Threatpost -

Poslední aktualizace v 10.09.2016 13:04:57

 

$2.5 Million-a-Year Ransomware-as-a-Service Ring Uncovered

Five-Year-Old Android Flaw Exposes SMS, Call History

Nuclear Exploit Kit Spreading Cryptowall 4.0 Ransomware

‘Prohibition Era’ Of Security Research May Be Ahead

Fixing ‘This Internet’ Before It Breaks Again

NY Health Provider Excellus Discloses Data Breach Dating to 2013

‘Software Liability Is Inevitable’

Flash Exploit Found in Seven Exploit Kits

Nymaim Dropper Updates Delivery, Obfuscation Methods

‘Surreptitious Sharing’ Android API Flaw Leaks Data, Private Keys

Following Extortion Attempt, Gaming Network ESEA Breached, 1.5M Profiles Leaked

NYU Students Apply Blockchain Solution to Electronic Voting Security

1.7 Million Opera Browser Users Told To Reset Passwords

Following Lull, New Campaigns Pushing Retooled ‘Pumpkin’ Locky

Obihai Patches Memory Corruption, DoS, CSRF Vulnerabilities in IP Phones

5.6 Million Fingerprints Stolen In OPM Hack

Four Zero Days Disclosed in Internet Explorer Mobile

Office 365 Vulnerability Identified Bogus Microsoft.com Email as Valid

A Month Without Adobe Flash Player Patches

Free SSL Providers Spark Unprecedented Growth in Encrypted Traffic

OIG Report Finds Vulnerabilities in Medicaid Services Agency

Academics Make Theoretical Breakthrough in Random Number Generation 

Free Tool Protects Mac Users from Webcam Surveillance

Old Exploits Die Hard, Says Microsoft Report

Academics Put Another Dent in Online Anonymity

FreePBX 13 / 14 - Remote Code Execution

Old Linux Kernel Code Execution Bug Patched

Adding CIA to DNA

FTC Issues Public Challenge to Improve IoT Patching

OneLogin SecureNotes Breach Exposed Data in Cleartext

Adobe Back With New Flash Player Security Update

FTC Panel Encourages Basic Security Hygiene to Counter Ransomware

OpenSSL Patches Bring Last Update for 0.9.8 and 1.0.0 Branches

Adobe Fixes 81 Vulnerabilities in Acrobat, Reader, Flash

FTC, Experts Push Startups to Think About Security From the Beginning 

OpenSSL Patches High-Severity Denial-of-Service Bug

Adobe Flash Update Includes Patches for 17 Vulnerabilities

FTC: D-Link Failed to Secure Routers, IP Cameras

OpenVPN to Undergo Cryptographic Audit

Adobe Hotfix Patches XXE Vulnerability in ColdFusion

Gary McGraw on BSIMM7 and Secure Software Development

Operation Ghoul Targeting Middle Eastern Industrial, Engineering Organizations

Adobe Patches 23 Critical Vulnerabilities in Flash Player 

Gary McGraw on Scalable Software Security and Medical Device Securityf

Oracle CSO: You ‘Must Not Reverse Engineer Our Code’

