Over FBI $1.3 Million iPhone Zero-Day Payout
Exploit Code Released for NTP Vulnerability
Exploit Writing and Mitigation Going Hand in Hand
Facebook Awards $100,000 for New Class of Vulnerabilities and Detection Tool
Facebook Bug Bounty Program Pays Out $5 Million in Five Years
Facebook Debuts Open Source Detection Tool for Windows
Facebook Fixes Vulnerability That Led to Account Takeover, Pays Researcher $16K
Facebook Releases Free Certificate Transparency Monitoring Tool
Facebook Updates Information-Sharing Platform
Fake Microsoft Installer Leads to Malware, Support Call Scam
FBI Encouraging Ransomware Victims To Report Infections
FBI Reaffirms Stance Not to Pay Ransomware Attackers
FBI Warned State Election Board Systems of Hacks
FBI Warns of Increase in DDoS Extortion Scams
FBI Warns Public Officials of Doxing Threat
FBI: Social Engineering, Hacks Lead to Millions Lost to Wire Fraud
FBI-DHS Report Links Fancy Bear Gang to Election Hacks
FDA, DHS Investigating St. Jude Device Vulnerabilities
Feasible ‘Going Dark’ Crypto Solution Nowhere to be Found
Federal CISOs Propose New Efforts to Shore Up Cybersecurity
Federálové Change Policy vyžadovat rozkaz k použití Stingrays
Fewer IPsec VPN Connections at Risk from Weak Diffie-Hellman
Fileless PowerWare Ransomware Found on Healthcare Network
Find Your Keys, Lose Your Privacy
Firefox 46 Patches Critical Memory Vulnerabilities
First Let’s Encrypt Free Certificate Goes Live
Five Vulnerabilities Fixed In Chrome Browser, Google Pays $20K to Bug Hunters 
Five-Year-Old Android Flaw Exposes SMS, Call History
Fixing ‘This Internet’ Before It Breaks Again
Flash Exploit Found in Seven Exploit Kits
Following Extortion Attempt, Gaming Network ESEA Breached, 1.5M Profiles Leaked
Following Lull, New Campaigns Pushing Retooled ‘Pumpkin’ Locky
Four Zero Days Disclosed in Internet Explorer Mobile
Free SSL Providers Spark Unprecedented Growth in Encrypted Traffic
Free Tool Protects Mac Users from Webcam Surveillance
FreePBX 13 / 14 - Remote Code Execution
FTC Issues Public Challenge to Improve IoT Patching
FTC Panel Encourages Basic Security Hygiene to Counter Ransomware
FTC, Experts Push Startups to Think About Security From the Beginning 
FTC: D-Link Failed to Secure Routers, IP Cameras
Gary McGraw on BSIMM7 and Secure Software Development
Gary McGraw on Scalable Software Security and Medical Device Securityf
Generic Ransomware Detection Comes to OS X
German Government Audits TrueCrypt
German Industrial Giant Victim of Cyber Espionage
Germany Orders Facebook to Stop Collecting Data on WhatsApp Users
Github Mitigates DDoS Attack
GitLab Patches Command Execution Vulnerability
Giving Red-Teamers the Blues 
Gone in Less Than a Second
Google Alerts, Direct Webmaster Communication Get Bugs Fixed Quickly
Google Details Plans to Disable SSLv3 and RC4
Google Discloses Contents of Eight National Security Letters
Google Expands Default HTTPS to Blogspot
Google Fixes 12 High-Severity Flaws In Chrome Browser
Google Handles Record Number of Government Requests for Data
Google Helps Lead Effort Against Automated Traffic From Data Centers
Google Moving Gmail to Strict DMARC Implementation
Google Patches 29 Critical Android Vulnerabilities Including Holes in Mediaserver, Qualcomm
Google Patches 9 Security Flaws in New Chrome Browser Build
Google Patches Android Custom Boot Mode Vulnerability
Google Patches Critical Vulnerabilities in Chrome 45
Google Patches Dozens of Critical Qualcomm Components Flaws
Google Patches Latest Android Lockscreen Bypass
Google Patches Quadrooter Vulnerabilities in Android
