Google on Wednesday pushed its third Chrome update since the beginning of March, patching a pair of high-severity vulnerabilities in the browser. Yesterday’s update brings Chrome to version 50.0.2662.75 and patched 20 vulnerabilities, according to the Google Chrome Releases blog. Eight of the bugs qualified for a reward under Google’s bug bounty program, the remaining...

Menacing ransomware called Jigsaw threatened to delete thousands of files an hour if victims didn’t pay 0.4 Bitcoins or $150. Worse, restarting your PC, according to the attackers, would also cost victims 1,000 deleted files. The icing on the cake was a menacing image of “Billy the Puppet” from the horror movie franchise Saw and...

The Qbot malware is back and hard at work again with infections reported on 54,517 machines, according to researchers at BAE Systems—with 85 percent of those impacted systems residing in the United States. Qbot’s latest incarnation has learned new tricks since its early days in 2009, and is riling security professionals with its ability to evade...

For the second time in two weeks, researchers have discovered a three-year-old broken patch for a vulnerability in IBM’s Java SDK implementation. The flaw allows for an attacker to execute code outside the Java sandbox, and still affects current versions of IBM SDK, 7 and 8, released in January. Details of the vulnerability and proof-of-concept...

CBS recently fixed a vulnerability in its popular Sports application that could have exposed users to man-in-the-middle attacks and inadvertently leaked personal data. According to researchers, upon registration, users’ names, email addresses, account passwords, dates of birth, and zip codes were all sent over an unencrypted connection, in cleartext, to the app’s servers. Both the Android...

Microsoft today released a lucky 13 bulletins for April, with six rated critical and the others important. In total, Microsoft patched 29 unique CVEs for this round, with the most anticipated patch tied to Badlock. Microsoft addressed a number of critical browser vulnerabilities found in Internet Explorer and Edge. In the case of IE, Microsoft...

Weeks of anxiety and concern over the Badlock vulnerability ended today with an anticlimactic thud. Badlock was the security boogeyman since the appearance three weeks ago of a website and logo branding the bug as something serious in Samba, an open source implementation of the server message block (SMB) protocol that provides file and print...

Old nemeses die hard, especially when you’re banking malware named ZeuS. According to Denmark-based Heimdal Security, the potent 9-year-old malware ZeuS has morphed into the up-and-coming Atmos malware – now targeting banks in France. Researchers are warning that the criminals behind Atmos have been putting the finishing touches on this latest malware threat – perfecting how,...

At the height of the Apple-FBI battle, researchers at Johns Hopkins University tunneled their way through the encryption protocol protecting iMessage to get at content sent via the Apple application Last week, a decidedly less complicated approach surfaced. Rather than having to learn crypto, inject malware or establish a man-in-the-middle position on the network, a...

Ransomware is evolving and soon will share the same deadly efficiencies as notorious worms of the past, such as Conficker and SQL Slammer. In fact, according to security researchers at Cisco Talos, today’s newest ransomware, SamSam, is a harbinger of a new wave of more malicious, tenacious and costly ransomware to come. “Ransomware authors are...