A patch for a critical Linux kernel flaw, present in the code since 2012, is expected to be pushed out today. The vulnerability affects versions 3.8 and higher, said researchers at startup Perception Point who discovered the vulnerability. The flaw also extends to two-thirds of Android devices, the company added. “It’s pretty bad because a...

The Food and Drug Administration (FDA) issued a new set of draft guidelines on Friday in hopes that medical device manufacturers not only address cybersecurity risks before they design products, but also during the maintenance of those products. FDA outlines cybersecurity recommendations for medical device manufacturers. https://t.co/d58cWW3ecJ — U.S. FDA (@US_FDA) January 15, 2016 The...

LastPass has taken measures to mitigate a phishing attack described this weekend at ShmooCon that put at risk users’ credentials and information stored by the password manager. Researcher Sean Cassidy, chief technology officer of cloud security company Praesidio, demonstrated an attack where he was able to recreate a LastPass login page, pixel-for-pixel as he said....

Mike Mimoso and Chris Brook discuss the week in news, including a critical flaw patched by OpenSSH, the curious tale behind a Silverlight zero day, and how to turn a hacked webcam into a backdoor. Download: news_wrap_01-08-16.mp3 Music by Chris Gonsalves

Researchers have uncovered yet another issue–and potential backdoor–in Advantech’s beleaguered EKI-1322 serial device server. The Dropbear SSH daemon associated with the server, because of heavy modifications, fails to enforce authentication. This makes it so any user who wants to bypass authentication can do so with a public key and password. Dropbear is a more lightweight SSH...

Apple has had two cracks at patching a vulnerability that allows malicious apps to bypass its OS X Gatekeeper security feature, and twice has taken a shortcut approach to the fix, said the researcher who reported the flaw. The latest measure to address this was released on Thursday and it appears Apple again took steps to...

It seems little has changed over the last several years when it comes to how health and fitness apps go about securing user information. According to a survey carried out by the firm Arxan last fall, 86 percent of health apps it reviewed at had at least two critical vulnerabilities and 55 percent of users it talked...

OpenSSH today released a patch for a critical vulnerability that could be exploited by an attacker to force a client to leak private cryptographic keys. The attacker would have to control a malicious server in order to force the client to give up the key, OpenSSH and researchers at Qualys said in separate advisories. Qualys’ security...

Cisco patched a handful of issues across its software line this week, including two critical vulnerabilities that could lead to the complete compromise of any devices running the software, and a hardcoded password that exists in some access points made by the company. According to security advisories pushed out on Wednesday, the most serious bugs exist...

The Internet Systems Consortium (ISC) on Tuesday patched a denial-of-service vulnerability in numerous versions of DHCP. The flaw affects nearly all IPv4 DHCP clients and relays and most servers, ISC said in its advisory. “A badly formed packet with an invalid IPv4 UDP length field can cause a DHCP server, client, or relay program to terminate abnormally,”...