Google Plans Monthly Security Updates for Nexus Phones
Google Plugs 21 Security Holes in Chrome
Google Project Zero Prize Pays $200,000 for Critical Vulnerability Chains
Google Project Zero Turns Over 11 Bugs in Galaxy S6 Edge
Google Pushes Stagefright 2.0 Patches to Nexus Devices 
Google Releases Supplemental Patch for Dirty Cow Vulnerability
Google Removing SHA-1 Support in Chrome 56
Google Set to Kill SSLv3 and RC4 in SMTP, Gmail in June 
Google Shares Android Nougat, Safe Browsing Security Enhancements
Google to Distrust WoSign, StartCom Certs in 2017
Google to Make Certificate Transparency Mandatory By 2017
Google to Pause Flash Ads in Chrome Starting Next Week
Google to Warn Recipients of Unencrypted Gmail Messages 
Google Unveils Cryptographic Library Test Suite Wycheproof
Gooligan Malware Breaches 1 Million Google Accounts
Government Asks for Security Community’s Help on Technical Issues
Government Releases Policy on Vulnerability Discovery and Disclosure
GPG Patches 18-Year-Old Libgcrypt RNG Bug
Granick: Dream of Internet Freedom ‘Dying’
Hack Crashes Linux Distros with 48 Characters of Code
Hackers Gamify DDoS Attacks With Collaborative Platform
Hack-Fueled ‘Unprecedented’ Insider Trading Ring Nets $100M
Half of Chrome Pageloads are HTTPS
Hancitor Downloader Shifts Attack Strategy
Hello Kitty Database of 3.3 Million Breached Credentials Surfaces
High-Risk SAP HANA Vulnerabilities Patched
Holes Patched in Online Bookmarking App Pocket
Hotel Chain Hilton Worldwide Investigating Potential POS Breach 
How Bugs Lead to a Better Android
HTTPS Available as Opt-In for Blogspot
Huge Flash Update Patches More Than 30 Vulnerabilities
Charlie Miller to Leave Twitter Security Team
China APT Gang Targets Hong Kong Media via Dropbox
Chinese Manufacturer Recalls IOT Gear Following Dyn DDoS
Chinese Mobile Ad Library Backdoored to Spy on iOS Devices
Chrome 53 Fixes Address Spoofing Vulnerability, 32 Other Bugs
Chrome Defaults to HTML5 over Adobe Flash Starting in Q4
IBM Opens Attack Simulation Test Center
IBM’s Watson Supercomputer Takes On Security
iCloud Phishing Campaign Zycode Back From the Dead
Identity Thieves Used Leaked PII to Steal ADP Payroll Info
In-Flight Entertainment System Flaws Put Passenger Data at Risk
Info on 500K Users Doxxed in Hacking Forum Dump
InPage Zero Day Used in Attacks Against Banks
Insecure NAS Device Exposes 350 Ameriprise Investment Accounts
Inside the Latest Apple iMessage Bug
Inside the RIG Exploit Kit
Inside the Unpatched OS X Vulnerabilities
Installation of Tor Relay in Library Attracts DHS Attention 
Internet Root Name Servers Survive Unusual DDoS Attack
iOS 10 Passcode Bypass Can Access Photos, Contacts
iOS 10 Security Updates Move to HTTPS
iOS 9.3.4 Patches Critical Code Execution Flaw
IoT Botnet Uses HTTP Traffic to DDoS Targets
IRS Hack May Implicate Three Times As Many Taxpayers Than Expected
IRS Warns Tax-Related Phishing, Malware Surging
ISC Patches Critical Error Condition in BIND
iSpy Keylogger Targets Passwords, Skype, Webcams
Java Serialization Bug Crops Up At PayPal
JavaScript DDoS Attack Peaks at 275,000 Requests-Per-Second
Jessy Irwin on Password Security, Opsec and User Education 
Joomla Sites Join WordPress As TeslaCrypt Ransomware Target 
Joomla Update Fixes Two Critical Issues, 2FA Error
Joomla Update Patches Critical SQL Injection Vulnerability
Joshua Drake on Android Security Post-Stagefright
Juan Andres Guerrero-Saade and Brian Bartholomew on APT False Flags and Attribution
Juniper Acknowledges Equation Group Targeted ScreenOS
Juniper Backdoor Picture Getting Clearer
