In This Section


Category: Device Security

January 5, 2017
Google Patches Dozens of Critical Android Flaws
The new version of Android Nougat released this week by Google fixes more than 70 vulnerabilities, including three remote code execution bugs and 29 critical flaws. As it has done for the last few months, Google released two separate patch levels in its January update, the Jan. 1 and Jan. 5 levels. The latter is the…
Read More →
January 4, 2017
FTC Offers $25K for IoT Security Ideas
The FTC has decided that IoT security is in such bad shape that the best alternative is to to offer the public a $25,000 reward for help fixing it. The commission is sponsoring a new contest that asks people to submit innovative ideas for improving the update process for IoT devices, which is virtually non-existent for…
Read More →
January 4, 2017
California Law Makes Ransomware Use Illegal
It was nice to see the calendar turn over to 2017, for a lot of reasons, not the least of which is that on Jan. 1 a new law went into effect in California that outlaws the use of ransomware. The idea of needing a new law to make a form of hacking illegal may seem…
Read More →
December 30, 2016
The Weird and Wild Stories of 2016
There are any number of adjectives one could employ to describe 2016, most of which can’t be printed here. One of the gentler descriptors we can use is “interesting”. This year was nothing if not interesting. There were data breaches of epic proportions, companies getting owned in new and creative ways, and all kinds of really unusual…
Read More →
December 29, 2016
FDA Sets Guidance on Medical Device Security
The Food and Drug Administration has published new recommendations for both manufacturers and regulators on how to deal with security for medical devices, including implantable devices. Calling device security a shared responsibility, the FDA guidance focuses on the postmarket cybersecurity issues, such as vulnerability response and remediation. The new document is not a set of regulations, but…
Read More →
December 28, 2016
2016: Maybe Everything Wasn’t Completely Terrible
Let’s face it: 2016 has been pretty rough year. Things didn’t go all that well for humans in the last 12 months, and computers didn’t make out much better. Lots of things broke, and it seemed like whatever didn’t break was compromised, stolen, or lost. But not everything was terrible. There were some encouraging developments…
Read More →
December 21, 2016
House Working Group Says Don’t Weaken Encryption
In a year-end report, a key congressional working group on encryption said that any governmental initiative to backdoor encryption systems is against the interests of the country and that there is no clear solution to the battle over encryption right now. The Encryption Working Group, comprised of members of the House Judiciary Committee and House Energy…
Read More →
December 16, 2016
70 Percent of Enterprise Ransomware Victims Paid Up, Data Shows
Ransomware gangs have been targeting businesses in the last few months, seeking bigger paydays than what they can extract from consumers. The plan has been highly successful, according to new data, which shows that 70 percent of businesses infected with ransomware have paid the ransom to get their data back. Researchers at IBM Security’s X-Force…
Read More →
December 14, 2016
Beta Firmware Update Available for Vulnerable Netgear Routers
With exploit code publicly available and details of the vulnerability widely known, Netgear has released a beta version of new firmware to fix a bug in several of its routers that attackers can use to execute arbitrary code on the devices. The Netgear router vulnerability affects several of the company’s home router models, including the R6250, R6400,…
Read More →
December 12, 2016
iOS 10.2 Security Update Fixes 12 Flaws
Apple has released iOS 10.2, fixing 12 security vulnerabilities in the mobile operating system, including two bugs that could lead to arbitrary code execution. The more serious of the code-execution flaws is related to the way that iOS handles certificates. The bug could allow an attacker to use a malicious certificate to gain code execution on a…
Read More →
Introducing Pindrop® Express – Authenticate without compromise.