Adobe Patches 31 Vulnerabilities, Flash Zero-Day Under Attack

Generic Ransomware Detection Comes to OS X

Oracle EBusiness Suite ‘Massive’ Attack Surface Assessed

Adobe Patches 69 Vulnerabilities in Reader, Acrobat, Flash 

German Government Audits TrueCrypt

Oracle Fixes 253 Vulnerabilities in Last CPU of 2016

Adobe Patches Code Execution Flaws in Flash, Reader, Acrobat

German Industrial Giant Victim of Cyber Espionage

Oracle Releases Record Number of Security Patches

Adobe Patches DOM-XSS Flaw in Analytics AppMeasurement for Flash Library

Germany Orders Facebook to Stop Collecting Data on WhatsApp Users

Oracle to Kill Java Browser Plugin

Adobe Patches Flash Zero Day Under Attack

Github Mitigates DDoS Attack

Outdated, Unpatched Software Rampant in Businesses

Adobe Patches Nine Code Execution Flaws in Flash Player

GitLab Patches Command Execution Vulnerability

Outlook Web Access Two-Factor Authentication Bypass Exists

Adobe Patches Two Shockwave Player Vulnerabilities

Giving Red-Teamers the Blues 

OwnStar Attack Now Aimed at BMW, Chrysler, Mercedes Cars

Adobe Patches XXE Vulnerability in LiveCycle Data Services

Gone in Less Than a Second

Pacemaker Hacking Fears Rise With Critical Research Report

Adobe to Patch Reader and Acrobat Next Week

Google Alerts, Direct Webmaster Communication Get Bugs Fixed Quickly

Packet Capture Options

Adobe Warns of Flash Zero Day, Patches Acrobat, Reader

Google Details Plans to Disable SSLv3 and RC4

PageFair Hack Serves Up Fake Flash Update to 500 Sites

AdobeWorkgroupHelper 2.8.3.3 - Stack Based Buffer Overflow 

Google Discloses Contents of Eight National Security Letters

Pair of Bugs Open Honeywell Home Controllers Up to Easy Hacks

Adult FriendFinder Vulnerability Leaves Millions Exposed

Google Expands Default HTTPS to Blogspot

Pair of Drupal Modules Patch Access Bypass Flaws

Advantech Clears Hard-Coded SSH Keys from EKI Switches

Google Fixes 12 High-Severity Flaws In Chrome Browser

Patched Android ‘Serialization’ Vulnerability Affects 55 Percent of Devices

Advantech EKI Vulnerable to Bypass, Possible Backdoor 

Google Handles Record Number of Government Requests for Data

Patched ColdFusion Flaw Exposes Applications to Attack

AlienSpy RAT Resurfaces as JSocket

Google Helps Lead Effort Against Automated Traffic From Data Centers

Patched Ins0mnia Vulnerability Keeps Malicious iOS Apps Hidden

Amazon Backtracks On Encryption Removal, Mum On Why

Google Moving Gmail to Strict DMARC Implementation

Patched Libpng Vulnerabilities Have Limited Scope

Amazon Certificate Manager Brings Free SSL Certs to AWS Users 

Google Patches 29 Critical Android Vulnerabilities Including Holes in Mediaserver, Qualcomm

Patrick Wardle on OS X Malware With a Possible Hacking Team Connection

Amazon Inspector Addresses Compliance and Security Challenge

Google Patches 9 Security Flaws in New Chrome Browser Build

PayPal Fixes OAuth Token Leaking Vulnerability

Android Banking Trojan First to Gain Root Privileges

Google Patches Android Custom Boot Mode Vulnerability

Pentagon Subcontractor Inadvertently Leaks 11 Gigs of Sensitive Data

Android Fragmentation Sinks Patching Gains

Google Patches Critical Vulnerabilities in Chrome 45

Phony Google Update Spreads Data-Stealing Android Malware

Android Patch Fixes Nexus 5X Critical Vulnerability

Google Patches Dozens of Critical Qualcomm Components Flaws

Phony Pokémon GO Android App Gave Attackers Root Access

Android Qualcomm Vulnerability Impacts 60 Percent of Devices

Google Patches Latest Android Lockscreen Bypass

PHP File Manager Riddled With Vulnerabilities, Including Backdoor

Android Ransomware Attacks Using Towelroot, Hacking Team Exploits

Google Patches Quadrooter Vulnerabilities in Android

PHPMailer, SwiftMailer Updates Resolve Critical Remote Code Execution Vulnerabilities

Android Stagefright Exploit Code Released to Public 

Google Plans Monthly Security Updates for Nexus Phones

PLC-Blaster Worm Targets Industrial Control Systems

Android Trojan Switcher Infects Routers via DNS Hijacking

Google Plugs 21 Security Holes in Chrome

Police Allege SWIFT Technicians Left Bangladesh Bank Vulnerable

Appeals Court Vacates Lower Court’s Decision on National Security Letters

Google Project Zero Prize Pays $200,000 for Critical Vulnerability Chains

Popular Android App Leaks Microsoft Exchange User Credentials

Apple Addresses Dozens of Vulnerabilities, Embraces Two-Factor Authentication in iOS 9 

Google Project Zero Turns Over 11 Bugs in Galaxy S6 Edge

PoS Attacks Net Crooks 20 Million Stolen Bank Cards

Apple Delays App Transport Security Deadline

Google Pushes Stagefright 2.0 Patches to Nexus Devices 

Privacy Activists Cheer Passage of Email Privacy Act, Brace for Senate Battle

Apple Deprecates QuickTime For Windows, Won’t Patch New Flaws

Google Releases Supplemental Patch for Dirty Cow Vulnerability

Privacy Badger 1.0 Released With Support For EFF Do Not Track Policy

Apple Fixes 12 Vulnerabilities in iOS 10.2

Google Removing SHA-1 Support in Chrome 56

Privacy Groups File FTC Complaint over WhatsApp Data Sharing with Facebook

Apple Fixes 97 Vulnerabilities Across macOS, iTunes, Safari, iCloud

Google Set to Kill SSLv3 and RC4 in SMTP, Gmail in June 

Privacy Watchdogs Vow to Fight ‘Dystopian’ Rule 41

Apple Gatekeeper Bypass Opens Door for Malicious Code 

Google Shares Android Nougat, Safe Browsing Security Enhancements

ProtonMail Back Online Following Six-Day DDoS Attack

Apple Goes All-In on Privacy

Google to Distrust WoSign, StartCom Certs in 2017

pseudoDarkleech Rig EK

Apple Must Forever Threat Model Against Itself

Google to Make Certificate Transparency Mandatory By 2017

PwnedList Shutdown Unrelated to Recent Vulnerability

Apple Patches 100+ Vulnerabilities in OS X, Safari, iOS 

Google to Pause Flash Ads in Chrome Starting Next Week

Qbot Malware Morphs Quickly to Evade Detection

Apple Patches Critical OS X DYLD Flaw in Monster Update

Google to Warn Recipients of Unencrypted Gmail Messages 

Quadrooter Flaw in Qualcomm Chips Puts 900M Android Devices At Risk

Apple Patches iOS Flaw Exploitable by Malicious JPEG

Google Unveils Cryptographic Library Test Suite Wycheproof

Qualcomm and HackerOne Partner on Bounty Program

Apple Patches iTunes, iCloud for Windows, Xcode Server

Gooligan Malware Breaches 1 Million Google Accounts

Questions Mount Around Yahoo Breach

Apple Patches Trident Vulnerabilities in OS X, Safari

Government Asks for Security Community’s Help on Technical Issues

Range of Mousejack Attack More Than Doubles

Apple Releases Patches for iOS, OS X and Safari

Government Releases Policy on Vulnerability Discovery and Disclosure

Ransomware Gives Free Decryption Keys to Victims Who Infect Others

Apple Squashes 68 Security Bugs With Sierra Release

GPG Patches 18-Year-Old Libgcrypt RNG Bug

Remote Code Execution Bug Found in Ubuntu Quantal

Apple To Block WoSign Intermediate Certificates

Granick: Dream of Internet Freedom ‘Dying’

