Security News

Researchers this week claim they’ve noticed a new strain of ransomware unlike any they’ve seen prior – a type composed entirely of JavaScript.

Meaningful surveillance reform risks defeat if the reintroduction of the Massie-Lofgren amendment to a DoD spending bill is derailed because new US House rule changes.

IoT security company Firmalyzer found that mydlink devices from D-Link use weak versions of SSL for remote connections. D-Link has updated its firmware.

Certificate authority Let’s Encrypt blamed a bug for accidentally disclosing the email addresses of a couple thousand of its users this weekend.

Siemens has provided firmware updates addressing vulnerabilities in the SIMATIC WinCC flexible and the SIMATIC S7-300 CPU family.

Fifty-one million iMesh accounts are for sale on Dark Web for $700, bringing the number of user accounts tied to recent breaches to over 700 million.

More than a year after hackers managed to manipulate the system the Internal Revenue Service has reinstated its Get Transcript service.

Netgear on Friday released firmware updates for two of its router products lines, patching a hardcoded cryptographic key and an authentication bypass flaw that were reported six months ago.

Cisco released a decryption utility that unlocks files encrypted by all four versions of TeslaCrypt; Kaspersky Lab has also published a similar decryptor.

The news from the week is discussed, including how recent data breaches have fed off password reuse and how a university paid $20K after a ransomware attack.