Apple is encouraging developers who create apps for iOS to begin moving their apps to an HTTPS-only model as soon as possible in an effort to thwart eavesdropping on insecure, plaintext HTTP connections. The move is yet one more sign that major Internet and technology companies are becoming ever more resistant to large-scale, passive surveillance[…]
Microsoft released two critical bulletins—eight overall—as part of the June 2015 Microsoft Patch Tuesday security updates. One of the critical bulletins patches 24 vulnerabilities in Internet Explorer.
Developers behind the banking Trojan Vawtrak have begun obscuring some of their servers with Tor2Web, a move that’s added another level of difficulty when it comes to uncovering their activity.
Adobe’s monthly patch release features just an update for Flash Player, addressing 13 security vulnerabilities that expose the software to remote attacks.
Following the lead of many major Web services, the White House on Monday announced that it would move all of the federal government’s public sites and services to HTTPS-only. Tony Scott, the federal CIO, has issued a memorandum to all federal agencies and departments instructing them to move all of their publicly accessible Web sites[…]
Toshiba has eliminated a hard-coded cryptographic key in its CHEC software, but is dealing with an information-disclosure bug in its 4690 operating system.
The Office of Personnel Management was warned as recently as November of numerous system vulnerabilities and governance weaknesses.
Bug bounties and rewards programs provide researchers with a measure of income, and if the proposed Wassenaar rules are implemented in the U.S., that initiatives could be adversely impacted.
In April, a security researcher disclosed a litany of severe vulnerabilities in the PCA3 drug-infusion pump manufactured by a company named Hospira. He went so far as to call the pump “the least secure IP enabled device I’ve ever touched in my life.” As it turns out, those same vulnerabilities exist in many of Hospira’s[…]
UPDATE–Wind turbines have been popping up across the United States in great numbers of late, and many of them are connected to the Internet. That, of course, means that these turbines are going to be natural targets for attackers and researchers. A security researcher named Maxim Rupp has discovered a cross-sire request forgery vulnerability in the operating[…]