Don't-Miss Security Stories

Padlock

US agency to seek consensus on divisive, volatile topic of security vulnerability disclosures

The U.S. National Telecommunications and Information Administration will host a series of discussions about the best way to disclose cybersecurity vulnerabilities.

A new version of the sophisticated Duqu malware is used for spying

Researchers find many more modules of Regin spying tool

Security researchers from Symantec have identified 49 more modules of the sophisticated Regin cyberespionage platform that many believe is used by the U.S. National Security Agency and its close allies.

no flash

Chrome will start freezing non-vital Flash elements on web pages soon

Google will stop some Flash content from automatically playing starting Sept. 1, a move it decided on earlier this year to improve browser performance.

Security in cloud computing

BitTorrent patches flaw that could amplify distributed denial-of-service attacks

BitTorrent fixed a vulnerability that would have allowed attackers to hijack BitTorrent applications used by hundreds of millions of users in order to amplify distributed denial-of-service (DDoS) attacks.

Researchers find holes in routers supplied by ISPs

Some routers vulnerable to remote hacking due to hard-coded admin credentials

Several DSL routers from different manufacturers contain a guessable hard-coded password that allows accessing the devices with a hidden administrator account.

Tor security concerns prompt largest dark market to suspend operations

Administrators of Agora, the largest online black marketplace operating on the Tor anonymity network, decided to temporarily suspend the website because of possible attacks based on recent methods of exposing Tor Hidden Services.

AT&T Wi-Fi hotspot reportedly stuffs extra ads into Web pages

Stanford computer scientist Jonathan Mayer was recently Web browsing at a U.S. airport when he reportedly noticed there were too many online advertisements.

Padlock

US agency tells electric utilities to shore up authentication

A new U.S. National Institute of Standards and Technology guide for electric utilities offers ways they can shore up their cybersecurity efforts.

150817 google marshmallow 03

Certifi-gate flaw in Android remote support tool exploited by screen recording app

An application hosted in Google Play until yesterday took advantage for months of a flaw in the TeamViewer remote support tool for Android in order to enable screen recording on older devices.

Vinton Cerf Heidelberg Laureate Forum

'Sometimes I'm terrified' of the Internet of Things, says father of the Internet

Vint Cerf is known as a "father of the Internet," and like any good parent, he worries about his offspring -- most recently, the IoT.

Ashley Madison hack

Ashley Madison hauled to court in class action suits over data breach

Legal pressure on Ashley Madison and its parent company is picking up with more class-action lawsuits filed this week against the extramarital hookup site in the U.S., alleging negligence by the site in protecting confidential user data.

Startup takes heat over online tool that checks Ashley Madison data

A startup accused of crude marketing centered around the Ashley Madison data breach said Monday it is changing its tactics amid criticism.

Security

Court: FTC can bring down the hammer on companies with sloppy cybersecurity

A U.S. appeals court has turned down hotel operator Wyndham Worldwide's challenge of the Federal Trade Commission's authority to enforce cybersecurity practices.