Juniper Hotfixes Shut Down IPv6 DDoS Vulnerability
Just Like Old Days: IOT Security Pits Regulators Against Market 
Keen Lab Takes Down iPhone 6S, Nexus 6P at Mobile Pwn2Own
Kemoge Android Adware Campaign Can Lead to Device Takeover 
Keystroke Recognition Uses Wi-Fi Signals To Snoop
Lack of Encryption Leads to Large Scale Cookie Exposure
Latest EMET Bypass Targets WoW64 Windows Subsystem
Latest Chrome Update Addresses Two High-Severity Vulnerabilities
Latest Petya Ransomware Strain Comes with a Failsafe: Mischa 
Latest TeslaCrypt Targets New File Extensions, Invests Heavily in Evasion
Latest Windows UAC Bypass Permits Code Execution
Law Enforcement Targets Users of DDoS-For-Hire Services
Lawmakers Asking What ISPs Can Do About DDoS Attacks
Lawmakers Reintroduce Popular Email Privacy Act
Lenovo Patches Vulnerabilities in System Update Service 
Let’s Encrypt Hits Another Free HTTPS Milestone
Let’s Encrypt Initiative Enters Public Beta
Linux Foundation Badge Program to Boost Open Source Security
Linux x86_64 Bindshell with Password (92 bytes) 
Locky Ransomware Causes ‘Internal State of Emergency’ at Kentucky Hospital
Locky Ransomware Learns New Evasive Tricks
Locky Variant Changes C2 Communication, Found in Nuclear EK
Mac Adware OSX.Pirrit Unleashes Ad Overload, For Now
Magento Update Addresses XSS, CSRF Vulnerabilities
Maldoc VBA Anti-Analysis
Malvertising Campaign Pushing Neutrino Exploit Kit Shut Down
Malware Evades Detection with Novel Technique
Mamba Ransomware Encrypts Hard Drives Rather Than Files
Manipulating WSUS to Own Enterprises
Marcher Trojan Morphs, Now Targets Porn Sites
Marie Moe on Medical Device Security
Meet The Cryptoworm, The Future of Ransomware
Microsoft Considers Earlier SHA-1 Deprecation Deadline
Microsoft Cracks Down on Toolbars, Unsigned DLLs with Edge Update 
Microsoft Cutting Off SHA-1 Support in February for Edge, IE 11
Microsoft Edge Adds App Guard Browser Security
Microsoft Issues Record Low Number of Patch Tuesday Bulletins
Microsoft Mistakenly Leaks Secure Boot Key
Microsoft Opens .NET Core, ASP.NET Bug Bounties
Microsoft Patches 47 Vulnerabilities with September Patch Tuesday
Microsoft Patches Critical Vulnerabilities in New Edge Browser
Microsoft Patches Five Zero Days Under Attack
Microsoft Patches Graphics Component Flaw Under Attack
Microsoft Patches Publicly Disclosed IE, Edge Vulnerabilities
Microsoft Quietly Kills Controversial Wi-Fi Sense Feature 
Microsoft Revokes Trust for Certificates Leaked by D-Link
Microsoft Shuts Down Zero Day Used in AdGholas Malvertising Campaigns
Microsoft Silently Fixes Kernel Bug That Led to Chrome Sandbox Bypass
Microsoft Tears off the Band-Aid with EMET
Microsoft Unveils Cloud-Based Fuzz-Testing Service
Microsoft Zero Day Exposes 100 Companies to PoS Attack
Microsoft, Google to Block Flash by Default in Edge, Chrome
Microsoft, Law Enforcement Collaborate in Dorkbot Takedown
Mirai Bots More Than Double Since Source Code Release
Mirai Giving DDoS-as-a-Service Industry a Boost
Mirai Vulnerability Disclosed, But Exploits May Constitute Hacking Back
MIT Launches Experimental Bug Bounty Program
Mitigations Available for PanelShock Vulnerabilities in Schneider Electric Magelis HMIs
Mobile App Collusion Can Bypass Native Android Security
Mobile Applications Leak Device, Location Data
Model Assesses Readiness to Accept Outside Vulnerability Reports
MongoDB Attacks Jump From Hundreds to 28,000 In Just Days
Moonpig Warns Customers of ‘Security Issue’
Motion Filed Asking FBI To Disclose Tor Browser Zero Day
Mozilla Embraces Private Browsing with Tracking Protection in Firefox 42
