Don't-Miss Security Stories

SSL padlock icon

Phishing websites look more legit with SSL certs from major companies

The Web is full of deception, and it's sometimes still hard for people to figure out if the website they're viewing really is what it says it is.

Magento database tool Magmi has a zero-day vulnerability

An open-source tool for importing content into the Magento e-commerce platform, called Magmi, has a zero-day vulnerability, according to security vendor Trustwave.

img 1587

US, UK disrupt Dridex botnet, which targeted online banking

A cybercriminal network that caused at least $10 million in losses has been disrupted by U.S. and U.K. law enforcement, with the U.S. seeking a Moldovan man's extradition, the Department of Justice said Tuesday.

angry android

Cambridge University study finds 87 percent of Android devices vulnerable to attack

The new research uncovers how far behind the Android ecosystem is with tackling security, despite all those recent pledges about monthly patches.

Kwikset Kevo

Kwikset finally enables cloud control for its Kevo smart lock

The nifty accessory makes it possible for the Kevo to be controlled and monitored from the cloud.


150817 google marshmallow 04

To scare people better, Android ransomware gets a snazzy UI

Hackers are like any other coders: they want to built better software, even if it's a program that merely aims to extract a ransom from a hapless Android user.


Apple draws cloudy line on use of root certs in mobile apps

Apple's removal of several apps from its mobile store on Thursday shows the challenges iOS developers can face when app guidelines shift.

Comcast and Nest

Comcast Xfinity Home subscribers can now add Nest thermostats and other connected-home devices

Some installations can be DIY projects, but anything involving the alarm system must be installed by a Comcast technician.


USB key

LogMeIn buying password manager LastPass

LogMeIn hopes to bring even more consolidation to the single-sign-on market with the acquisition of password management service LastPass.

hardware security embedded circuit board integrated controller

U.S. will not seek legislation against encryption

The U.S. administration will not seek legislation at this point to counter the encryption of communications by many technology services and product vendors, but will work on a compromise with industry, a senior U.S. official said Thursday.

iphone 6s 6splus

Apple removes apps from App Store that could spy on your data traffic

Apple on Thursday removed several apps from its store that it said could pose a security risk by exposing a person's Web traffic to untrusted sources.

Huawei at Ceatec 2013

Many vulnerabilities in older Huawei 3G routers won't get patched

Huawei doesn't plan to patch more than a dozen models of 3G routers that have severe software vulnerabilities.

SSL padlock icon

Widely used SHA-1 algorithm could succumb to attack, researchers warn

The SHA-1 hashing algorithm, still used to sign almost one in three SSL certificates, can now be attacked for as little as $75,000, and should be urgently retired, researchers say

android broken

Android malware hammers phones with unwanted ads

Android users in more than 20 countries have been infected with a particularly aggressive malware program that bombards devices with unwanted advertisements.

samsung pay

Hackers who targeted Samsung Pay may be looking to track individuals

The security breach at Samsung subsidiary LoopPay was probably more about spying than about gathering consumer data for profit.