A new type of POS malware, LogPOS, is using technology that evades detection by letting the malware inject code while it shuttles stolen credit card numbers to its C+C server.
For the nth time in the last couple of years, security experts are warning about a new Internet-scale vulnerability, this time in some popular SSL clients. The flaw allows an attacker to force clients to downgrade to weakened ciphers and break their supposedly encrypted communications through a man-in-the-middle attack. Researchers recently discovered that some SSL […]
Google has made a subtle, but important, shift in the requirements for Android handset makers, saying now that OEMs manufacturing phones that will run Lollipop do not have to enable disk encryption by default. This is a major change from the company’s stated position from just a few months ago, but it may not have […]
A GAO report takes the Federal Aviation Administration to the woodshed over its sub-par information security controls and policies.
Signal 2.0 is available from Open WhisperSystems, and brings encrypted messaging to the iPhone.
Some D-Link routers contain a vulnerability that leaves them open to remote attacks that can give an attacker root access, allow DNS hijacking and other attacks. The vulnerability affects affects a number of D-Link’s home routers and the key details of the flaw have been made public by one of the researchers who discovered it. […]
Attackers behind one of the more popular exploit kits, Angler, have added a tweaked version of an exploit from last fall, a use after free vulnerability in Microsoft's Internet Explorer browser.
Mozilla has issued a hot fix for Firefox that removes the Superfish root certificate from the browser’s trusted root store. The patch only removes the certificate if the Superfish software has been removed from the machine already, however. The Superfish adware performs SSL interception–essentially running man-in-the-middle attacks on connections to secure sites–in the name of […]
Remote code execution vulnerabilities in Seagate Business NAS firmware were disclosed after a 100-plus day deadline passed without a fix from the vendor.
Uber announced that attackers had compromised databases containing current and former driver partner names and license numbers.
A pharming attack has been detected targeting home routers distributed from Brazil's largest telco, a rare instance of a web-based attack changing DNS settings in order to redirect traffic.