| $2.5 Million-a-Year Ransomware-as-a-Service Ring Uncovered |
| ‘Prohibition Era’ Of Security Research May Be Ahead |
| ‘Software Liability Is Inevitable’ |
| ‘Surreptitious Sharing’ Android API Flaw Leaks Data, Private Keys |
| 1.7 Million Opera Browser Users Told To Reset Passwords |
| 5.6 Million Fingerprints Stolen In OPM Hack |
| A |
| A Month Without Adobe Flash Player Patches |
| Academics Make Theoretical Breakthrough in Random Number Generation |
| Academics Put Another Dent in Online Anonymity |
| Adding CIA to DNA |
| Adobe Back With New Flash Player Security Update |
| Adobe Fixes 81 Vulnerabilities in Acrobat, Reader, Flash |
| Adobe Flash Update Includes Patches for 17 Vulnerabilities |
| Adobe Hotfix Patches XXE Vulnerability in ColdFusion |
| Adobe Patches 23 Critical Vulnerabilities in Flash Player |
| Adobe Patches 31 Vulnerabilities, Flash Zero-Day Under Attack |
| Adobe Patches 69 Vulnerabilities in Reader, Acrobat, Flash |
| Adobe Patches Code Execution Flaws in Flash, Reader, Acrobat |
| Adobe Patches DOM-XSS Flaw in Analytics AppMeasurement for Flash Library |
| Adobe Patches Flash Zero Day Under Attack |
| Adobe Patches Nine Code Execution Flaws in Flash Player |
| Adobe Patches Two Shockwave Player Vulnerabilities |
| Adobe Patches XXE Vulnerability in LiveCycle Data Services |
| Adobe to Patch Reader and Acrobat Next Week |
| Adobe Warns of Flash Zero Day, Patches Acrobat, Reader |
| AdobeWorkgroupHelper 2.8.3.3 - Stack Based Buffer Overflow |
| Adult FriendFinder Vulnerability Leaves Millions Exposed |
| Advantech Clears Hard-Coded SSH Keys from EKI Switches |
| Advantech EKI Vulnerable to Bypass, Possible Backdoor |
| AlienSpy RAT Resurfaces as JSocket |
| Amazon Backtracks On Encryption Removal, Mum On Why |
| Amazon Certificate Manager Brings Free SSL Certs to AWS Users |
| Amazon Inspector Addresses Compliance and Security Challenge |
| Android Banking Trojan First to Gain Root Privileges |
| Android Fragmentation Sinks Patching Gains |
| Android Patch Fixes Nexus 5X Critical Vulnerability |
| Android Qualcomm Vulnerability Impacts 60 Percent of Devices |
| Android Ransomware Attacks Using Towelroot, Hacking Team Exploits |
| Android Stagefright Exploit Code Released to Public |
| Android Trojan Switcher Infects Routers via DNS Hijacking |
| Appeals Court Vacates Lower Court’s Decision on National Security Letters |
| Apple Addresses Dozens of Vulnerabilities, Embraces Two-Factor Authentication in iOS 9 |
| Apple Delays App Transport Security Deadline |
| Apple Deprecates QuickTime For Windows, Won’t Patch New Flaws |
| Apple Fixes 12 Vulnerabilities in iOS 10.2 |
| Apple Fixes 97 Vulnerabilities Across macOS, iTunes, Safari, iCloud |
| Apple Gatekeeper Bypass Opens Door for Malicious Code |
| Apple Goes All-In on Privacy |
| Apple Must Forever Threat Model Against Itself |
| Apple Patches 100+ Vulnerabilities in OS X, Safari, iOS |
| Apple Patches Critical OS X DYLD Flaw in Monster Update |
| Apple Patches iOS Flaw Exploitable by Malicious JPEG |
| Apple Patches iTunes, iCloud for Windows, Xcode Server |
| Apple Patches Trident Vulnerabilities in OS X, Safari |
| Apple Releases Patches for iOS, OS X and Safari |
| Apple Squashes 68 Security Bugs With Sierra Release |
| Apple To Block WoSign Intermediate Certificates |
| Apple to Remove 256 iOS Apps Using Private APIs, Collecting Personal Data |
| Apple Updates Xcode’s Git Implementation |
| Apple watchOS2 Includes Host of Code-Execution Patches |
| Apple Zero Day Remains Unpatched |
| Apple: Court Order Turns Back Clock on iPhone Security |
| APT Group Gets Selective About Data it Steals |
| AT&T Facilitated NSA Surveillance Efforts, Reports |
| Attack Leverages Windows Safe Mode |
| Attacker Compromised Mozilla Bug System, Stole Private Vulnerability Data |
| Attackers Behind GozNym Trojan Set Sights on Europe |
| Attackers Can Use SAP to Bridge Corporate, Operational ICS Networks |
| Attackers Embracing Steganography to Hide Communication |
| Attackers Hiding Stolen Credit Card Numbers in Images |
| Attackers Replacing Firmware on Cisco Routers |
| Attackers Targeting Critical SAP Flaw Since 2013 |
| Attacks On MongoDB Rise As Hijackings Continue |
| AutoIt Used in Targeted Attacks to Move RATs |
| B |
| Backdoor In A Backdoor Identified in 600,000 Arris Modems |
| Backdoored D-Link Router Should be Trashed, Researcher Says |
| Banking Malware Moving Over Facebook Hosted in Cloud |
| Bartalex Variants Spotted Dropping Pony, Dyre Malware |
| BASHLITE Family Of Malware Infects 1 Million IoT Devices |
| Belkin’s WeMo Gear Can Hack Android Phones |
| Beta Firmware Updates Available for Vulnerable Netgear Routers |
| Bitcoin Extortionist Copycats on the Rise, Experts Say |