Remote Code Execution Vulnerabilities Plague LibTIFF Library

Apple to Remove 256 iOS Apps Using Private APIs, Collecting Personal Data 

Hack Crashes Linux Distros with 48 Characters of Code

Report a Grim Reminder of State of Critical Infrastructure Security

Apple Updates Xcode’s Git Implementation

Hackers Gamify DDoS Attacks With Collaborative Platform

Researcher Proves Viability of NAND Mirroring to Bypass iPhone Passcode Restrictions

Apple watchOS2 Includes Host of Code-Execution Patches

Hack-Fueled ‘Unprecedented’ Insider Trading Ring Nets $100M

Researchers Break MarsJoke Ransomware Encryption

Apple Zero Day Remains Unpatched

Half of Chrome Pageloads are HTTPS

Researchers Bypass Chip-and-Pin Protections at Black Hat

Apple: Court Order Turns Back Clock on iPhone Security 

Hancitor Downloader Shifts Attack Strategy

Researchers Discover Two New Strains of POS Malware

APT Group Gets Selective About Data it Steals

Hello Kitty Database of 3.3 Million Breached Credentials Surfaces

Researchers Disrupt Angler Exploit Kit Ecosystem, Derail $30M Ransomware Campaign

AT&T Facilitated NSA Surveillance Efforts, Reports

High-Risk SAP HANA Vulnerabilities Patched

Researchers Find ‘Severe’ Password Security Hole with iOS 10 Backups

Attack Leverages Windows Safe Mode

Holes Patched in Online Bookmarking App Pocket

Researchers Question Security in AMD’s Upcoming Zen Chips

Attacker Compromised Mozilla Bug System, Stole Private Vulnerability Data 

Hotel Chain Hilton Worldwide Investigating Potential POS Breach 

Researchers Uncover ‘Terracotta’ Chinese VPN Service Used by APT Crews for Cover

Attackers Behind GozNym Trojan Set Sights on Europe

How Bugs Lead to a Better Android

Researchers Uncover New Italian RAT uWarrior

Attackers Can Use SAP to Bridge Corporate, Operational ICS Networks 

HTTPS Available as Opt-In for Blogspot

Researchers: MedSec, Muddy Waters Set Bad Precedent With St. Jude Medical Short

Attackers Embracing Steganography to Hide Communication 

Huge Flash Update Patches More Than 30 Vulnerabilities

RIG Picks Up Where Neutrino Left Off, Pushes CrypMIC Ransomware

Attackers Hiding Stolen Credit Card Numbers in Images

Charlie Miller to Leave Twitter Security Team

RIPPER ATM Malware Uses Malicious EVM Chip

Attackers Replacing Firmware on Cisco Routers

China APT Gang Targets Hong Kong Media via Dropbox

Risk of Election Day Cyberattacks Low According To Experts

Attackers Targeting Critical SAP Flaw Since 2013

Chinese Manufacturer Recalls IOT Gear Following Dyn DDoS

Risky Schneider Electric SCADA Vulnerabilities Remain Unpatched

Attacks On MongoDB Rise As Hijackings Continue

Chinese Mobile Ad Library Backdoored to Spy on iOS Devices

Rockwell Patches Serious ‘FrostyURL’ PLC Vulnerability

AutoIt Used in Targeted Attacks to Move RATs

Chrome 53 Fixes Address Spoofing Vulnerability, 32 Other Bugs

Rogue iOS App Gets Boot After Slipping into App Store

Backdoor In A Backdoor Identified in 600,000 Arris Modems

Chrome Defaults to HTML5 over Adobe Flash Starting in Q4

Root Servers Were Not Targets of 2015 DDoS Attack

Backdoored D-Link Router Should be Trashed, Researcher Says

IBM Opens Attack Simulation Test Center

Rowhammer Vulnerability Comes to Android

Banking Malware Moving Over Facebook Hosted in Cloud

IBM’s Watson Supercomputer Takes On Security

Rule 41 Opponents Vow to Fight Government’s New Hacking Powers

Bartalex Variants Spotted Dropping Pony, Dyre Malware

iCloud Phishing Campaign Zycode Back From the Dead

Salesforce Patches XSS on a Subdomain

BASHLITE Family Of Malware Infects 1 Million IoT Devices

Identity Thieves Used Leaked PII to Steal ADP Payroll Info

Samsung Smart Home Camera SNH-P-6410 - Command Injection

Belkin’s WeMo Gear Can Hack Android Phones

In-Flight Entertainment System Flaws Put Passenger Data at Risk

Santiago Pontiroli and Roberto Martinez on ATM Jackpotting

