Tibetans along with journalists and human rights workers in Hong Kong and Taiwan have been targeted in campaigns using phishing emails laced with Microsoft RTF attachments that exploit four vulnerabilities.
Google determined that Safe Browsing warnings correlate with quicker remediation times, though not as quick as direct contact with webmasters who have registered with Google Search Console.
A Berkeley postdoctoral researcher and former MIT student will soon unveil Space, a static-analysis web-application security tool that can find vulnerabilities in a minute.
Cisco Talos said that 3.2 million servers are vulnerable to the JBoss flaw used as the initial point of compromise in the recent SamSam ransomware attacks.
Google put app developers on notice last week, urging them to comply with a new set of privacy policies designed to better promote transparency it plans on enforcing this summer.
Privacy advocates are cheering Microsoft’s lawsuit against the US government over data requests.
VMware fixed a critical vulnerability in one of its products this week that could’ve led to a man in a middle attack if exploited by an attacker.
A newly published research paper exposes weaknesses in short URLs used by cloud-based services such as OneDrive that put supposedly private data at risk.
Mike Mimoso and Chris Brook recap the news of the week, including the Badlock bust, encryption legislation, and cryptoworm ransomware. Mike also discusses last week’s Infiltrate Con.
In this Threatpost Op-Ed, Katie Moussouris explains the significance of the newly free availability of ISO Standard 29147 Vulnerability disclosure, and why it keeps an important dialogue open between hackers and industry.