| BlackBerry CEO Defends Lawful Access Principles, Supports Phone Hack |
| BlackNurse Low-Volume DoS Attack Targets Firewalls |
| BLEKey Device Breaks RFID Physical Access Controls |
| Bluetooth Hack Leaves Many Smart Locks, IoT Devices Vulnerable |
| Bot Fraud to Cost Advertisers $7 Billion in 2016 |
| BREACH Attacks Revived to Steal Private Messages from Gmail, Facebook |
| Breach Forces Password Change on Oracle MICROS PoS Customers |
| Broken IBM Java Patch Prompts Another Disclosure |
| Browser Address Bar Spoofing Vulnerability Disclosed |
| Bucbi Ransomware Gets a Big Makeover |
| Buffer Overflow in BSD libc Library Patched |
| Bug Hunters Prefer Communication Ovear Compensation |
| Bug Hunting Cyber Bots Set to Square Off at DEF CON |
| Bugs in Signal Messaging App Corrupt Attachments, Crash App |
| Bypass Developed for Microsoft Memory Protection, Control Flow Guard |
| Bypassing ASLR in 60 Milliseconds |
| C |
| Canceled Talk Re-Ignites Controversy Over Legitimate Security Research |
| Car Hacking Gets the Attention of Detroit and Washington |
| Census Bureau Says Breach Didn’t Compromise Sensitive Data |
| Cerber Ransomware On The Rise, Fueled By Dridex Botnets |
| CERT Warns of Hard-Coded Credentials in DSL SOHO Routers |
| CERT Warns of Slew of Bugs in Belkin N600 Routers |
| Cisco ‘High Severity’ Flaw Lets Malware Bypass FirePower Firewall |
| Cisco Fixes DoS Vulnerability in ASR 1000 Routers |
| Cisco Jabber Client Vulnerable to Man-in-the-Middle Attack |
| Cisco Patches Critical Bug In Video Conferencing Server Hardware |
| Cisco Patches Critical Bugs in 900 Series Routers, Prime Home Server |
| Cisco Patches Critical Vulnerability in Facility Events Response System |
| Cisco Patches Critical WebEx Meetings Server Vulnerability |
| Cisco Patches File Overwrite Bug in IMC Supervisor and UCS Director |
| Cisco Warns of Command Injection Flaw in Cloud Platform |
| Cisco Warns of Critical Flaw in CloudCenter Orchestrator Systems |
| Cisco Warns of Critical Flaw in Email Security Appliances |
| Cisco Warns of Critical Flaws in Nexus Switches |
| Cisco Warns of IOS Flaw Vulnerable to ShadowBrokers Attack |
| Citovat Wassenaar, HP vytáhne z Mobile Pwn2Own |
| Class Action Suit Against Neiman Marcus Over Data Breach Revived |
| Claudio Guarnieri on Security Without Borders |
| Clever Facebook Hack Reveals Private Email Address of Any User |
| Clever Gmail Hack Let Attackers Take Over Accounts |
| Click-Malware Podvod Šíření přes JavaScript Přílohy |
| Cloudflare Shares National Security Letter It Received in 2013 |
| Commodity ‘Exaspy’ Spyware Found Targeting High-Level Execs |
| Comodo Issues Eight Forbidden Certificates |
| Congressional Group Says Encryption Backdoors Are a Bad Idea |
| Congressional Leaders Demand Answers on Yahoo Breach |
| Core Infrastructure Initiative Launches Open Source Security Badge Program |
| CoreBot Malware Steals Credentials-For Now |
| Corruption, Code Execution Vulnerabilities Patched in Open Source Archiver 7-Zip |
| Costin Raiu on the Importance of Using YARA |
| Credentials Accessible in Siemens-Branded CCTV Cameras |
| Criminals Peddling Affordable AlphaLocker Ransomware |
| Critical Flaws Found in Network Management Systems |
| Critical Java Bug Extends to Oracle, IBM Middleware |
| Critical MySQL Vulnerability Disclosed |
| Critical Vulnerability Patched in Roundcube Webmail |
| Cry Ransomware Uses UDP, Imgur, Google Maps |
| CSRF Flaw Patched in Popular Spring Social Core Library |
| Curbing the For-Profit Cybercrime Food Chain |
| Custom Google App Engine Tweak Still Leads to Java Sandbox Escapes |
| D |
| DailyMotion Hack Leaks Emails, Passwords of 87M Users |
| Darkhotel APT Latest to Use Hacking Team Zero Day |
| DARPA Protecting Software From Reverse Engineering Through Obfuscation |
| Data Theft Hole Identified in LG G3 Smartphones |
| Data-Stealing Mac OS X Backdoor Uncovered |
| Decryption Tool Stifles Jigsaw Ransomware |
| Defining Threat Intelligence Requirements |
| Denial-of-Service Flaw Patched in DHCP |
| Dennis Fisher On Security, Journalism, and the Origins of Threatpost |
| Details Surface on Patched Bugzilla Privilege Escalation Flaw |
| Details Surface on Patched Sandbox Violation Vulnerability in iOS |
| DHS Announces Intent to Draft IoT Security Framework |
| DHS Raises Privacy Concerns With Senate Cyber Threat Sharing Bill |
| DHS Urges Vigilance in Protecting Networking Gear |
| Diary of a Ransomware Victim |
| Dirty Cow Vulnerability Patched in Android Security Bulletin |
| Disappearing Messages Added to Signal App |
| D-Link Accidentally Leaks Private Code-Signing Keys |
| DMCA Exemptions Lift Hacking Restrictions |
| DNSChanger Exploit Kit Hijacks Routers, Not Browsers |
| DoD Publishes Vulnerability Disclosure Policy |
