Google pushed out the latest version of Chrome Thursday afternoon, fixing five issues, four of them critical. The update remedies an out-of-bounds read in Chrome’s open source JavaScript engine V8, two use-after-free vulnerabilities – one in Navigation and one in Extensions – and a buffer overflow in the libANGLE library. The V8 vulnerability fetched Wen...

System Integrity Protection (SIP) was implemented in OS X El Capitan and imposes limitations on what actions that Mac computers’ root accounts can take against protected paths of the operating system. Yesterday at the SysCan360 conference in Singapore, a researcher from SentinelOne disclosed details of a vulnerability that was patched by Apple this week only...

The U.S. government on Thursday indicted seven hackers affiliated with the Iranian government for attacks it called “a frightening new frontier in cybercrime.” Accusing the men of carrying out a series of distributed denial of service (DDoS) attacks against 46 financial companies, the Department of Justice announced the charges in a press conference Thursday morning in Washington,...

If it ain’t broke, don’t fix it. If there’s one thing the recent surge in threats using macros to spread malware has shown, it’s that the vector is clearly working for attackers. Developers at Microsoft hope a feature in the latest version of Microsoft Office will reduce the frequency of those attacks by giving administrators...

Oracle yesterday released an emergency patch for a Java vulnerability that was improperly patched in 2013. Researchers at Security Explorations in Poland two weeks ago disclosed that a Java patch for an issue the company reported in 2013, CVE-2013-5838, was still trivially exploitable, and it enabled attackers to remotely execute code and bypass the Java...

While the iMessage crypto bug got most of the attention among this week’s Apple patches, another vulnerability that was addressed represents a nasty trend of privilege escalation flaws that merit watching. Researchers at Cisco on Wednesday disclosed details on a flaw in an OS X graphics kernel driver that begs to be chained with any number of...

For a strain of ransomware that’s only been in the wild for a little more than a month, Locky has sure been able to make a name for itself. The malware gained notoriety last month when it confounded administrators at the Hollywood Presbyterian Medical Center in Los Angeles and apparently took another victim this week in...

Threatpost Editor in Chief Mike Mimoso talks to crypto pioneer and security expert Bruce Schneier of Resilient Systems about the early days of the RSA Conference, the integration of privacy and security, and the current FBI-Apple debate over encryption and surveillance. [embedded content]

A rooting application has been found in the wild targeting Nexus mobile devices using a local privilege escalation vulnerability patched two years ago in the Linux kernel that remains unpatched in Android. Researchers at Zimperium, the same company that discovered last summer’s Stagefright flaws affecting Android, privately disclosed to Google last Tuesday they found an...

Uber’s bug bounty program emerged from private beta mode yesterday, which it used as a feedback forum for participants in order to develop the public program. “This was pretty unique in its approach,” said HackerOne CTO Alex Rice. Uber’s program is built on the HackerOne platform, and Uber announced that the program’s biggest payouts for...