An authentication bypass vulnerability in a Siemens device that’s used in energy automation systems could allow an attacker to gain control of the device. The vulnerability is in the Siemens SICAM MIC, a small telecontrol system that performs a number of functions and includes an integrated Web server and several other features. “The devices consist of[…]
A paper, expected to be presented at USENIX, describes new attacks against RC4 that make plaintext recovery times practical and within reach of hackers.
Officials worldwide culminated an 18 month effort this week to takedown Darkode, a cybercrime forum where hackers fraternized and shared malware, credit card information and more.
Microsoft ended security support for existing Microsoft Security Essentials customers running Windows XP, a little more than a year after support officially ended
A large group of security companies have formed a coalition to oppose the proposed rules from the Department of Commerce that would regulate the export of so-called intrusion software, a broad term that researchers and legal experts are concerned would limit security research and development. The rules proposed by the department’s Bureau of Industry and Security in[…]
Oracle has released its quarterly patch update, which includes fixes for nearly 200 vulnerabilities. The most notable bug fixed in this release is the Java zero day that’s been used in an ongoing attack campaign. The massive release from Oracle has patches for a long list of products, but the Java vulnerabilities are the heart[…]
Microsoft patched a Windows kernel zero day vulnerability uncovered among the data stolen from the controversial Hacking Team.
A new version of the nasty TeslaCrypt ransomware is making the rounds, and the creators have added several new features, including an improved encryption scheme and some details designed to mimic CryptoWall. TeslaCrypt is among the more recent variants of ransomware to emerge and the malware, which is a variant of CryptoLocker, is unique in[…]
A group of lawmakers are proposing that victims of last month’s expansive Office of Personnel Management hack receive lifetime fraud protection and credit monitoring.
In its latest transparency report, CloudFlare says that the number of subpoenas it has received has remained steady since last year, but the volume of court orders has more than doubled since the second half of last year. While much of the data from CloudFlare’s report for the first half of 2015 closely mirrors the[…]