| Dow Jones & Company Latest Financial Firm Hit With Data Breach |
| Dridex Banking Malware Back in Circulation |
| Dridex Borrows Tricks From Dyre, Targets U.K. Users |
| Dropbox Forces Password Reset for Older Users |
| Drupal Fixes ‘Moderately Critical’ Vulnerabilities in Core Engine |
| Drupal Patches Three Vulnerabilities in Core Engine |
| DualToy Windows Trojan Attacks Android, iOS Devices |
| Dutch Police Arrest Alleged CoinVault Ransomware Authors |
| Dyn Confirms DDoS Attack Affecting Twitter, Github, Many Others |
| Dyn DDoS Could Have Topped 1 Tbps |
| Dyn DDoS Work of Script Kiddies, Not Politically Motivated Hackers |
| Dyreza Trojan Targeting IT Supply Chain Credentials |
| E |
| eBay Fixes XSS Flaw in Subdomain |
| eBay Vulnerability Exposes Users to Phishing, Data Theft |
| EFF Blasts DEA in Ongoing Secret ‘Super Search Engine’ Lawsuit |
| EFF Blasts Microsoft Over ‘Malicious’ Windows 10 Rollout Tactics |
| EFF, AdBlock and Others Launch New Do Not Track Standard |
| Election Leaks Failed to Move Needle on Polls |
| Embedded Devices Share, Reuse Private SSH Keys, HTTPs Certificates |
| Emergency IE Patch Fixes Vulnerability Under Attack |
| Empty DDoS Threats Still Net Attackers $100,000 |
| Encryption, Lock Mechanism Vulnerabilities Plague AppLock |
| Endress+Hauser Patches Buffer Overflow In Dozens of ICS Products |
| Experian Breach Spills Data on 15 Million T-Mobile Customers |
| Experts Warn of Novel PDF-Based Phishing Scam |
| Experts Weigh-In Over FBI $1.3 Million iPhone Zero-Day Payout |
| Exploit Code Released for NTP Vulnerability |
| Exploit Writing and Mitigation Going Hand in Hand |
| F |
| Facebook Awards $100,000 for New Class of Vulnerabilities and Detection Tool |
| Facebook Bug Bounty Program Pays Out $5 Million in Five Years |
| Facebook Debuts Open Source Detection Tool for Windows |
| Facebook Fixes Vulnerability That Led to Account Takeover, Pays Researcher $16K |
| Facebook Releases Free Certificate Transparency Monitoring Tool |
| Facebook Updates Information-Sharing Platform |
| Fake Microsoft Installer Leads to Malware, Support Call Scam |
| FBI Encouraging Ransomware Victims To Report Infections |
| FBI Reaffirms Stance Not to Pay Ransomware Attackers |
| FBI Warned State Election Board Systems of Hacks |
| FBI Warns of Increase in DDoS Extortion Scams |
| FBI Warns Public Officials of Doxing Threat |
| FBI: Social Engineering, Hacks Lead to Millions Lost to Wire Fraud |
| FBI-DHS Report Links Fancy Bear Gang to Election Hacks |
| FDA, DHS Investigating St. Jude Device Vulnerabilities |
| Feasible ‘Going Dark’ Crypto Solution Nowhere to be Found |
| Federal CISOs Propose New Efforts to Shore Up Cybersecurity |
| Federálové Change Policy vyžadovat rozkaz k použití Stingrays |
| Fewer IPsec VPN Connections at Risk from Weak Diffie-Hellman |
| Fileless PowerWare Ransomware Found on Healthcare Network |
| Find Your Keys, Lose Your Privacy |
| Firefox 46 Patches Critical Memory Vulnerabilities |
| First Let’s Encrypt Free Certificate Goes Live |
| Five Vulnerabilities Fixed In Chrome Browser, Google Pays $20K to Bug Hunters |
| Five-Year-Old Android Flaw Exposes SMS, Call History |
| Fixing ‘This Internet’ Before It Breaks Again |
| Flash Exploit Found in Seven Exploit Kits |
| Following Extortion Attempt, Gaming Network ESEA Breached, 1.5M Profiles Leaked |
| Following Lull, New Campaigns Pushing Retooled ‘Pumpkin’ Locky |
| Four Zero Days Disclosed in Internet Explorer Mobile |
| Free SSL Providers Spark Unprecedented Growth in Encrypted Traffic |
| Free Tool Protects Mac Users from Webcam Surveillance |
| FreePBX 13 / 14 - Remote Code Execution |
| FTC Issues Public Challenge to Improve IoT Patching |
| FTC Panel Encourages Basic Security Hygiene to Counter Ransomware |
| FTC, Experts Push Startups to Think About Security From the Beginning |
| FTC: D-Link Failed to Secure Routers, IP Cameras |
| G |
| Gary McGraw on BSIMM7 and Secure Software Development |
| Gary McGraw on Scalable Software Security and Medical Device Securityf |
| Generic Ransomware Detection Comes to OS X |
| German Government Audits TrueCrypt |
| German Industrial Giant Victim of Cyber Espionage |
| Germany Orders Facebook to Stop Collecting Data on WhatsApp Users |
| Github Mitigates DDoS Attack |
| GitLab Patches Command Execution Vulnerability |
| Giving Red-Teamers the Blues |
| Gone in Less Than a Second |
| Google Alerts, Direct Webmaster Communication Get Bugs Fixed Quickly |
| Google Details Plans to Disable SSLv3 and RC4 |
| Google Discloses Contents of Eight National Security Letters |
| Google Expands Default HTTPS to Blogspot |
| Google Fixes 12 High-Severity Flaws In Chrome Browser |
| Google Handles Record Number of Government Requests for Data |
