A flaw in the popular Telegram Messenger app that allows attackers to crash devices and run up wireless data charges is being disputed by the app maker who calls the claims false. According to two Iranian-based researchers, Sadegh Ahmadzadegan and Omid Ghaffarinia, Telegram users are vulnerable to attacks via specially crafted messages that can bypass...

Microsoft pushed out 16 bulletins on Tuesday addressing 44 different vulnerabilities in its software, including Windows, Exchange Server, Office, Edge, and Internet Explorer. Five of the bulletins have been branded critical because each vulnerability associated with them could be used to carry out remote code execution; the remaining 11 are marked important. According to experts, one...

Verizon fixed a critical flaw in its Verizon.net messaging system that permitted attackers to hack the email settings of other customers and forward email to any email account. The flaw, found by Randy Westergren, a senior software developer with XDA Developers, impacted any of Verizon’s estimated 7 million FiOS subscribers who depended on their Verizon.net...

Two separate APT groups believed to have ties to the Russian government have been fingered in attacks against the Democratic National Committee resulting in the theft of research done by the DNC on presumptive Republican nominee Donald Trump. Researchers at Crowdstrike, called in to investigate by the DNC, today published some of their findings, including...

Adobe today said it will patch Flash Player this week, addressing a vulnerability being exploited in “limited, targeted attacks.” The flaw, CVE-2016-4171, exists in versions of Flash prior to, and including, 21.0.0.242 on Windows, Macintosh, Linux and ChromeOS platforms. “Successful exploitation could cause a crash and potentially allow an attacker to take control of the...

We’ve already seen ransomware take on many forms this year, but researchers this week claim they’ve noticed a new strain unlike any they’ve seen prior–a type composed entirely of JavaScript. The ransomware, dubbed RAA by researchers, has been circulating through attachments masquerading as Word .doc files according to Lawrence Abrams, who wrote about the malware late...

Civil liberties groups are anxiously waiting to see if an anti-surveillance amendment will be added to a Department of Defense spending bill Tuesday. The so-called Massie-Lofgren amendment would reign in U.S. domestic mass surveillance by the NSA and protect U.S. encryption standards. The amendment, considered a significant post-Snowden reform, risks not being added to a...

Browser makers and other tech companies have gone to great pains to beef up weak crypto libraries, in particular those that are exposed to fallback attacks such as POODLE. Attackers exploiting these vulnerabilities are able to dial back the encryption protecting communication to SSLv2 and SSLv3, for example, forcing servers to fall back to these...

Certificate authority Let’s Encrypt blamed a bug for accidentally disclosing the email addresses of a couple thousand of its users this weekend.

Siemens has provided firmware updates addressing vulnerabilities in the SIMATIC WinCC flexible and the SIMATIC S7-300 CPU family.