pindrop-logo-2.svg
Search
Close this search box.
Search
Close this search box.

Critical Vulnerabilities Found in LastPass Extensions

For the second time in a few months, LastPass had to address serious security flaws in its password manager browser extensions, this time in both Google Chrome and Mozilla Firefox. The two new vulnerabilities, one involving a website connector bug and the other being a Firefox based message hijacking bug, were discovered by Tavis Ormandy, […]

Android Trojan Spreads Through Fake Cell Towers

Attackers in China are using rogue cell base stations to spread versions of an Android banking Trojan that steals user credentials and has the ability to bypass two-factor authentication. The malware, known as the Swearing Trojan for some impolite language found in the Chinese code, has been in circulation for several months and uses a […]

Half of Android Devices Didn’t Get Security Patches in 2016

Google has made several changes to the Android security ecosystem recently, including providing monthly updates and working with manufacturers to get those patches in the hands of users more quickly. But despite those efforts, about 50 percent of Android devices didn’t install a single security update in 2016. One of the issues with Android security […]

NSA: We Disclose 90% of the Flaws We Find

In the wake of the release of thousands of documents describing CIA hacking tools and techniques earlier this month, there has been a renewed discussion in the security and government communities about whether government agencies should disclose any vulnerabilities they discover. While raw numbers on vulnerability discovery are hard to come by, the NSA, which does […]

Site Hacks Continue to Spike, Google Says

The number of sites hacked last year increased by nearly one third compared to 2015, Google said in a new report, a trend that the company expects will continue in years to come. Google’s crawlers constantly check sites for a number of different properties, including the presence of certain types of content that indicate they’ve […]

Trump Administration Hopes to Have Cybersecurity Strategy Done Soon

A top Trump administration information security official said the White House hopes to have a national strategy for cybersecurity completed in the next two months, with a view toward having it implemented within two years. The new administration has circulated a draft of an executive order related to cybersecurity, but hasn’t said much more publicly […]

Critical Cisco Flaw Found Buried in Vault 7 Documents

Hundreds of models of Cisco switches are vulnerable to a remote-code execution bug in the company’s IOS software that can be exploited with a simple Telnet command. The vulnerability was uncovered by company researchers in the CIA hacking tool dump known as Vault 7. The bug is a critical one and an attacker who is […]

US-CERT Warns of Security Impact of SSL Interception

The Department of Homeland Security’s US-CERT group has issued an advisory warning enterprises that many security appliances that perform HTTPS inspection through a man-in-the-middle position don’t correctly verify certificate chains before forwarding traffic, weakening the security benefits of TLS in the process. The advisory comes after a recent paper by security researchers from Google, Mozilla, Cloudflare, […]

On the Wire Podcast: Chris Camacho

Threat intelligence and business risk intelligence have become key ingredients in enterprise security programs as companies try to make sense out of the ever-changing threat landscape. To help wade through all of the information and figure out what’s important, Dennis Fisher talks with Chris Camacho, chief strategy officer at Flashpoint, and a former VP of […]