Github is forcing a password reset on some of its users after it detected a number of successful intrusions into its repositories using credentials compromised in other breaches. “This appears to be the result of an attacker using lists of email addresses and passwords from other online services that have been compromised in the past,...

Adobe on Thursday patched a zero-day vulnerability in Flash Player that has been used in targeted attacks carried out by a new APT group operating primarily against high-profile victims in Russia and Asia. Researchers at Kaspersky Lab privately disclosed the flaw to Adobe after exploits against the zero-day were used in March by the ScarCruft APT gang...

The House voted Thursday to block passage of an amendment aimed to rein in U.S. domestic mass surveillance by the NSA and protect strong encryption standards citing Sunday’s Orlando tragedy as reason to fight surveillance reforms. The so-called Massie-Lofgren amendment was considered a key privacy provision by civil liberties groups who had worked for years to...

Privacy experts are arguing this week the FBI, which maintains a vast – and apparently even larger than expected – treasure trove of facial recognition photos, isn’t doing enough to safeguard the databases, many which contain images of innocent citizens. According to a report released by the Government Accountability Office on Wednesday the FBI has access to...

An underground market peddling hacked servers was a unique find, even for a seasoned researcher such Juan Andres Guerrero-Saade of Kaspersky Lab. But there it was, xDedic[.]biz selling access to tens of thousands of servers for pennies on the dollar. A Russian-speaking hacker group was meticulously managing this trading platform and selling for as little...

Cisco has alerted users of vulnerabilities in the web interface of its RV series of wireless VPN firewalls and routers that allow for remote code execution. The networking giant, however, isn’t planning on releasing firmware updates until the third quarter, Cisco said. Cisco says it is not aware of public attacks against these vulnerabilities, but...

Attackers have rekindled their love affair with Windows macros over the last few years, using the series of automated Office commands as an attack vector to spread malware. And while hackers will surely continue to use macros, at least until the technique becomes ineffective, new research suggests they may be shifting gears and beginning to use...

Among the more than three dozen vulnerabilities Microsoft patched on Tuesday was a fix for a bug that the researcher who found it said has “probably the widest impact in the history of Windows.” “There were also some wide impact vulnerabilities before, but maybe not like this extensive,” Chinese researcher Yang Yu, founder of Tencent’s...

Business-related inbox scams are reaching epidemic levels with the total cost to business reaching a whopping $3.1 billion. The dire warning comes from the FBI that says skyrocketing losses represent a 1,300 percent increase since January 2015. Identified by the FBI as business e-mail compromise (BEC) crimes, the scams attempt to trick email recipients into...

Criminals and advanced attackers for two years have had at their disposal an extensive trading platform selling access to hacked servers worldwide. For as little as $6 USD, attackers can purchase access to a compromised machine and launch attacks or get a one-time peek at all the data on a server. Researchers at Kaspersky Lab...