Mozilla Patches 29 Vulnerabilities, Prevents MIME Confusion Attacks, in Firefox 50
Mozilla Patches Bug Used in Active Attacks
Mozilla Patches Certificate Pinning Vulnerability in Firefox
Mozilla Patching Firefox Certificate Pinning Vulnerability
Mozilla Reduces Threat of Export-Grade Crypto to Firefox
Mozilla Turning TLS 1.3 On By Default With Firefox 52
Multiple Vulnerabilities Identified in ‘Utterly Broken’ BHU Routers
Musical Chairs Campaign Found Deploying New Gh0st RAT Variant 
Nagios Core Patches Root, RCE Vulnerabilities
Naikon APT Group Tied to China’s PLA Unit 78020
Nemucod Infections Spreading Locky Over Facebook
Netflix Phishing Campaign Targeted User Information, Credit Card Data
Netflix Sleepy Puppy Awakens XSS Vulnerabilities in Secondary Applications
Netgear Management System Vulnerable to RCE, Path Traversal Attacks
Netgear Published Patched Firmware for Routers Under Attack 
Netgear Routers Remain Exposed to Critical Flaw
NetWire RAT Back, Stealing Payment Card Data
Never Trust a Found USB Drive, Black Hat Demo Shows Why
Neverquest Trojan Gets Big Summer Update
New Android Ransomware Communicates over XMPP
New Brazilian Banking Trojan Uses Windows PowerShell Utility
New Call to Regulate IoT Security By Design
New Campaign Shows Dridex Active, Targeting French
New Cerber Variant Leverages Tor2Web Proxies, Google Redirects
New Debian Releases Fix PHP, VirtualBox Bugs
New Decryptor Unlocks CryptXXX Ransomware
New Decryptor Unlocks CryptXXX v3 Files
New Gmail Alerts Warn of Unauthenticated Senders
New Google Tools Help Devs Improve Content Security Policy Protection
New Large-Scale DDoS Attacks Follow Schedule
New Mirai Variant Targets Routers, Knocks 900,000 Offline
New MIT Scanner Finds Web App Flaws in a Minute
New Moker RAT Bypasses Detection
New Security Flaw Found in Lenovo Solution Center Software
New Silverlight Attacks Appear in Angler Exploit Kit 
New Technique Checks Mitigation Bypasses Earlier
New Tinba Variant Seen Targeting Russian, Japanese Banks
New Versions of Carbanak Banking Malware Seen Hitting Targets in U.S. and Europe
New Wave of Hailstorm Spam Pelts Inboxes
New Windows Patch Policy At Odds With Acceptable Risk
Nissan Car Hack Allowed Remote Access
NIST Calls for Submissions to Secure Data Against Quantum Computing
November 2016 Microsoft Patch Day
Nový Chrome rozšíření pomáhá v boji klávesnice Biometrické profilování
NSF Awards $6M Grants for Internet of Things Security
Nuclear Exploit Kit Spreading Cryptowall 4.0 Ransomware
NY Health Provider Excellus Discloses Data Breach Dating to 2013
Nymaim Dropper Updates Delivery, Obfuscation Methods
NYU Students Apply Blockchain Solution to Electronic Voting Security
Obihai Patches Memory Corruption, DoS, CSRF Vulnerabilities in IP Phones
Office 365 Vulnerability Identified Bogus Email as Valid
OIG Report Finds Vulnerabilities in Medicaid Services Agency
Old Exploits Die Hard, Says Microsoft Report
Old Linux Kernel Code Execution Bug Patched
OneLogin SecureNotes Breach Exposed Data in Cleartext
OpenSSL Patches Bring Last Update for 0.9.8 and 1.0.0 Branches
OpenSSL Patches High-Severity Denial-of-Service Bug
OpenVPN to Undergo Cryptographic Audit
Operation Ghoul Targeting Middle Eastern Industrial, Engineering Organizations
Oracle CSO: You ‘Must Not Reverse Engineer Our Code’
Oracle EBusiness Suite ‘Massive’ Attack Surface Assessed
Oracle Fixes 253 Vulnerabilities in Last CPU of 2016
Oracle Releases Record Number of Security Patches
Oracle to Kill Java Browser Plugin
Outdated, Unpatched Software Rampant in Businesses
