More than a quarter million homes protected by SimpliSafe wireless security systems are vulnerable to hackers who can deactivate the alarm anytime, according to IOActive, a Seattle-based security consulting firm. IOActive published a proof of concept report on Wednesday that outlines how it disarmed SimpliSafe’s wireless home security systems. The hack, according IOActive researcher Andrew Zonenberg,...

After being knocked offline for nearly two weeks, officials at a California hospital that was hit with ransomware elected on Wednesday to pay attackers. The Hollywood Presbyterian Medical Center (HPMC) shut down computers on its network on Feb. 5, after attackers allegedly asked for 9,000 Bitcoin, or just over $3 million USD, to unlock medical...

Now that the Apple-FBI story has gone mainstream with rallies supporting CEO Tim Cook scheduled for Apple stores nationwide, presidential candidates weighing in, and a cute hashtag (#FBiOS) affixed, it appears that Apple can technically comply with the judge’s order if must. Security company Trail of Bits founder Dan Guido wrote a detailed explanation of...

Threatpost editor Mike Mimoso talks with Sergey Lozhkin, senior researcher at Kaspersky Lab’s Global Research and Analysis Team about medical device security and how he was able to access some devices at his local hospital via WiFi. [embedded content]

It’s been difficult to keep track of all the different strains of ransomware that have plagued users over the last year or two. Unlike many of them the latest to grab headlines is spreading through a decidedly old school vector: document-based macros. Named Locky, the ransomware appears to borrow a technique from the Dridex banking malware. Victims...

Xen Project dropped the ball on two important security patches when it released a maintenance update for its popular hypervisor software on Tuesday. On its company blog today, Xen acknowledged what it called an “oversight” and attempted to explain what went wrong. However, absent from its updated blog, is a date that Xen Project expects to...

Not since Stagefright have we had a vulnerability with the scale and reach of the glibc flaw disclosed on Tuesday. “It’s pretty bad; you don’t get bugs of this magnitude too often,” said Dan Kaminsky, researcher, cofounder and chief scientist at White Ops. “The code path is widely exposed and available, and it yields remote...

As sales of IoT devices continue to see year-over-year double digit growth, security experts are urging the wearable industry to put security front and center when it comes to designing fitness tracker hardware, firmware and backend systems. In a report released Wednesday by the IEEE Center for Secure Design, researchers spotlighted six security red flags...

There have been some strides made in the last year, but for the most part, security around the healthcare industry has remained the consummate laggard. In the eyes of many, including Scott Erven, a medical device security advocate who spoke at last week’s Security Analyst Summit, the healthcare sector is a good 10 to 15...

Apple CEO Tim Cook late Tuesday defiantly challenged a U.S federal magistrate judge’s order that it help the FBI break into an iPhone 5c belonging to one of the shooters involved in last December’s attack in San Bernardino, Calif. Cook released a letter last night expressing his opposition to the court order and called for...