Beta Firmware Updates Available for Vulnerable Netgear Routers

Info on 500K Users Doxxed in Hacking Forum Dump

SAP Patches 12 SQL Injection, XSS Vulnerabilities in HANA 

Bitcoin Extortionist Copycats on the Rise, Experts Say 

InPage Zero Day Used in Attacks Against Banks

Scan of IPv4 Space for ‘Implanted’ Cisco Routers Finds Fewer Than 100

BlackBerry CEO Defends Lawful Access Principles, Supports Phone Hack

Insecure NAS Device Exposes 350 Ameriprise Investment Accounts

Scanner Finds Malicious Android Apps at Scale

BlackNurse Low-Volume DoS Attack Targets Firewalls

Inside the Latest Apple iMessage Bug

Scope of Gaping Android Security Hole Grows

BLEKey Device Breaks RFID Physical Access Controls

Inside the RIG Exploit Kit

Scottrade Breach Affects 4.6 Million Customers

Bluetooth Hack Leaves Many Smart Locks, IoT Devices Vulnerable

Inside the Unpatched OS X Vulnerabilities

Scourge of Android Overlay Malware on Rise

Bot Fraud to Cost Advertisers $7 Billion in 2016

Installation of Tor Relay in Library Attracts DHS Attention 

Second Try at Windows LSASS Patch Addresses Vulnerability

BREACH Attacks Revived to Steal Private Messages from Gmail, Facebook

Internet Root Name Servers Survive Unusual DDoS Attack

Security of iMessage System Comes to the Fore Again

Breach Forces Password Change on Oracle MICROS PoS Customers

iOS 10 Passcode Bypass Can Access Photos, Contacts

Sen. Warren Worried About Banks’ New Encrypted Messaging Platform

Broken IBM Java Patch Prompts Another Disclosure

iOS 10 Security Updates Move to HTTPS

Series of Buffer Overflows Plague Many Yokogawa ICS Products 

Browser Address Bar Spoofing Vulnerability Disclosed

iOS 9.3.4 Patches Critical Code Execution Flaw

Serious Dirty Cow Linux Vulnerability Under Attack

Bucbi Ransomware Gets a Big Makeover

IoT Botnet Uses HTTP Traffic to DDoS Targets

Several Critical Flaws Patched in Drupal Module

Buffer Overflow in BSD libc Library Patched

IRS Hack May Implicate Three Times As Many Taxpayers Than Expected

ShadowBrokers Bid Farewell, Close Door

Bug Hunters Prefer Communication Ovear Compensation

IRS Warns Tax-Related Phishing, Malware Surging

ShadowBrokers Dump Came from Internal Code Repository, Insider

Bug Hunting Cyber Bots Set to Square Off at DEF CON

ISC Patches Critical Error Condition in BIND

ShadowBrokers Dumps Lists of Equation Group Hacked Servers

Bugs in Signal Messaging App Corrupt Attachments, Crash App

iSpy Keylogger Targets Passwords, Skype, Webcams

ShadowBrokers Selling Windows Exploits, Attack Tools

Bypass Developed for Microsoft Memory Protection, Control Flow Guard

Java Serialization Bug Crops Up At PayPal

ShadowBrokers’ Leak Has ‘Strong Connection’ to Equation Group

Bypassing ASLR in 60 Milliseconds

JavaScript DDoS Attack Peaks at 275,000 Requests-Per-Second

Short URLs a Big Problem for Cloud Collaboration, Stored Data

Canceled Talk Re-Ignites Controversy Over Legitimate Security Research 

Jessy Irwin on Password Security, Opsec and User Education 

Schneider Patches Plaintext Credentials Bug in Building Automation System

Car Hacking Gets the Attention of Detroit and Washington

Joomla Sites Join WordPress As TeslaCrypt Ransomware Target 

Siemens Discloses Local Privilege Escalation Bug in SCADA Gear

Census Bureau Says Breach Didn’t Compromise Sensitive Data

Joomla Update Fixes Two Critical Issues, 2FA Error

Siemens Patches Insufficient Entropy Vulnerability in ICS Systems

Cerber Ransomware On The Rise, Fueled By Dridex Botnets 

Joomla Update Patches Critical SQL Injection Vulnerability

Signal Adds iPhone Access to Desktop App

CERT Warns of Hard-Coded Credentials in DSL SOHO Routers

Joshua Drake on Android Security Post-Stagefright

Signal Audit Reveals Protocol Cryptographically Sound

CERT Warns of Slew of Bugs in Belkin N600 Routers

Juan Andres Guerrero-Saade and Brian Bartholomew on APT False Flags and Attribution

