Don't-Miss Security Stories

20151027 vmware sign

Pwn2Own contest puts $75,000 bounty on VMware Workstation bypass

The Pwn2Own hacking contest in March will award security researchers for exploiting Google Chrome, Microsoft Edge, Apple Safari, Flash Player and, for the first time, VMware Workstation.

hardware security embedded circuit board integrated controller

Hackers of two Ukrainian utilities probably hit mining and railroad targets, too

The attackers who crippled Ukrainian power operators in December probably committed attacks shortly before against a mining company and a railway operator, Trend Micro said Thursday.

20151005 cisco headquarters sign

Critical VPN key exchange flaw exposes Cisco security appliances to remote hacking

Cisco Systems patched a critical vulnerability that could allow remote attackers to take over Cisco Adaptive Security Appliance (ASA) firewalls configured as virtual private network servers by simply sending malformed network packets to them.

150817 google marshmallow 07

Android root malware widespread in third-party app stores

Four third-party app stores for Android have apps with a malicious component that seeks root access to the device, according to Trend Micro.

SAP headquarters in Walldorf, Germany.

SAP slaps patch on leaky factory software

SAP's February round of critical software updates includes one for SAP Manufacturing Integration and Intelligence (xMII) that may be of interest to hackers and spies.

microsoft headquarters

Microsoft fixes 36 flaws in IE, Edge, Office, Windows, .NET

Microsoft released its second batch of security updates for this year, addressing a total of 36 flaws in Internet Explorer, Edge, Office, Windows and .NET Framework.

Google self driving car

US regulator: Google's self-driving car AI could qualify as a driver

The U.S. federal transport safety regulator is coming around to the view that rules could be updated so that computers in autonomous cars can be considered as drivers, but added that the rule-making could take some time.

Internal Revenue Service IRS tax filing form 1040

Identity thieves obtain 100,000 electronic filing PINs from IRS system

The Internal Revenue Service was the target of an attack that used stolen social security numbers and other taxpayer data to obtain PINs that can be used to file tax returns electronically.

Poseidon hacker group behind long-running extortion scheme

Kaspersky Lab has linked a single group to a long-known campaign of cyberattacks that appears to be aimed at extorting corporate victims.

hardware security embedded circuit board integrated controller

Google will stop accepting new Flash ads on June 30

Google is taking another step away from Flash, Adobe Systems' multimedia program widely criticized for its frequent security vulnerabilities.

1password android

1Password for Android update adds fingerprint unlock, new Material Design aesthetic

The app now offers beta support for team accounts and improves the performance of syncing up your data over Wi-Fi.

security code big data cyberespionage

Java-based Trojan was used to attack over 400,000 systems

A Java-based Trojan known as Adwind and AlienSpy has been rebranded as JSocket and is being sold as a service to all types of attackers, from opportunistic cybercriminals to cyberespionage groups.

IronKey thumb drives

Kingston buys encrypted flash drive maker IronKey

Kingston has purchased Imation's IronKey subsidiary, a maker of encrypted USB drives.

trane comfortlink ii

Flaws found in thermostats underscore smart device security risks, Cisco says

Cisco warned on Monday of serious flaws it found in an Internet-connected thermostat control, which it said are typical among products of vendors who aren't well-versed in network security.

3648438218 2ecc0c3414 o

US government wants to sharply increase spending on cybersecurity

President Barack Obama is proposing a sharp increase in the fiscal 2017 budget on cybersecurity spending, which is aimed at improving dated government software and promoting better Internet security for consumers.