| Google Helps Lead Effort Against Automated Traffic From Data Centers |
| Google Moving Gmail to Strict DMARC Implementation |
| Google Patches 29 Critical Android Vulnerabilities Including Holes in Mediaserver, Qualcomm |
| Google Patches 9 Security Flaws in New Chrome Browser Build |
| Google Patches Android Custom Boot Mode Vulnerability |
| Google Patches Critical Vulnerabilities in Chrome 45 |
| Google Patches Dozens of Critical Qualcomm Components Flaws |
| Google Patches Latest Android Lockscreen Bypass |
| Google Patches Quadrooter Vulnerabilities in Android |
| Google Plans Monthly Security Updates for Nexus Phones |
| Google Plugs 21 Security Holes in Chrome |
| Google Project Zero Prize Pays $200,000 for Critical Vulnerability Chains |
| Google Project Zero Turns Over 11 Bugs in Galaxy S6 Edge |
| Google Pushes Stagefright 2.0 Patches to Nexus Devices |
| Google Releases Supplemental Patch for Dirty Cow Vulnerability |
| Google Removing SHA-1 Support in Chrome 56 |
| Google Set to Kill SSLv3 and RC4 in SMTP, Gmail in June |
| Google Shares Android Nougat, Safe Browsing Security Enhancements |
| Google to Distrust WoSign, StartCom Certs in 2017 |
| Google to Make Certificate Transparency Mandatory By 2017 |
| Google to Pause Flash Ads in Chrome Starting Next Week |
| Google to Warn Recipients of Unencrypted Gmail Messages |
| Google Unveils Cryptographic Library Test Suite Wycheproof |
| Gooligan Malware Breaches 1 Million Google Accounts |
| Government Asks for Security Community’s Help on Technical Issues |
| Government Releases Policy on Vulnerability Discovery and Disclosure |
| GPG Patches 18-Year-Old Libgcrypt RNG Bug |
| Granick: Dream of Internet Freedom ‘Dying’ |
| H |
| Hack Crashes Linux Distros with 48 Characters of Code |
| Hackers Gamify DDoS Attacks With Collaborative Platform |
| Hack-Fueled ‘Unprecedented’ Insider Trading Ring Nets $100M |
| Half of Chrome Pageloads are HTTPS |
| Hancitor Downloader Shifts Attack Strategy |
| Hello Kitty Database of 3.3 Million Breached Credentials Surfaces |
| High-Risk SAP HANA Vulnerabilities Patched |
| Holes Patched in Online Bookmarking App Pocket |
| Hotel Chain Hilton Worldwide Investigating Potential POS Breach |
| How Bugs Lead to a Better Android |
| HTTPS Available as Opt-In for Blogspot |
| Huge Flash Update Patches More Than 30 Vulnerabilities |
| Charlie Miller to Leave Twitter Security Team |
| China APT Gang Targets Hong Kong Media via Dropbox |
| Chinese Manufacturer Recalls IOT Gear Following Dyn DDoS |
| Chinese Mobile Ad Library Backdoored to Spy on iOS Devices |
| Chrome 53 Fixes Address Spoofing Vulnerability, 32 Other Bugs |
| Chrome Defaults to HTML5 over Adobe Flash Starting in Q4 |
| I |
| IBM Opens Attack Simulation Test Center |
| IBM’s Watson Supercomputer Takes On Security |
| iCloud Phishing Campaign Zycode Back From the Dead |
| Identity Thieves Used Leaked PII to Steal ADP Payroll Info |
| In-Flight Entertainment System Flaws Put Passenger Data at Risk |
| Info on 500K Users Doxxed in Hacking Forum Dump |
| InPage Zero Day Used in Attacks Against Banks |
| Insecure NAS Device Exposes 350 Ameriprise Investment Accounts |
| Inside the Latest Apple iMessage Bug |
| Inside the RIG Exploit Kit |
| Inside the Unpatched OS X Vulnerabilities |
| Installation of Tor Relay in Library Attracts DHS Attention |
| Internet Root Name Servers Survive Unusual DDoS Attack |
| iOS 10 Passcode Bypass Can Access Photos, Contacts |
| iOS 10 Security Updates Move to HTTPS |
| iOS 9.3.4 Patches Critical Code Execution Flaw |
| IoT Botnet Uses HTTP Traffic to DDoS Targets |
| IRS Hack May Implicate Three Times As Many Taxpayers Than Expected |
| IRS Warns Tax-Related Phishing, Malware Surging |
| ISC Patches Critical Error Condition in BIND |
| iSpy Keylogger Targets Passwords, Skype, Webcams |
| J |
| Java Serialization Bug Crops Up At PayPal |
| JavaScript DDoS Attack Peaks at 275,000 Requests-Per-Second |
| Jessy Irwin on Password Security, Opsec and User Education |
| Joomla Sites Join WordPress As TeslaCrypt Ransomware Target |
| Joomla Update Fixes Two Critical Issues, 2FA Error |
| Joomla Update Patches Critical SQL Injection Vulnerability |
| Joshua Drake on Android Security Post-Stagefright |
| Juan Andres Guerrero-Saade and Brian Bartholomew on APT False Flags and Attribution |
| Juniper Acknowledges Equation Group Targeted ScreenOS |
| Juniper Backdoor Picture Getting Clearer |
| Juniper Hotfixes Shut Down IPv6 DDoS Vulnerability |
| Just Like Old Days: IOT Security Pits Regulators Against Market |
| K |
| Keen Lab Takes Down iPhone 6S, Nexus 6P at Mobile Pwn2Own |
| Kemoge Android Adware Campaign Can Lead to Device Takeover |
| Keystroke Recognition Uses Wi-Fi Signals To Snoop |
| L |