Skyping and Typing the Latest Threat to Privacy

Cisco ‘High Severity’ Flaw Lets Malware Bypass FirePower Firewall

Juniper Acknowledges Equation Group Targeted ScreenOS

Snowden Makes Case for a Presidential Pardon

Cisco Fixes DoS Vulnerability in ASR 1000 Routers

Juniper Backdoor Picture Getting Clearer

Snowden Slammed in House Committee Report

Cisco Jabber Client Vulnerable to Man-in-the-Middle Attack 

Juniper Hotfixes Shut Down IPv6 DDoS Vulnerability

Sofacy APT Targeting OS X Machines with Komplex Trojan

Cisco Patches Critical Bug In Video Conferencing Server Hardware

Just Like Old Days: IOT Security Pits Regulators Against Market 

Solar Power Firm Patches Meters Vulnerable to Command Injection Attacks

Cisco Patches Critical Bugs in 900 Series Routers, Prime Home Server

Keen Lab Takes Down iPhone 6S, Nexus 6P at Mobile Pwn2Own

Source Code Released for Mirai DDoS Malware

Cisco Patches Critical Vulnerability in Facility Events Response System

Kemoge Android Adware Campaign Can Lead to Device Takeover 

South Korean Child Monitoring App Beset by Vulnerabilities, Privacy Issues

Cisco Patches Critical WebEx Meetings Server Vulnerability

Keystroke Recognition Uses Wi-Fi Signals To Snoop

Spam Campaign Continuing to Serve Up Malicious .js Files

Cisco Patches File Overwrite Bug in IMC Supervisor and UCS Director

Lack of Encryption Leads to Large Scale Cookie Exposure

Spammers Revive Hancitor Downloader Campaigns

Cisco Warns of Command Injection Flaw in Cloud Platform

Latest EMET Bypass Targets WoW64 Windows Subsystem

Spyware Targeting Overseas Travelers Removed from Google Play

Cisco Warns of Critical Flaw in CloudCenter Orchestrator Systems

Latest Chrome Update Addresses Two High-Severity Vulnerabilities

SQL Injection Attack is Tied to Election Commission Breach

Cisco Warns of Critical Flaw in Email Security Appliances

Latest Petya Ransomware Strain Comes with a Failsafe: Mischa 

St. Jude Alleges False Claims, Stock Manipulation in Suit Against Med Sec, Muddy Waters

Cisco Warns of Critical Flaws in Nexus Switches

Latest TeslaCrypt Targets New File Extensions, Invests Heavily in Evasion

St. Jude Faces New Claim Heart Implants are Hackable

Cisco Warns of IOS Flaw Vulnerable to ShadowBrokers Attack

Latest Windows UAC Bypass Permits Code Execution

St. Jude Medical Patches Vulnerable Cardiac Devices

Citovat Wassenaar, HP vytáhne z Mobile Pwn2Own

Law Enforcement Targets Users of DDoS-For-Hire Services

Stagefright Patch Incomplete Leaving Android Devices Still Exposed

Class Action Suit Against Neiman Marcus Over Data Breach Revived

Lawmakers Asking What ISPs Can Do About DDoS Attacks

Starwood Hotel Chain Hit By Point of Sale Malware

Claudio Guarnieri on Security Without Borders

Lawmakers Reintroduce Popular Email Privacy Act

Stealthy GlassRAT Spies on Commercial Targets

Clever Facebook Hack Reveals Private Email Address of Any User

Lenovo Patches Vulnerabilities in System Update Service 

Steam Patches Broken Crypto in Wake of Replay, Padding Oracle Attacks

Clever Gmail Hack Let Attackers Take Over Accounts

Let’s Encrypt Hits Another Free HTTPS Milestone

StrongPity APT Covets Secrets of Crypto Users

Click-Malware Podvod Šíření přes JavaScript Přílohy

Let’s Encrypt Initiative Enters Public Beta

Sundown Exploit Kit ‘Larger Threat Than People Realize’

Cloudflare Shares National Security Letter It Received in 2013

Linux Foundation Badge Program to Boost Open Source Security

Suspicious Windows 7 Update Actually an Accidental Microsoft ‘Test’ Update

Commodity ‘Exaspy’ Spyware Found Targeting High-Level Execs

Linux x86_64 Bindshell with Password (92 bytes) 