Outlook Web Access Two-Factor Authentication Bypass Exists
OwnStar Attack Now Aimed at BMW, Chrysler, Mercedes Cars
Pacemaker Hacking Fears Rise With Critical Research Report
Packet Capture Options
PageFair Hack Serves Up Fake Flash Update to 500 Sites
Pair of Bugs Open Honeywell Home Controllers Up to Easy Hacks
Pair of Drupal Modules Patch Access Bypass Flaws
Patched Android ‘Serialization’ Vulnerability Affects 55 Percent of Devices
Patched ColdFusion Flaw Exposes Applications to Attack
Patched Ins0mnia Vulnerability Keeps Malicious iOS Apps Hidden
Patched Libpng Vulnerabilities Have Limited Scope
Patrick Wardle on OS X Malware With a Possible Hacking Team Connection
PayPal Fixes OAuth Token Leaking Vulnerability
Pentagon Subcontractor Inadvertently Leaks 11 Gigs of Sensitive Data
Phony Google Update Spreads Data-Stealing Android Malware
Phony Pokémon GO Android App Gave Attackers Root Access
PHP File Manager Riddled With Vulnerabilities, Including Backdoor
PHPMailer, SwiftMailer Updates Resolve Critical Remote Code Execution Vulnerabilities
PLC-Blaster Worm Targets Industrial Control Systems
Police Allege SWIFT Technicians Left Bangladesh Bank Vulnerable
Popular Android App Leaks Microsoft Exchange User Credentials
PoS Attacks Net Crooks 20 Million Stolen Bank Cards
Privacy Activists Cheer Passage of Email Privacy Act, Brace for Senate Battle
Privacy Badger 1.0 Released With Support For EFF Do Not Track Policy
Privacy Groups File FTC Complaint over WhatsApp Data Sharing with Facebook
Privacy Watchdogs Vow to Fight ‘Dystopian’ Rule 41
ProtonMail Back Online Following Six-Day DDoS Attack
pseudoDarkleech Rig EK
PwnedList Shutdown Unrelated to Recent Vulnerability
Qbot Malware Morphs Quickly to Evade Detection
Quadrooter Flaw in Qualcomm Chips Puts 900M Android Devices At Risk
Qualcomm and HackerOne Partner on Bounty Program
Questions Mount Around Yahoo Breach
Range of Mousejack Attack More Than Doubles
Ransomware Gives Free Decryption Keys to Victims Who Infect Others
Remote Code Execution Bug Found in Ubuntu Quantal
Remote Code Execution Vulnerabilities Plague LibTIFF Library
Report a Grim Reminder of State of Critical Infrastructure Security
Researcher Proves Viability of NAND Mirroring to Bypass iPhone Passcode Restrictions
Researchers Break MarsJoke Ransomware Encryption
Researchers Bypass Chip-and-Pin Protections at Black Hat
Researchers Discover Two New Strains of POS Malware
Researchers Disrupt Angler Exploit Kit Ecosystem, Derail $30M Ransomware Campaign
Researchers Find ‘Severe’ Password Security Hole with iOS 10 Backups
Researchers Question Security in AMD’s Upcoming Zen Chips
Researchers Uncover ‘Terracotta’ Chinese VPN Service Used by APT Crews for Cover
Researchers Uncover New Italian RAT uWarrior
Researchers: MedSec, Muddy Waters Set Bad Precedent With St. Jude Medical Short
RIG Picks Up Where Neutrino Left Off, Pushes CrypMIC Ransomware
RIPPER ATM Malware Uses Malicious EVM Chip
Risk of Election Day Cyberattacks Low According To Experts
Risky Schneider Electric SCADA Vulnerabilities Remain Unpatched
Rockwell Patches Serious ‘FrostyURL’ PLC Vulnerability
Rogue iOS App Gets Boot After Slipping into App Store
Root Servers Were Not Targets of 2015 DDoS Attack
Rowhammer Vulnerability Comes to Android
Rule 41 Opponents Vow to Fight Government’s New Hacking Powers
Salesforce Patches XSS on a Subdomain
Samsung Smart Home Camera SNH-P-6410 - Command Injection
Santiago Pontiroli and Roberto Martinez on ATM Jackpotting
SAP Patches 12 SQL Injection, XSS Vulnerabilities in HANA 
Scan of IPv4 Space for ‘Implanted’ Cisco Routers Finds Fewer Than 100
