Popular certificate authority StartSSL (StartCom) has resolved a security vulnerability in its domain validation process that could be abused by attackers to issue certificates for domains they do not own.
read more
Uber Offers up to $10,000 in Bug Bounty Program
Uber announced on Tuesday the launch of a bug bounty program whose goal is to encourage security researchers to responsibly disclose vulnerabilities found in the ride-sharing company’s websites and applications.
read more
Malvertising Campaign Abuses Baidu Ad API
Researchers at FireEye discovered a malvertising campaign in which attackers delivered malware by abusing a legitimate ad API provided by Chinese web services company Baidu.
read more
Attackers Alter Water Treatment Systems in Utility Hack: Report
Hackers breached a water utility and manipulated systems responsible for water treatment and flow control, Verizon said in a report released this month.
read more
Surviving Contact with the Enemy
Strategy without the ability to execute is destined to fail, and execution without forethought will face the same fate.
Most individuals find it difficult to think in terms of direction and action, so what happens when you have to juggle the two priorities? How do security executives strike the right balance, while aligning to business priorities, operational capabilities and their threats?
read more
Apple Patches Serious Encryption Flaws in iMessage
Updates released by Apple on Monday for its iOS and Mac OS X operating systems address serious encryption flaws affecting the company’s iMessage messaging protocol, which is reportedly used to send as many as 200,000 messages every second.
read more
US Govt Says May Not Need Apple Help in iPhone Battle
The US government said Monday it may have found a way to access the iPhone of one of the San Bernardino attackers without Apple's help, possibly avoiding a showdown with the tech giant.
On Sunday, "an outside party demonstrated to the FBI a possible method for unlocking Farook's iPhone," Justice Department attorneys said in a court filing.
read more
FBI May Not Need Apple’s Help to Crack iPhone
The US government said Monday it may have found a way to crack the iPhone of one of the San Bernardino attackers without Apple's help, possibly avoiding a showdown with the tech giant.
In a court filing, federal prosecutors said that on Sunday, an unidentified "outside party" had demonstrated to the FBI a possible way to unlock Syed Farook's iPhone.
read more
Google Issues Emergency Patch For Critical Android Rooting Exploit
Google has released an emergency security patch to address a local elevation of privilege vulnerability in the Android kernel that affects certain devices.
read more
Researchers Find Flaw in Apple Encryption
Researchers discovered an encryption vulnerability affecting multiple Apple products, including the company’s instant messaging application iMessage.
A research team from Johns Hopkins University, led by cryptography expert Matthew Green, reported finding a flaw in Apple’s encryption that can be exploited to access encrypted photos and videos sent via iMessage.
read more
