Comcast’s Xfinity Home Security System is vulnerable to attacks that interfere with its ability to detect and alert to home intrusions. Researchers at Rapid7 today disclosed the issue after fruitless attempts to contact and report the problem to Comcast dating back to Nov. 2; Rapid7 did disclose the vulnerability to CERT, which is expected to...

An attacker in a man-in-the-middle position could abuse a STARTTLS downgrade vulnerability in the Cisco Jabber client-server negotiation in order to intercept communication. Cisco warned its customers yesterday, but has yet to patch the vulnerability, which affects the Cisco Jabber clients for Windows, iPhone, iPad and Android. Researchers Renaud Dubourguais and Sébastien Dudek of Synacktiv...

Since last summer’s Stagefright vulnerabilities toppled the Android world for a few weeks, researchers inside and out of Google have been taking a close look at not only the maligned media playback engine, but also at Mediaserver where it lives. Today’s release of the monthly Android Nexus Security Bulletin includes patches for another critical vulnerability...

The Tor Project announced last week that it will launch a bug bounty program later this year to encourage security researchers to responsibly report issues they find in the software. Tor Browser and Tor Performance Developer Mike Perry announced the news during the “State of the Onion” address last week at the Chaos Communication Congress conference...

Crimeware services are nothing new. Criminals for years have advertised on the underground not only malware, but management services and support for banking Trojans, exploit kits and more. Researchers this week turned up a new ransomware-as-a-service operation that pushes the first ransomware coded entirely in JavaScript. Ransom32 is available for download on a Tor hidden...