Scanner Finds Malicious Android Apps at Scale
Scope of Gaping Android Security Hole Grows
Scottrade Breach Affects 4.6 Million Customers
Scourge of Android Overlay Malware on Rise
Second Try at Windows LSASS Patch Addresses Vulnerability
Security of iMessage System Comes to the Fore Again
Sen. Warren Worried About Banks’ New Encrypted Messaging Platform
Series of Buffer Overflows Plague Many Yokogawa ICS Products 
Serious Dirty Cow Linux Vulnerability Under Attack
Several Critical Flaws Patched in Drupal Module
ShadowBrokers Bid Farewell, Close Door
ShadowBrokers Dump Came from Internal Code Repository, Insider
ShadowBrokers Dumps Lists of Equation Group Hacked Servers
ShadowBrokers Selling Windows Exploits, Attack Tools
ShadowBrokers’ Leak Has ‘Strong Connection’ to Equation Group
Short URLs a Big Problem for Cloud Collaboration, Stored Data
Schneider Patches Plaintext Credentials Bug in Building Automation System
Siemens Discloses Local Privilege Escalation Bug in SCADA Gear
Siemens Patches Insufficient Entropy Vulnerability in ICS Systems
Signal Adds iPhone Access to Desktop App
Signal Audit Reveals Protocol Cryptographically Sound
Skyping and Typing the Latest Threat to Privacy
Snowden Makes Case for a Presidential Pardon
Snowden Slammed in House Committee Report
Sofacy APT Targeting OS X Machines with Komplex Trojan
Solar Power Firm Patches Meters Vulnerable to Command Injection Attacks
Source Code Released for Mirai DDoS Malware
South Korean Child Monitoring App Beset by Vulnerabilities, Privacy Issues
Spam Campaign Continuing to Serve Up Malicious .js Files
Spammers Revive Hancitor Downloader Campaigns
Spyware Targeting Overseas Travelers Removed from Google Play
SQL Injection Attack is Tied to Election Commission Breach
St. Jude Alleges False Claims, Stock Manipulation in Suit Against Med Sec, Muddy Waters
St. Jude Faces New Claim Heart Implants are Hackable
St. Jude Medical Patches Vulnerable Cardiac Devices
Stagefright Patch Incomplete Leaving Android Devices Still Exposed
Starwood Hotel Chain Hit By Point of Sale Malware
Stealthy GlassRAT Spies on Commercial Targets
Steam Patches Broken Crypto in Wake of Replay, Padding Oracle Attacks
StrongPity APT Covets Secrets of Crypto Users
Sundown Exploit Kit ‘Larger Threat Than People Realize’
Suspicious Windows 7 Update Actually an Accidental Microsoft ‘Test’ Update
SWIFT Confirms Banks Still Being Targeted, Announces Mitigation Tool
SWIFT Warns Banks Of More Cyberattacks
SWIFT Warns of Second Bank Attack via PDF Malware 
Tales of WordPress Plugin Insecurity Overblown, Researchers Say
Target Says SEC Won’t Pursue Enforcement Action as a Result of Data Breach
TCP Flaw in Linux Extends to 80 Percent of Android Devices
Tesco Bank Stops Online Transactions After Money Missing from 20K Accounts
The Ethics and Morality Behind APT Reports
Thunderstrike 2 OS X Firmware Attack Self-Replicates to Peripherals
TLS Implementations Vulnerable to RSA Key Leaks
Tor Joins Movement Against Expanding Hacking Powers
Tor Update Fixes ReachableAddresses Problem
Tor: FBI Paid CMU $1 Million to De-Anonymize Users
TrickBot Banking Trojan Adds New Browser Manipulation Tools
TrickBot Banking Trojan Could Be Dyre Rewrite
Tumblr Accounts Must Reset Passwords 
Turla APT Group Abusing Satellite Internet Links
Twitter Turns Off Fire Hose For Intelligence Community
U.S. Intelligence Report Due Next Week on Election Hack
Uber Portal Leaked Names, Phone Numbers, Email Addresses, Unique Identifiers
Ubiquiti Networks Gear Targeted By Worm
Ubuntu Patches Kernel Vulnerabilities
Unmasking xDedic’s Black Market for Servers and PCs