SWIFT Confirms Banks Still Being Targeted, Announces Mitigation Tool

Comodo Issues Eight Forbidden Certificates

Locky Ransomware Causes ‘Internal State of Emergency’ at Kentucky Hospital

SWIFT Warns Banks Of More Cyberattacks

Congressional Group Says Encryption Backdoors Are a Bad Idea

Locky Ransomware Learns New Evasive Tricks

SWIFT Warns of Second Bank Attack via PDF Malware 

Congressional Leaders Demand Answers on Yahoo Breach

Locky Variant Changes C2 Communication, Found in Nuclear EK

Tales of WordPress Plugin Insecurity Overblown, Researchers Say

Core Infrastructure Initiative Launches Open Source Security Badge Program

Mac Adware OSX.Pirrit Unleashes Ad Overload, For Now

Target Says SEC Won’t Pursue Enforcement Action as a Result of Data Breach

CoreBot Malware Steals Credentials-For Now

Magento Update Addresses XSS, CSRF Vulnerabilities

TCP Flaw in Linux Extends to 80 Percent of Android Devices

Corruption, Code Execution Vulnerabilities Patched in Open Source Archiver 7-Zip 

Maldoc VBA Anti-Analysis

Tesco Bank Stops Online Transactions After Money Missing from 20K Accounts

Costin Raiu on the Importance of Using YARA

Malvertising Campaign Pushing Neutrino Exploit Kit Shut Down

The Ethics and Morality Behind APT Reports

Credentials Accessible in Siemens-Branded CCTV Cameras

Malware Evades Detection with Novel Technique

Thunderstrike 2 OS X Firmware Attack Self-Replicates to Peripherals

Criminals Peddling Affordable AlphaLocker Ransomware

Mamba Ransomware Encrypts Hard Drives Rather Than Files

TLS Implementations Vulnerable to RSA Key Leaks

Critical Flaws Found in Network Management Systems

Manipulating WSUS to Own Enterprises

Tor Joins Movement Against Expanding Hacking Powers

Critical Java Bug Extends to Oracle, IBM Middleware

Marcher Trojan Morphs, Now Targets Porn Sites

Tor Update Fixes ReachableAddresses Problem

Critical MySQL Vulnerability Disclosed

Marie Moe on Medical Device Security

Tor: FBI Paid CMU $1 Million to De-Anonymize Users

Critical Vulnerability Patched in Roundcube Webmail

Meet The Cryptoworm, The Future of Ransomware

TrickBot Banking Trojan Adds New Browser Manipulation Tools

Cry Ransomware Uses UDP, Imgur, Google Maps

Microsoft Considers Earlier SHA-1 Deprecation Deadline

TrickBot Banking Trojan Could Be Dyre Rewrite

CSRF Flaw Patched in Popular Spring Social Core Library

Microsoft Cracks Down on Toolbars, Unsigned DLLs with Edge Update 

Tumblr Accounts Must Reset Passwords 

Curbing the For-Profit Cybercrime Food Chain

Microsoft Cutting Off SHA-1 Support in February for Edge, IE 11

Turla APT Group Abusing Satellite Internet Links

Custom Google App Engine Tweak Still Leads to Java Sandbox Escapes 

Microsoft Edge Adds App Guard Browser Security

Twitter Turns Off Fire Hose For Intelligence Community

DailyMotion Hack Leaks Emails, Passwords of 87M Users

Microsoft Issues Record Low Number of Patch Tuesday Bulletins

U.S. Intelligence Report Due Next Week on Election Hack

Darkhotel APT Latest to Use Hacking Team Zero Day

Microsoft Mistakenly Leaks Secure Boot Key

Uber Portal Leaked Names, Phone Numbers, Email Addresses, Unique Identifiers

DARPA Protecting Software From Reverse Engineering Through Obfuscation 

Microsoft Opens .NET Core, ASP.NET Bug Bounties

Ubiquiti Networks Gear Targeted By Worm

Data Theft Hole Identified in LG G3 Smartphones

Microsoft Patches 47 Vulnerabilities with September Patch Tuesday

Ubuntu Patches Kernel Vulnerabilities

Data-Stealing Mac OS X Backdoor Uncovered

Microsoft Patches Critical Vulnerabilities in New Edge Browser

Unmasking xDedic’s Black Market for Servers and PCs

Decryption Tool Stifles Jigsaw Ransomware

Microsoft Patches Five Zero Days Under Attack

Unpatched Vulnerability on Wix.com Puts Millions of Sites at Risk

Defining Threat Intelligence Requirements

Microsoft Patches Graphics Component Flaw Under Attack

Unsecured DNSSEC Easily Weaponized, Researchers Warn

Denial-of-Service Flaw Patched in DHCP

Microsoft Patches Publicly Disclosed IE, Edge Vulnerabilities

Unskilled Pro-ISIS Hackers A Growing Threat

Dennis Fisher On Security, Journalism, and the Origins of Threatpost 

Microsoft Quietly Kills Controversial Wi-Fi Sense Feature 

Unsupported Honeywell Experion PKS Vulnerable to Public Attacks 

Details Surface on Patched Bugzilla Privilege Escalation Flaw 

Microsoft Revokes Trust for Certificates Leaked by D-Link

Unusual Re-Do of US Wassenaar Rules Applauded

Details Surface on Patched Sandbox Violation Vulnerability in iOS

Microsoft Shuts Down Zero Day Used in AdGholas Malvertising Campaigns

Updated Cryptowall Encrypts File Names, Mocks Victims

DHS Announces Intent to Draft IoT Security Framework

Microsoft Silently Fixes Kernel Bug That Led to Chrome Sandbox Bypass

Updated DGA Changer Malware Generates Fake Domain Stream

DHS Raises Privacy Concerns With Senate Cyber Threat Sharing Bill

Microsoft Tears off the Band-Aid with EMET

Updated Rig Exploit Kit Closing in on 1 Million Victims

DHS Urges Vigilance in Protecting Networking Gear

Microsoft Unveils Cloud-Based Fuzz-Testing Service

Updated XcodeGhost Adds iOS9 Support

Diary of a Ransomware Victim

Microsoft Zero Day Exposes 100 Companies to PoS Attack

Uptick in Neutrino Exploit Kit Traffic Doesn’t Mean Angler Reign Over

Dirty Cow Vulnerability Patched in Android Security Bulletin

Microsoft, Google to Block Flash by Default in Edge, Chrome

US Reps Requesting Further Intel Around Yahoo Surveillance Story

Disappearing Messages Added to Signal App

Microsoft, Law Enforcement Collaborate in Dorkbot Takedown

Using BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks

D-Link Accidentally Leaks Private Code-Signing Keys 

Mirai Bots More Than Double Since Source Code Release

Valve Patches Password Reset Vulnerability in Steam

DMCA Exemptions Lift Hacking Restrictions

Mirai Giving DDoS-as-a-Service Industry a Boost

Vawtrak Banking Trojan Adds DGA, SSL Pinning

DNSChanger Exploit Kit Hijacks Routers, Not Browsers

Mirai Vulnerability Disclosed, But Exploits May Constitute Hacking Back

VBA and P-code

DoD Publishes Vulnerability Disclosure Policy

MIT Launches Experimental Bug Bounty Program

vBulletin Patches Serious Flaw in Forum Software

Dow Jones & Company Latest Financial Firm Hit With Data Breach 

Mitigations Available for PanelShock Vulnerabilities in Schneider Electric Magelis HMIs