| Lack of Encryption Leads to Large Scale Cookie Exposure |
| Latest EMET Bypass Targets WoW64 Windows Subsystem |
| Latest Chrome Update Addresses Two High-Severity Vulnerabilities |
| Latest Petya Ransomware Strain Comes with a Failsafe: Mischa |
| Latest TeslaCrypt Targets New File Extensions, Invests Heavily in Evasion |
| Latest Windows UAC Bypass Permits Code Execution |
| Law Enforcement Targets Users of DDoS-For-Hire Services |
| Lawmakers Asking What ISPs Can Do About DDoS Attacks |
| Lawmakers Reintroduce Popular Email Privacy Act |
| Lenovo Patches Vulnerabilities in System Update Service |
| Let’s Encrypt Hits Another Free HTTPS Milestone |
| Let’s Encrypt Initiative Enters Public Beta |
| Linux Foundation Badge Program to Boost Open Source Security |
| Linux x86_64 Bindshell with Password (92 bytes) |
| Locky Ransomware Causes ‘Internal State of Emergency’ at Kentucky Hospital |
| Locky Ransomware Learns New Evasive Tricks |
| Locky Variant Changes C2 Communication, Found in Nuclear EK |
| M |
| Mac Adware OSX.Pirrit Unleashes Ad Overload, For Now |
| Magento Update Addresses XSS, CSRF Vulnerabilities |
| Maldoc VBA Anti-Analysis |
| Malvertising Campaign Pushing Neutrino Exploit Kit Shut Down |
| Malware Evades Detection with Novel Technique |
| Mamba Ransomware Encrypts Hard Drives Rather Than Files |
| Manipulating WSUS to Own Enterprises |
| Marcher Trojan Morphs, Now Targets Porn Sites |
| Marie Moe on Medical Device Security |
| Meet The Cryptoworm, The Future of Ransomware |
| Microsoft Considers Earlier SHA-1 Deprecation Deadline |
| Microsoft Cracks Down on Toolbars, Unsigned DLLs with Edge Update |
| Microsoft Cutting Off SHA-1 Support in February for Edge, IE 11 |
| Microsoft Edge Adds App Guard Browser Security |
| Microsoft Issues Record Low Number of Patch Tuesday Bulletins |
| Microsoft Mistakenly Leaks Secure Boot Key |
| Microsoft Opens .NET Core, ASP.NET Bug Bounties |
| Microsoft Patches 47 Vulnerabilities with September Patch Tuesday |
| Microsoft Patches Critical Vulnerabilities in New Edge Browser |
| Microsoft Patches Five Zero Days Under Attack |
| Microsoft Patches Graphics Component Flaw Under Attack |
| Microsoft Patches Publicly Disclosed IE, Edge Vulnerabilities |
| Microsoft Quietly Kills Controversial Wi-Fi Sense Feature |
| Microsoft Revokes Trust for Certificates Leaked by D-Link |
| Microsoft Shuts Down Zero Day Used in AdGholas Malvertising Campaigns |
| Microsoft Silently Fixes Kernel Bug That Led to Chrome Sandbox Bypass |
| Microsoft Tears off the Band-Aid with EMET |
| Microsoft Unveils Cloud-Based Fuzz-Testing Service |
| Microsoft Zero Day Exposes 100 Companies to PoS Attack |
| Microsoft, Google to Block Flash by Default in Edge, Chrome |
| Microsoft, Law Enforcement Collaborate in Dorkbot Takedown |
| Mirai Bots More Than Double Since Source Code Release |
| Mirai Giving DDoS-as-a-Service Industry a Boost |
| Mirai Vulnerability Disclosed, But Exploits May Constitute Hacking Back |
| MIT Launches Experimental Bug Bounty Program |
| Mitigations Available for PanelShock Vulnerabilities in Schneider Electric Magelis HMIs |
| Mobile App Collusion Can Bypass Native Android Security |
| Mobile Applications Leak Device, Location Data |
| Model Assesses Readiness to Accept Outside Vulnerability Reports |
| MongoDB Attacks Jump From Hundreds to 28,000 In Just Days |
| Moonpig Warns Customers of ‘Security Issue’ |
| Motion Filed Asking FBI To Disclose Tor Browser Zero Day |
| Mozilla Embraces Private Browsing with Tracking Protection in Firefox 42 |
| Mozilla Patches 29 Vulnerabilities, Prevents MIME Confusion Attacks, in Firefox 50 |
| Mozilla Patches Bug Used in Active Attacks |
| Mozilla Patches Certificate Pinning Vulnerability in Firefox |
| Mozilla Patching Firefox Certificate Pinning Vulnerability |
| Mozilla Reduces Threat of Export-Grade Crypto to Firefox |
| Mozilla Turning TLS 1.3 On By Default With Firefox 52 |
| Multiple Vulnerabilities Identified in ‘Utterly Broken’ BHU Routers |
| Musical Chairs Campaign Found Deploying New Gh0st RAT Variant |
| N |
| Nagios Core Patches Root, RCE Vulnerabilities |
| Naikon APT Group Tied to China’s PLA Unit 78020 |
| Nemucod Infections Spreading Locky Over Facebook |
| Netflix Phishing Campaign Targeted User Information, Credit Card Data |
| Netflix Sleepy Puppy Awakens XSS Vulnerabilities in Secondary Applications |
| Netgear Management System Vulnerable to RCE, Path Traversal Attacks |
| Netgear Published Patched Firmware for Routers Under Attack |
| Netgear Routers Remain Exposed to Critical Flaw |
| NetWire RAT Back, Stealing Payment Card Data |
| Never Trust a Found USB Drive, Black Hat Demo Shows Why |
| Neverquest Trojan Gets Big Summer Update |
| New Android Ransomware Communicates over XMPP |
