Security News

Dridex banking malware returns with a new bypass technique that allows the malware to execute without triggering a Windows UAC alert to the user.

Google announced that it will operate its own root Certificate Authority, stood up by the acquisition of two root CAs from GlobalSign.

The Star Wars Twitter botnet, the return of Lavabit, a critical Cisco Webex flaw, and the St. Louis Library ransomware story are discussed.

Facebook is letting users tie a physical security key to their account as an added layer of security.

A bipartisan bill was introduced this week in the House calling for the NHTSA to conduct a study that would determine appropriate cybersecurity standards for motor vehicles.

A researcher earned $9K for identifying a XXE vulnerability in third party backup software used by Uber.

Citing security concerns, Google announced that it will soon block JavaScript (.js) file attachments in Gmail.

Researcher Mariusz Mlynski found and disclosed four high-severity vulnerabilities in Chrome’s Blink rendering engine, earning himself $32,000 through the Chrome Rewards program.

A Ponemon Institute report on ransomware revealed 48 percent of businesses surveyed paid a ransom in exchange for getting their data back.

ICS-CERT warns of default credentials in Schneider Electric Wonderware Historian that can be abused to compromise Historian databases.