Vendetta Brothers Cyber Crooks Adopt Real World Tactics

Dridex Banking Malware Back in Circulation

Mobile App Collusion Can Bypass Native Android Security

Vera Bradley Retail Chain Breached

Dridex Borrows Tricks From Dyre, Targets U.K. Users

Mobile Applications Leak Device, Location Data

VeraCrypt Audit Under Way; Email Mystery Cleared Up

Dropbox Forces Password Reset for Older Users

Model Assesses Readiness to Accept Outside Vulnerability Reports

VeraCrypt Patched Against Two Critical TrueCrypt Flaws

Drupal Fixes ‘Moderately Critical’ Vulnerabilities in Core Engine

MongoDB Attacks Jump From Hundreds to 28,000 In Just Days

VeraCrypt Patches Critical Vulnerabilities Uncovered in Audit

Drupal Patches Three Vulnerabilities in Core Engine

Moonpig Warns Customers of ‘Security Issue’

Vermont Grid ‘Hack’ Latest Tumble Down Attribution Rabbit Hole

DualToy Windows Trojan Attacks Android, iOS Devices

Motion Filed Asking FBI To Disclose Tor Browser Zero Day

Viber Heats Up Crypto Debate: Adds Encryption to 711 Million Users

Dutch Police Arrest Alleged CoinVault Ransomware Authors

Mozilla Embraces Private Browsing with Tracking Protection in Firefox 42

Victims of June OPM Hack Still Haven’t Been Notified

Dyn Confirms DDoS Attack Affecting Twitter, Github, Many Others

Mozilla Patches 29 Vulnerabilities, Prevents MIME Confusion Attacks, in Firefox 50

