Security News

A large botnet of Android devices called WireX is responsible for large-scale application-layer DDoS attacks against businesses in the hospitality, porn and gambling industries.

The anonymous messaging app Sarahah says it plans to remove a feature that uploads users contacts, including phone numbers and email addresses to the company’s servers, in the next update.

A list of device IPs and credentials has gone viral since Thursday, kicking off an effort by researchers to notify the owners of these connected devices before they're hacked.

Defray, a new, although small strain of ransomware, was spotted by researchers targeting comapnies in the education and healthcare verticals.

The news of the week is discussed, including the AWS S3 leaks, Zerodium's bounty on messaging app zero days, Ropemaker, and cobot vulnerabilities.

Attackers are using an exploit kit to spread the Zminer executable that downloads a cryptocurrency miner hosted in an Amazon S3 bucket.

An obscure Apple kernel extension patched in iOS 10.3.3 was originally built without security measures in place, according to the researcher who privately disclosed the flaws.

Attackers have taken to Facebook Messenger with a combination of social engineering and malicious JavaScript to spread adware.

An insecure Apple authorization API is used by numerous popular third-party application installers and can be abused by attackers ro run code as root.

Zerodium announced new $500,000 payouts for zero days in secure messaging apps such as Signal, WhatsApp and others.