Don't-Miss Security Stories

Digital Key

Socat vulnerability shows that crypto backdoors can be hard to spot

The Socat networking service used a non-prime number for its key exchange mechanism, potentially allowing attackers to eavesdrop on encrypted connections opened with the tool.

hardware security embedded circuit board integrated controller

Custom Web browser from Comodo poses severe security threat, researcher says

A customized version of Google's Chrome browser developed by security vendor Comodo has a jaw-dropping flaw, according to a researcher.

antivirus stock image

Malwarebytes still fixing flaws in antivirus software

Malwarebytes said it may take three to four weeks to fix flaws in its consumer product found by Google security researcher Tavis Ormandy.

new fitbits

Fitness trackers are leaking lots of your data, study finds

Some of the more popular wearables from Fitbit, Jawbone, and Garmin don't just let you track your fitness, they let other people track you too.

150817 google marshmallow 03

Google fixes critical Wi-Fi and media-processing flaws in Android

Google has patched thirteen new vulnerabilities in Android, two of which could allow attackers to take control of Android devices located on the same wireless network.

fireeye soc

FireEye acquires Invotas for faster incident response

FireEye said Monday it has acquired Invotas, a company that develops a platform that helps administrators respond faster to security incidents.

bald eagle

This bird could be a drone's worst enemy

When it comes to the problem of stopping errant drones, there's been a number of high-tech solutions. From radio jamming to laser beams to nets launched by other drones, but a group in The Netherlands is proposing a low-tech solution that's much more elegant.

malicious google play apps

Trojanized Android games hide malicious code inside images

Over 60 Android games hosted on Google Play had Trojan-like functionality that allowed them to download and execute malicious code hidden inside images.

150902 encrypt android

Harvard study refutes 'going dark' argument against encryption

A study from Harvard released Monday largely refutes claims that wider use of encryption in software products will hamper investigations into terrorism and crime.

The Chrome Web Store's main storefront

Google's Chrome Web Store lists malicious Chrome apps ahead of legit extensions

The Chrome Web Store is more interested in pushing Chrome apps than giving users the best search results.

20151005 Cisco headquarters sign

Cisco patches authentication, denial-of-service, NTP flaws in many products

Cisco Systems has released security patches for flaws affecting a wide range of products, including for a critical vulnerability in its RV220W wireless network security firewalls.

HSBC headquarters reception

Attack disrupts HSBC online banking services in the UK on tax deadline

A denial-of-service attack against HSBC in the U.K. left customers unable to access their accounts via the bank's online system.

lg g3 5

LG patches data theft bug affecting millions of Android phones

LG has patched a security flaw in an application preinstalled on millions of its Android G3 smartphones that researchers found could be used to steal a variety of data.

security code big data cyberespionage

OpenSSL patches a severe, but not widespread problem

The OpenSSL project has patched a problem in the cryptographic library but one that likely does not affect many popular applications.

Apple iPhone 5S (1)

Increasingly popular "hot patching" update tool for iOS apps puts users at risk

An increasing number of iOS application developers use a technique that allows them to remotely modify the code in their apps without going through the official app store's review process, an action that poses security risks for users.