Hospitals are risking patient lives by failing to protect critical computer systems that can be manipulated by attackers. In a scathing report that looks at the current state of hospital security, researchers say everything from bedside patient monitoring systems, automated drug dispensing machines to patient records are inadequately protected. The finding are from Baltimore, Md-based...

Researchers report Angler Exploit Kit attacks have become more brazen and are now targeting top websites with new tricks that can evade browser-based antimalware protection. Karl Sigler, a Trustwave SpiderLabs researcher, told Threatpost his lab found the Anger Exploit Kit on a popular website for the second time in a week, exposing just under million...

Mike Mimoso and Chris Brook discuss the news of the week including the ongoing FBiOS battle, a judge’s confirmation that the DoD funded research to uncloak Tor users, and news surrounding Operation Blockbuster. They also preview next week’s RSA Conference in San Francisco, Calif. Download: http://traffic.libsyn.com/digitalunderground/Threatpost_News_Wrap_February_26_2016.mp3 Music by Chris Gonsalves

Last month, when researcher Troy Hunt argued the dangers of insecure APIs at a security workshop, little did he know hours later he would discover an API vulnerability that allowed remote access to onboard computers of 200,000 Nissan Leaf and eNV200 electric automobiles. “After talking about the way applications can sometimes get APIs wrong, a...

This Threatpost op-ed is part of a series of guest contributions from computer security research and policy experts. Today, we feature Kaspersky Lab’s Kurt Baumgartner.  Boulder, Colorado’s Open Space and Mountain Parks winter photo gallery displays parts of the beautiful and productive 45,000-plus “open space” acres that buffer the city from sprawling development. At the same...

It took Apple nine words to make its point: “This is not a case about one isolated iPhone.” Apple on Thursday filed a motion to vacate a court order mandating it assist the FBI in unlocking an iPhone belonging to the San Bernardino shooter. Apple said the order violates its First Amendment rights—software code is...

Automaker Nissan deactivated a remote access feature that let owners of its Leaf electric car remotely adjust climate controls and check battery status via a smartphone app. The move comes after a security researcher posted his finding regarding a simple hack that allowed anyone with the right Leaf automobile VIN number to access the climate...

Apple, like most advanced tech companies, understands threats and how to close them off. But one salient point that’s emerged from its ongoing dispute with the FBI over unlocking the San Bernardino shooter’s phone is that Apple is a threat to itself. Therefore, expect any future iPhone security updates to take into account that Apple...

Developers at Drupal addressed 10 vulnerabilities in the content management system this week, including a critical access bypass issue that could have let users access certain elements thought to be blocked, and another issue that could lead to remote code execution. Through the critical access bypass vulnerability, the lone fix marked critical, a user could’ve submitted their own...

A U.S. district court judge has confirmed what has probably been the worst-kept secret in security, that Carnegie Mellon University’s Software Engineering Institute was indeed contracted by the Department of Defense to study how to break Tor anonymity. A motion to compel discovery filed by Brian Farrell, a defendant charged with conspiracy to distribute drugs...