Viking Horde Malware Co-Ops Android Devices for Ad Fraud

Dyn DDoS Could Have Topped 1 Tbps

Mozilla Patches Bug Used in Active Attacks

VirusTotal Adds Sandbox Execution for OS X Apps

Dyn DDoS Work of Script Kiddies, Not Politically Motivated Hackers

Mozilla Patches Certificate Pinning Vulnerability in Firefox

Vitaly Kamluk on the Adwind RAT

Dyreza Trojan Targeting IT Supply Chain Credentials 

Mozilla Patching Firefox Certificate Pinning Vulnerability

VMware Patches Critical Session-Handling Vulnerability

eBay Fixes XSS Flaw in Subdomain

Mozilla Reduces Threat of Export-Grade Crypto to Firefox

VMware Patches Flaws in Identity and Cloud Products

eBay Vulnerability Exposes Users to Phishing, Data Theft

Mozilla Turning TLS 1.3 On By Default With Firefox 52

VMware Patches Pesky XXE Bug in Flex BlazeDS

EFF Blasts DEA in Ongoing Secret ‘Super Search Engine’ Lawsuit

Multiple Vulnerabilities Identified in ‘Utterly Broken’ BHU Routers

Vulnerabilities Identified in Dolphin, Mercury Android Browsers

EFF Blasts Microsoft Over ‘Malicious’ Windows 10 Rollout Tactics

Musical Chairs Campaign Found Deploying New Gh0st RAT Variant 

Vulnerability Identified in Genomic Data Sharing Network 

EFF, AdBlock and Others Launch New Do Not Track Standard

Nagios Core Patches Root, RCE Vulnerabilities

Výzkumníci Manipulovat pušky Precision Cílení System

Election Leaks Failed to Move Needle on Polls

Naikon APT Group Tied to China’s PLA Unit 78020

Wassenaar Renegotiation Will Be in Trump Administration’s Hands

Embedded Devices Share, Reuse Private SSH Keys, HTTPs Certificates 

Nemucod Infections Spreading Locky Over Facebook

Web Hosting Service 000webhost Hacked, Information of 13 Million Leaked 

Emergency IE Patch Fixes Vulnerability Under Attack

Netflix Phishing Campaign Targeted User Information, Credit Card Data

Web.com Loses 93,000 Credit Card Numbers in Breach

Empty DDoS Threats Still Net Attackers $100,000

Netflix Sleepy Puppy Awakens XSS Vulnerabilities in Secondary Applications

Web-Based Keylogger Used to Steal Credit Card Data from Popular Sites

Encryption, Lock Mechanism Vulnerabilities Plague AppLock

Netgear Management System Vulnerable to RCE, Path Traversal Attacks

Westin, Marriott, Sheraton Hotels Hit By Payment Card Malware

Endress+Hauser Patches Buffer Overflow In Dozens of ICS Products

Netgear Published Patched Firmware for Routers Under Attack 

WhatsApp Blasted by EU Data Protection Group Over Facebook Sharing

Experian Breach Spills Data on 15 Million T-Mobile Customers 

Netgear Routers Remain Exposed to Critical Flaw

When DVRs Attack: A Post IoT Attack Analysis

Experts Warn of Novel PDF-Based Phishing Scam

NetWire RAT Back, Stealing Payment Card Data

White House Hires First Federal CISO

Experts Weigh-In Over FBI $1.3 Million iPhone Zero-Day Payout

Never Trust a Found USB Drive, Black Hat Demo Shows Why

White House Says No Thanks to Snowden Pardon Petition

Exploit Code Released for NTP Vulnerability

Neverquest Trojan Gets Big Summer Update

White House Support for CISA Worries Privacy Advocates

Exploit Writing and Mitigation Going Hand in Hand

New Android Ransomware Communicates over XMPP

Windows 10 Attack Surface Grows with Linux Support in Anniversary Update

Facebook Awards $100,000 for New Class of Vulnerabilities and Detection Tool

New Brazilian Banking Trojan Uses Windows PowerShell Utility

Windows 10 Upgrade Spam Carries CTB-Locker Ransomware

Facebook Bug Bounty Program Pays Out $5 Million in Five Years

New Call to Regulate IoT Security By Design

Windows Atom Tables Can Be Abused for Code Injection Attacks

Facebook Debuts Open Source Detection Tool for Windows

New Campaign Shows Dridex Active, Targeting French

Windows PDF Library Flaw Puts Edge Users at Risk for RCE

Facebook Fixes Vulnerability That Led to Account Takeover, Pays Researcher $16K

New Cerber Variant Leverages Tor2Web Proxies, Google Redirects

WordPress 4.7.1 Fixes CSRF, XSS, PHPMailer Vulnerabilities

Facebook Releases Free Certificate Transparency Monitoring Tool

New Debian Releases Fix PHP, VirtualBox Bugs

WordPress Patches Critical XSS Vulnerability in All Builds

Facebook Updates Information-Sharing Platform

New Decryptor Unlocks CryptXXX Ransomware

WordPress Patches Serious Shortcodes Core Engine Vulnerability

Fake Microsoft Installer Leads to Malware, Support Call Scam

New Decryptor Unlocks CryptXXX v3 Files

WordPress Plugins Leave Black Friday Shoppers Vulnerable

FBI Encouraging Ransomware Victims To Report Infections

New Gmail Alerts Warn of Unauthenticated Senders

WPAD Flaws Leak HTTPS URLs

FBI Reaffirms Stance Not to Pay Ransomware Attackers

New Google Tools Help Devs Improve Content Security Policy Protection

Writing Advanced OS X Malware an ‘Elegant’ Solution to Improving Detection

FBI Warned State Election Board Systems of Hacks

New Large-Scale DDoS Attacks Follow Schedule

XcodeGhost iOS Malware Contained

FBI Warns of Increase in DDoS Extortion Scams

New Mirai Variant Targets Routers, Knocks 900,000 Offline

Xen Patches VM Escape Flaw

FBI Warns Public Officials of Doxing Threat

New MIT Scanner Finds Web App Flaws in a Minute

Yahoo Asks DNI to De-Classify Email Scanning Order

FBI: Social Engineering, Hacks Lead to Millions Lost to Wire Fraud

New Moker RAT Bypasses Detection

Yahoo Hires Bob Lord as its CISO

FBI-DHS Report Links Fancy Bear Gang to Election Hacks

New Security Flaw Found in Lenovo Solution Center Software

Yahoo Investigates 200 Million Alleged Accounts For Sale On Dark Web

FDA, DHS Investigating St. Jude Device Vulnerabilities

New Silverlight Attacks Appear in Angler Exploit Kit 

Yahoo Mail XSS Bug Worth Another $10K to Researcher

Feasible ‘Going Dark’ Crypto Solution Nowhere to be Found

New Technique Checks Mitigation Bypasses Earlier

Yahoo Tells SEC It Knew About Data Breach in 2014

Federal CISOs Propose New Efforts to Shore Up Cybersecurity

New Tinba Variant Seen Targeting Russian, Japanese Banks

Yahoo to Warn Users of State-Sponsored Attacks

Federálové Change Policy vyžadovat rozkaz k použití Stingrays

New Versions of Carbanak Banking Malware Seen Hitting Targets in U.S. and Europe

Yahoo touts Úspěch Bug Bounty Programu

Fewer IPsec VPN Connections at Risk from Weak Diffie-Hellman

New Wave of Hailstorm Spam Pelts Inboxes

Yelp Launches Public Bug Bounty

Fileless PowerWare Ransomware Found on Healthcare Network

New Windows Patch Policy At Odds With Acceptable Risk

YiSpecter iOS Malware Abuses Apple Enterprise Certs to Push Adware

Find Your Keys, Lose Your Privacy

Nissan Car Hack Allowed Remote Access

Zcash Spurs Rash of Malicious Mining Software

Firefox 46 Patches Critical Memory Vulnerabilities

NIST Calls for Submissions to Secure Data Against Quantum Computing

Zero Day in Android’s Google Admin App Can Bypass Sandbox

First Let’s Encrypt Free Certificate Goes Live

November 2016 Microsoft Patch Day

Zerodium Triples its iOS 10 Bounty to $1.5 Million

Five Vulnerabilities Fixed In Chrome Browser, Google Pays $20K to Bug Hunters 

Nový Chrome rozšíření pomáhá v boji klávesnice Biometrické profilování

ZeuS Banking Trojan Resurfaces As Atmos Variant

Five-Year-Old Android Flaw Exposes SMS, Call History

NSF Awards $6M Grants for Internet of Things Security

 

Zero Day in Android’s Google Admin App Can Bypass Sandbox

  

Zerodium Triples its iOS 10 Bounty to $1.5 Million

  

ZeuS Banking Trojan Resurfaces As Atmos Variant