| New Brazilian Banking Trojan Uses Windows PowerShell Utility |
| New Call to Regulate IoT Security By Design |
| New Campaign Shows Dridex Active, Targeting French |
| New Cerber Variant Leverages Tor2Web Proxies, Google Redirects |
| New Debian Releases Fix PHP, VirtualBox Bugs |
| New Decryptor Unlocks CryptXXX Ransomware |
| New Decryptor Unlocks CryptXXX v3 Files |
| New Gmail Alerts Warn of Unauthenticated Senders |
| New Google Tools Help Devs Improve Content Security Policy Protection |
| New Large-Scale DDoS Attacks Follow Schedule |
| New Mirai Variant Targets Routers, Knocks 900,000 Offline |
| New MIT Scanner Finds Web App Flaws in a Minute |
| New Moker RAT Bypasses Detection |
| New Security Flaw Found in Lenovo Solution Center Software |
| New Silverlight Attacks Appear in Angler Exploit Kit |
| New Technique Checks Mitigation Bypasses Earlier |
| New Tinba Variant Seen Targeting Russian, Japanese Banks |
| New Versions of Carbanak Banking Malware Seen Hitting Targets in U.S. and Europe |
| New Wave of Hailstorm Spam Pelts Inboxes |
| New Windows Patch Policy At Odds With Acceptable Risk |
| Nissan Car Hack Allowed Remote Access |
| NIST Calls for Submissions to Secure Data Against Quantum Computing |
| November 2016 Microsoft Patch Day |
| Nový Chrome rozšíření pomáhá v boji klávesnice Biometrické profilování |
| NSF Awards $6M Grants for Internet of Things Security |
| Nuclear Exploit Kit Spreading Cryptowall 4.0 Ransomware |
| NY Health Provider Excellus Discloses Data Breach Dating to 2013 |
| Nymaim Dropper Updates Delivery, Obfuscation Methods |
| NYU Students Apply Blockchain Solution to Electronic Voting Security |
| O |
| Obihai Patches Memory Corruption, DoS, CSRF Vulnerabilities in IP Phones |
| Office 365 Vulnerability Identified Bogus Microsoft.com Email as Valid |
| OIG Report Finds Vulnerabilities in Medicaid Services Agency |
| Old Exploits Die Hard, Says Microsoft Report |
| Old Linux Kernel Code Execution Bug Patched |
| OneLogin SecureNotes Breach Exposed Data in Cleartext |
| OpenSSL Patches Bring Last Update for 0.9.8 and 1.0.0 Branches |
| OpenSSL Patches High-Severity Denial-of-Service Bug |
| OpenVPN to Undergo Cryptographic Audit |
| Operation Ghoul Targeting Middle Eastern Industrial, Engineering Organizations |
| Oracle CSO: You ‘Must Not Reverse Engineer Our Code’ |
| Oracle EBusiness Suite ‘Massive’ Attack Surface Assessed |
| Oracle Fixes 253 Vulnerabilities in Last CPU of 2016 |
| Oracle Releases Record Number of Security Patches |
| Oracle to Kill Java Browser Plugin |
| Outdated, Unpatched Software Rampant in Businesses |
| Outlook Web Access Two-Factor Authentication Bypass Exists |
| OwnStar Attack Now Aimed at BMW, Chrysler, Mercedes Cars |
| P |
| Pacemaker Hacking Fears Rise With Critical Research Report |
| Packet Capture Options |
| PageFair Hack Serves Up Fake Flash Update to 500 Sites |
| Pair of Bugs Open Honeywell Home Controllers Up to Easy Hacks |
| Pair of Drupal Modules Patch Access Bypass Flaws |
| Patched Android ‘Serialization’ Vulnerability Affects 55 Percent of Devices |
| Patched ColdFusion Flaw Exposes Applications to Attack |
| Patched Ins0mnia Vulnerability Keeps Malicious iOS Apps Hidden |
| Patched Libpng Vulnerabilities Have Limited Scope |
| Patrick Wardle on OS X Malware With a Possible Hacking Team Connection |
| PayPal Fixes OAuth Token Leaking Vulnerability |
| Pentagon Subcontractor Inadvertently Leaks 11 Gigs of Sensitive Data |
| Phony Google Update Spreads Data-Stealing Android Malware |
| Phony Pokémon GO Android App Gave Attackers Root Access |
| PHP File Manager Riddled With Vulnerabilities, Including Backdoor |
| PHPMailer, SwiftMailer Updates Resolve Critical Remote Code Execution Vulnerabilities |
| PLC-Blaster Worm Targets Industrial Control Systems |
| Police Allege SWIFT Technicians Left Bangladesh Bank Vulnerable |
| Popular Android App Leaks Microsoft Exchange User Credentials |
| PoS Attacks Net Crooks 20 Million Stolen Bank Cards |
| Privacy Activists Cheer Passage of Email Privacy Act, Brace for Senate Battle |
| Privacy Badger 1.0 Released With Support For EFF Do Not Track Policy |
| Privacy Groups File FTC Complaint over WhatsApp Data Sharing with Facebook |
| Privacy Watchdogs Vow to Fight ‘Dystopian’ Rule 41 |
| ProtonMail Back Online Following Six-Day DDoS Attack |
| pseudoDarkleech Rig EK |
| PwnedList Shutdown Unrelated to Recent Vulnerability |
| Q |
| Qbot Malware Morphs Quickly to Evade Detection |
| Quadrooter Flaw in Qualcomm Chips Puts 900M Android Devices At Risk |
| Qualcomm and HackerOne Partner on Bounty Program |
| Questions Mount Around Yahoo Breach |
| R |
| Range of Mousejack Attack More Than Doubles |
| Ransomware Gives Free Decryption Keys to Victims Who Infect Others |
