Researchers have been combing through code related to the Petya ransomware long enough they’ve been able to cobble together a decryption tool that should allow most victims to generate keys in less than 10 seconds. A Twitter user who goes by the handle @leostone came up with a genetic algorithm on Friday to generate passwords and subsequently...

A bill that would force companies to decrypt messages and unlock devices if ordered to do so by government court order, surfaced Friday and is rattling security and privacy advocates and IT business leaders. They contend the bill is misguided and will have a detrimental effect on civil liberties and business. The issue came to...

A number of publicly disclosed vulnerabilities in Moxa networking gear won’t be patched until August, if at all, according to an alert published on Friday by the Industrial Control System Cyber Emergency Response Team (ICS-CERT). Researcher Joakim Kennedy of Rapid7 disclosed in March some details affecting critical flaws in Moxa NPort 6110 Modbus/TCP to serial...

All custom domains hosted on WordPress.com will soon have their sites automatically encrypted for free. WordPress said late Friday afternoon that more than one million sites will have encryption automatically deployed. “We are closing the door to unencrypted web traffic at every opportunity,” wrote Barry Abrahamson, chief systems wrangler at Automattic, WordPress’ parent company. WordPress...

Juniper Networks hopes to remove any clouds of uncertainty that its networking gear might still have a backdoor that could allow the NSA or hackers to snoop on traffic running through its hardware. On Thursday, Juniper completed an update to the way its ScreenOS software handles encryption. Juniper said it has integrated the company’s widely...

Google beefed up the way it displays Safe Browsing Alerts for Network Administrators this week, adding information about sites peddling unwanted and malicious software as well as those caught carrying out social engineering attacks. Google debuted the service, which notifies network admins after observing potentially damaging URLs on their networks, in 2010. Going forward, administrators...

Exploits for a zero-day vulnerability in Adobe Flash Player are being aggressively distributed in two exploit kits. The zero day, meanwhile, was patched by Adobe in an emergency update released Thursday night. Attackers are using the previously unpatched flaw in the maligned Flash Player to infect victims with either Locky or Cerber ransomware. Locky is a relatively...

Researchers discovered a Mac OS X variant of the Windows-based Pirrit adware that creates a proxy server on infected Mac computers and injects ads into webpages. According to researchers at Boston-based Cybereason Labs, the adware, dubbed OSX.Pirrit, is mostly benign, serving up just ads, but has the potential to morph into something more sinister. “Today...

MIAMI—Lisa Wiswell’s phone rang off the hook last summer in the throes of the OPM hack. But she wasn’t just answering questions from those whose security clearance and personal data disappeared into the Chinese ether; there were also hackers on the other end of the line offering their help. Wiswell, digital service lead with the...

The FBI issued a rare bulletin admitting that a group named Advanced Persistent Threat 6 (APT6) hacked into US government computer systems as far back as 2011 and for years stole sensitive data. The FBI alert was issued in February and went largely unnoticed. Nearly a month later, security experts are now shining a bright...