Unpatched Vulnerability on Puts Millions of Sites at Risk
Unsecured DNSSEC Easily Weaponized, Researchers Warn
Unskilled Pro-ISIS Hackers A Growing Threat
Unsupported Honeywell Experion PKS Vulnerable to Public Attacks 
Unusual Re-Do of US Wassenaar Rules Applauded
Updated Cryptowall Encrypts File Names, Mocks Victims
Updated DGA Changer Malware Generates Fake Domain Stream
Updated Rig Exploit Kit Closing in on 1 Million Victims
Updated XcodeGhost Adds iOS9 Support
Uptick in Neutrino Exploit Kit Traffic Doesn’t Mean Angler Reign Over
US Reps Requesting Further Intel Around Yahoo Surveillance Story
Using BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks
Valve Patches Password Reset Vulnerability in Steam
Vawtrak Banking Trojan Adds DGA, SSL Pinning
VBA and P-code
vBulletin Patches Serious Flaw in Forum Software
Vendetta Brothers Cyber Crooks Adopt Real World Tactics
Vera Bradley Retail Chain Breached
VeraCrypt Audit Under Way; Email Mystery Cleared Up
VeraCrypt Patched Against Two Critical TrueCrypt Flaws
VeraCrypt Patches Critical Vulnerabilities Uncovered in Audit
Vermont Grid ‘Hack’ Latest Tumble Down Attribution Rabbit Hole
Viber Heats Up Crypto Debate: Adds Encryption to 711 Million Users
Victims of June OPM Hack Still Haven’t Been Notified
Viking Horde Malware Co-Ops Android Devices for Ad Fraud
VirusTotal Adds Sandbox Execution for OS X Apps
Vitaly Kamluk on the Adwind RAT
VMware Patches Critical Session-Handling Vulnerability
VMware Patches Flaws in Identity and Cloud Products
VMware Patches Pesky XXE Bug in Flex BlazeDS
Vulnerabilities Identified in Dolphin, Mercury Android Browsers
Vulnerability Identified in Genomic Data Sharing Network 
Výzkumníci Manipulovat pušky Precision Cílení System
Wassenaar Renegotiation Will Be in Trump Administration’s Hands
Web Hosting Service 000webhost Hacked, Information of 13 Million Leaked Loses 93,000 Credit Card Numbers in Breach
Web-Based Keylogger Used to Steal Credit Card Data from Popular Sites
Westin, Marriott, Sheraton Hotels Hit By Payment Card Malware
WhatsApp Blasted by EU Data Protection Group Over Facebook Sharing
When DVRs Attack: A Post IoT Attack Analysis
White House Hires First Federal CISO
White House Says No Thanks to Snowden Pardon Petition
White House Support for CISA Worries Privacy Advocates
Windows 10 Attack Surface Grows with Linux Support in Anniversary Update
Windows 10 Upgrade Spam Carries CTB-Locker Ransomware
Windows Atom Tables Can Be Abused for Code Injection Attacks
Windows PDF Library Flaw Puts Edge Users at Risk for RCE
WordPress 4.7.1 Fixes CSRF, XSS, PHPMailer Vulnerabilities
WordPress Patches Critical XSS Vulnerability in All Builds
WordPress Patches Serious Shortcodes Core Engine Vulnerability
WordPress Plugins Leave Black Friday Shoppers Vulnerable
Writing Advanced OS X Malware an ‘Elegant’ Solution to Improving Detection
XcodeGhost iOS Malware Contained
Xen Patches VM Escape Flaw
Yahoo Asks DNI to De-Classify Email Scanning Order
Yahoo Hires Bob Lord as its CISO
Yahoo Investigates 200 Million Alleged Accounts For Sale On Dark Web
Yahoo Mail XSS Bug Worth Another $10K to Researcher
Yahoo Tells SEC It Knew About Data Breach in 2014
Yahoo to Warn Users of State-Sponsored Attacks
Yahoo touts Úspěch Bug Bounty Programu
Yelp Launches Public Bug Bounty
YiSpecter iOS Malware Abuses Apple Enterprise Certs to Push Adware
Zcash Spurs Rash of Malicious Mining Software
Zero Day in Android’s Google Admin App Can Bypass Sandbox
Zerodium Triples its iOS 10 Bounty to $1.5 Million
ZeuS Banking Trojan Resurfaces As Atmos Variant