Dennis Fisher and Mike Mimoso discuss the news of the week, including the Android app-replacement vulnerability, the Windows privilege escalation bug and the Yahoo transparency report and the company’s crypto efforts.
Until yesterday, a popular networking library for iOS and OS X, used by several apps like Pinterest and Simple was susceptible to SSL man-in-the-middle (MiTM) attacks.
Collaboration providers Slack disclosed that a database storing its user profile information has been breached. The break-in has been stopped, and Slack announced that it has implemented two-factor authentication going forward.
FBI Director James Comey pleads with Congress to create a law that would allow law enforcement access to encrypted mobile communications on Android and Apple devices.
A large-scale DDoS attack, apparently emanating from China, has been hammering the servers at GitHub over the course of the last 12 hours, periodically causing service outages at the code-sharing and collaboration site.
There are a series of vulnerabilities related to credentials and authentication in two of Schneider Electric’s HMI products, and an attacker who exploits them may be able to run arbitrary code.
A critical vulnerability in a popular hotel and convention center Internet gateway from AntLabs called InnGate has been patched. The flaw allows attackers read and write access to the devices from the Internet.
Students from M.I.T. have devised a new way to scour raw code for integer overflows.
Yahoo received nearly 5,000 requests for user data from the United States government in the last six months of 2014 and disclosed some content in nearly 25 percent of those cases.
Cisco released its semiannual set of patches for its Cisco IOS router and switch operating system. The patches address 16 vulnerabilities.