Security News

Mike Mimoso and Chris Brook discuss the news of the week, including the latest Linux bug, Sony closing backdoors in cameras, and Google's new open source fuzzer.

Finnish security researcher Jouko Pynnonen found a second stored cross-site scripting vulnerability in Yahoo Mail in less than a year, both of which earned him $10,000 bug bounties.

Two German researchers are calling into question the security afforded by AMD’s Secure Encrypted Virtualization feature debuting in the chip maker's upcoming Zen server chips.

Matthew D. Green, PhD, a well-known cryptographer and researcher at Johns Hopkins University, will carry out an audit of OpenVPN.

A D.C. think tank recommends regulations that mandate IoT security by design before attacks infiltrate critical infrastructure, financial and health care organizations.

A local, race condition vulnerability in the af_packet implementation in Linux was patched this week. The bug allows a local attacker to execute code or crash a server.

Locus Energy has patched 100,000 of its residential and commercial power meters that were vulnerable to command injection attacks and code execution.

Researchers have observed an uptick in attacks against US, Canadian and Brazilian banks and insurance firms using the banking malware Floki Bot.

The BSD libc library was updated recently to address a buffer overflow vulnerability that could have allowed an attacker to execute arbitrary code.

Open source webmail provider Roundcube was patched against a vulnerability that could be trivially exploited to run code on servers or access email accounts.