Security experts are warning owners of Mitsubishi Outlander Plug-In Hybrid Electric Vehicle that their cars can be hacked via the automobile’s on-board WiFi network used for remote control of key car features. The hybrid electronic vehicle, which is slated to be sold here in the U.S. starting this fall, suffers from weak password requirements that...

Intuitively, auto-correcting passwords would seem to be a terrible idea, and the worst security-for-convenience tradeoff in technology history. But a team of academics from Cornell University, MIT and a Dropbox security engineer say that the degradation of security from the introduction of such an authentication mechanism is negligible. The team—Rahul Chatterjee, Ari Juels and Thomas...

Google today pushed out its monthly Android patches, addressing what is becoming a monthly custom of a critical Mediaserver vulnerability, in addition to a half-dozen critical flaws in different Qualcomm drivers. The Android Security Bulletin includes patches for eight critical flaws, and while Mediaserver has been a mainstay since Google began releasing patches on a...

News of yet another years-old social media site hack surfaced over the weekend when it was learned that hackers infiltrated the European social network VK.com at some point over the last several years and made off with credentials for 100 million of its users. Breach notification site LeakedSource touted the breach on Sunday, claiming it was selling...

New Microsoft Silverlight and Adobe Flash exploits that bypass Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) have found their way into an updated version of the Angler Exploit Kit. EMET is a suite of freely available tools for Windows machines that mitigate memory-based attacks. The exploits, discovered by security firm FireEye, affect only Windows 7 machines–still used by...

Researchers who dig deep through the code of one of the latest strains of ransomware might be surprised and even a little irked at what they find. Hidden inside some of those strings of code are taunts aimed at them. According to Lawrence Abrams who runs BleepingComputer.com, the malware, BlackShades Crypter a/k/a SilentShades was spotted late last...

The network time protocol, at the center of a number of high-profile DDoS attacks in 2014, was updated on Thursday to ntp-4.2.8p8. The latest version includes patches for five vulnerabilities, including one rated high-severity. NTP, specifically the NTP daemon, synchronizes system clocks with time servers. Vulnerable NTP servers were used two years ago with regular...

CryptXXX ransomware has received a major overhaul by its authors, putting it on the fast track to unseat Locky as top moneymaker for criminals. Researchers at Proofpoint said that on May 26, cybercriminals released an updated CryptXXX 3.100 version of the ransomware that includes a new StillerX credential-stealing module that gives attackers additional capabilities to monetize an attack....

Mike Mimoso and Chris Brook discuss the news of the week, including the back and forth around whether or not TeamViewer was hacked, the fallout around the years-old MySpace and Tumblr breaches, and a 90K Windows zero day.

A WordPress plugin was patched Thursday night, close to a week after reports began to surface of public attacks against a zero-day vulnerability. WP Mobile Detector was pulled from the WordPress Plugin Directory once the attacks went public. It was restored last night and users are urged to update to version 3.7 immediately. The plugin...