Security News

Nemucod Infections Spreading Locky Over Facebook (Threatpost)
2016-11-21 16:48

Researchers have spotted an increase in Nemucod downloader infections moving via Facebook Messenger spam, with some victims being infected with Locky ransomware.

Drupal Fixes ‘Moderately Critical’ Vulnerabilities in Core Engine (Threatpost)
2016-11-18 18:56

Drupal fixed a handful of issues in version 7 and 8 of the content management system core engine that could have led to cache poisoning, social engineering attacks, and a denial of service condition.

Qualcomm and HackerOne Partner on Bounty Program (Threatpost)
2016-11-18 17:45

Qualcomm and HackerOne are partnering on a bug bounty program that pays out up to $15,000 for vulnerabilities found in chipsets used in smartphones made by Samsung, LG and HTC.

Threatpost News Wrap, November 18, 2016 (Threatpost)
2016-11-18 14:14

Mike Mimoso and Chris Brook discuss the news of the week, including this week's House hearing on the Internet of Things, Samy Kamkar's PoisonTap tool, and Windows 10's ransomware protections.

Google Removing SHA-1 Support in Chrome 56 (Threatpost)
2016-11-17 20:39

Google released its final SHA-1 deprecation deadlines, and crypto services provider Venafi said that 35 percent of the web is still running weak SHA-1 certificates.

iOS 10 Passcode Bypass Can Access Photos, Contacts (Threatpost)
2016-11-17 19:38

A vulnerability in iOS 8, 9, 10, and even the most recent beta version, 10.2 beta 3, could allow an attacker to access photos and contacts on a locked iPhone.

iPhone Call History Synced to iCloud Without User Consent, Knowledge (Threatpost)
2016-11-17 18:51

Security experts warn iPhone call history data may be synced to iCloud accounts without user knowledge, making personal phone records an easy target for a determined third-party.

Gang Up on the Problem, Not Each Other (Threatpost)
2016-11-17 15:18

The security community often thrives on controversy, but when it comes to vulnerability disclosures in life-saving medical devices, ego and attention-grabbing must be put aside.

IBM Opens Attack Simulation Test Center (Threatpost)
2016-11-16 23:04

IBM introduced on Wednesday a new Cyber Range attack simulator during the opening of its global security headquarters in Cambridge, Mass.

Mozilla Patches 29 Vulnerabilities, Prevents MIME Confusion Attacks, in Firefox 50 (Threatpost)
2016-11-16 21:42

Mozilla addressed 29 vulnerabilities, three critical, when it released the latest iteration of its flagship browser, Firefox 50 on Tuesday.