| Remote Code Execution Bug Found in Ubuntu Quantal |
| Remote Code Execution Vulnerabilities Plague LibTIFF Library |
| Report a Grim Reminder of State of Critical Infrastructure Security |
| Researcher Proves Viability of NAND Mirroring to Bypass iPhone Passcode Restrictions |
| Researchers Break MarsJoke Ransomware Encryption |
| Researchers Bypass Chip-and-Pin Protections at Black Hat |
| Researchers Discover Two New Strains of POS Malware |
| Researchers Disrupt Angler Exploit Kit Ecosystem, Derail $30M Ransomware Campaign |
| Researchers Find ‘Severe’ Password Security Hole with iOS 10 Backups |
| Researchers Question Security in AMD’s Upcoming Zen Chips |
| Researchers Uncover ‘Terracotta’ Chinese VPN Service Used by APT Crews for Cover |
| Researchers Uncover New Italian RAT uWarrior |
| Researchers: MedSec, Muddy Waters Set Bad Precedent With St. Jude Medical Short |
| RIG Picks Up Where Neutrino Left Off, Pushes CrypMIC Ransomware |
| RIPPER ATM Malware Uses Malicious EVM Chip |
| Risk of Election Day Cyberattacks Low According To Experts |
| Risky Schneider Electric SCADA Vulnerabilities Remain Unpatched |
| Rockwell Patches Serious ‘FrostyURL’ PLC Vulnerability |
| Rogue iOS App Gets Boot After Slipping into App Store |
| Root Servers Were Not Targets of 2015 DDoS Attack |
| Rowhammer Vulnerability Comes to Android |
| Rule 41 Opponents Vow to Fight Government’s New Hacking Powers |
| S |
| Salesforce Patches XSS on a Subdomain |
| Samsung Smart Home Camera SNH-P-6410 - Command Injection |
| Santiago Pontiroli and Roberto Martinez on ATM Jackpotting |
| SAP Patches 12 SQL Injection, XSS Vulnerabilities in HANA |
| Scan of IPv4 Space for ‘Implanted’ Cisco Routers Finds Fewer Than 100 |
| Scanner Finds Malicious Android Apps at Scale |
| Scope of Gaping Android Security Hole Grows |
| Scottrade Breach Affects 4.6 Million Customers |
| Scourge of Android Overlay Malware on Rise |
| Second Try at Windows LSASS Patch Addresses Vulnerability |
| Security of iMessage System Comes to the Fore Again |
| Sen. Warren Worried About Banks’ New Encrypted Messaging Platform |
| Series of Buffer Overflows Plague Many Yokogawa ICS Products |
| Serious Dirty Cow Linux Vulnerability Under Attack |
| Several Critical Flaws Patched in Drupal Module |
| ShadowBrokers Bid Farewell, Close Door |
| ShadowBrokers Dump Came from Internal Code Repository, Insider |
| ShadowBrokers Dumps Lists of Equation Group Hacked Servers |
| ShadowBrokers Selling Windows Exploits, Attack Tools |
| ShadowBrokers’ Leak Has ‘Strong Connection’ to Equation Group |
| Short URLs a Big Problem for Cloud Collaboration, Stored Data |
| Schneider Patches Plaintext Credentials Bug in Building Automation System |
| Siemens Discloses Local Privilege Escalation Bug in SCADA Gear |
| Siemens Patches Insufficient Entropy Vulnerability in ICS Systems |
| Signal Adds iPhone Access to Desktop App |
| Signal Audit Reveals Protocol Cryptographically Sound |
| Skyping and Typing the Latest Threat to Privacy |
| Snowden Makes Case for a Presidential Pardon |
| Snowden Slammed in House Committee Report |
| Sofacy APT Targeting OS X Machines with Komplex Trojan |
| Solar Power Firm Patches Meters Vulnerable to Command Injection Attacks |
| Source Code Released for Mirai DDoS Malware |
| South Korean Child Monitoring App Beset by Vulnerabilities, Privacy Issues |
| Spam Campaign Continuing to Serve Up Malicious .js Files |
| Spammers Revive Hancitor Downloader Campaigns |
| Spyware Targeting Overseas Travelers Removed from Google Play |
| SQL Injection Attack is Tied to Election Commission Breach |
| St. Jude Alleges False Claims, Stock Manipulation in Suit Against Med Sec, Muddy Waters |
| St. Jude Faces New Claim Heart Implants are Hackable |
| St. Jude Medical Patches Vulnerable Cardiac Devices |
| Stagefright Patch Incomplete Leaving Android Devices Still Exposed |
| Starwood Hotel Chain Hit By Point of Sale Malware |
| Stealthy GlassRAT Spies on Commercial Targets |
| Steam Patches Broken Crypto in Wake of Replay, Padding Oracle Attacks |
| StrongPity APT Covets Secrets of Crypto Users |
| Sundown Exploit Kit ‘Larger Threat Than People Realize’ |
| Suspicious Windows 7 Update Actually an Accidental Microsoft ‘Test’ Update |
| SWIFT Confirms Banks Still Being Targeted, Announces Mitigation Tool |
| SWIFT Warns Banks Of More Cyberattacks |
| SWIFT Warns of Second Bank Attack via PDF Malware |
| T |
| Tales of WordPress Plugin Insecurity Overblown, Researchers Say |
| Target Says SEC Won’t Pursue Enforcement Action as a Result of Data Breach |
| TCP Flaw in Linux Extends to 80 Percent of Android Devices |
| Tesco Bank Stops Online Transactions After Money Missing from 20K Accounts |
| The Ethics and Morality Behind APT Reports |
| Thunderstrike 2 OS X Firmware Attack Self-Replicates to Peripherals |
| TLS Implementations Vulnerable to RSA Key Leaks |
| Tor Joins Movement Against Expanding Hacking Powers |
| Tor Update Fixes ReachableAddresses Problem |
| Tor: FBI Paid CMU $1 Million to De-Anonymize Users |
| TrickBot Banking Trojan Adds New Browser Manipulation Tools |
| TrickBot Banking Trojan Could Be Dyre Rewrite |
| Tumblr Accounts Must Reset Passwords |
| Turla APT Group Abusing Satellite Internet Links |
| Twitter Turns Off Fire Hose For Intelligence Community |
| U |
| U.S. Intelligence Report Due Next Week on Election Hack |
| Uber Portal Leaked Names, Phone Numbers, Email Addresses, Unique Identifiers |
| Ubiquiti Networks Gear Targeted By Worm |
| Ubuntu Patches Kernel Vulnerabilities |
| Unmasking xDedic’s Black Market for Servers and PCs |
| Unpatched Vulnerability on Wix.com Puts Millions of Sites at Risk |
| Unsecured DNSSEC Easily Weaponized, Researchers Warn |
| Unskilled Pro-ISIS Hackers A Growing Threat |
| Unsupported Honeywell Experion PKS Vulnerable to Public Attacks |
| Unusual Re-Do of US Wassenaar Rules Applauded |
| Updated Cryptowall Encrypts File Names, Mocks Victims |
| Updated DGA Changer Malware Generates Fake Domain Stream |
| Updated Rig Exploit Kit Closing in on 1 Million Victims |
| Updated XcodeGhost Adds iOS9 Support |
| Uptick in Neutrino Exploit Kit Traffic Doesn’t Mean Angler Reign Over |
| US Reps Requesting Further Intel Around Yahoo Surveillance Story |
| Using BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks |
| V |
| Valve Patches Password Reset Vulnerability in Steam |
| Vawtrak Banking Trojan Adds DGA, SSL Pinning |
| VBA and P-code |
| vBulletin Patches Serious Flaw in Forum Software |
| Vendetta Brothers Cyber Crooks Adopt Real World Tactics |
| Vera Bradley Retail Chain Breached |
| VeraCrypt Audit Under Way; Email Mystery Cleared Up |
| VeraCrypt Patched Against Two Critical TrueCrypt Flaws |
| VeraCrypt Patches Critical Vulnerabilities Uncovered in Audit |
| Vermont Grid ‘Hack’ Latest Tumble Down Attribution Rabbit Hole |
| Viber Heats Up Crypto Debate: Adds Encryption to 711 Million Users |
| Victims of June OPM Hack Still Haven’t Been Notified |
| Viking Horde Malware Co-Ops Android Devices for Ad Fraud |
| VirusTotal Adds Sandbox Execution for OS X Apps |
| Vitaly Kamluk on the Adwind RAT |
| VMware Patches Critical Session-Handling Vulnerability |
| VMware Patches Flaws in Identity and Cloud Products |
| VMware Patches Pesky XXE Bug in Flex BlazeDS |
| Vulnerabilities Identified in Dolphin, Mercury Android Browsers |
| Vulnerability Identified in Genomic Data Sharing Network |
| Výzkumníci Manipulovat pušky Precision Cílení System |
| W |
| Wassenaar Renegotiation Will Be in Trump Administration’s Hands |
| Web Hosting Service 000webhost Hacked, Information of 13 Million Leaked |
| Web.com Loses 93,000 Credit Card Numbers in Breach |
| Web-Based Keylogger Used to Steal Credit Card Data from Popular Sites |
| Westin, Marriott, Sheraton Hotels Hit By Payment Card Malware |
| WhatsApp Blasted by EU Data Protection Group Over Facebook Sharing |
| When DVRs Attack: A Post IoT Attack Analysis |
| White House Hires First Federal CISO |
| White House Says No Thanks to Snowden Pardon Petition |
| White House Support for CISA Worries Privacy Advocates |
| Windows 10 Attack Surface Grows with Linux Support in Anniversary Update |
| Windows 10 Upgrade Spam Carries CTB-Locker Ransomware |
| Windows Atom Tables Can Be Abused for Code Injection Attacks |
| Windows PDF Library Flaw Puts Edge Users at Risk for RCE |
| WordPress 4.7.1 Fixes CSRF, XSS, PHPMailer Vulnerabilities |
| WordPress Patches Critical XSS Vulnerability in All Builds |
| WordPress Patches Serious Shortcodes Core Engine Vulnerability |
| WordPress Plugins Leave Black Friday Shoppers Vulnerable |
| WPAD Flaws Leak HTTPS URLs |
| Writing Advanced OS X Malware an ‘Elegant’ Solution to Improving Detection |
| X |
| XcodeGhost iOS Malware Contained |
| Xen Patches VM Escape Flaw |
| Y |
| Yahoo Asks DNI to De-Classify Email Scanning Order |
| Yahoo Hires Bob Lord as its CISO |
| Yahoo Investigates 200 Million Alleged Accounts For Sale On Dark Web |
| Yahoo Mail XSS Bug Worth Another $10K to Researcher |
| Yahoo Tells SEC It Knew About Data Breach in 2014 |
| Yahoo to Warn Users of State-Sponsored Attacks |
| Yahoo touts Úspěch Bug Bounty Programu |
| Yelp Launches Public Bug Bounty |
| YiSpecter iOS Malware Abuses Apple Enterprise Certs to Push Adware |
| Z |
| Zcash Spurs Rash of Malicious Mining Software |
| Zero Day in Android’s Google Admin App Can Bypass Sandbox |
| Zerodium Triples its iOS 10 Bounty to $1.5 Million |
| ZeuS Banking Trojan Resurfaces As Atmos Variant |