Apple fixed dozens of vulnerabilities in its software on Monday, including 60 vulnerabilities in its operating system, OS X, and 43 in its mobile operating system, iOS. The OS X update graduates the desktop and server operating system to OS X El Capitan v10.11.6 and applies to anyone running OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, or OS X...

An old scripting vulnerability that impacts a large number of Linux distributions and programing languages allows for man-in-the-middle attacks that could compromise web servers. The vulnerability, which affects many PHP and CGI web-apps, was revealed Monday in tandem with the release of a bevy patches from impacted companies and platforms. Researchers at SaaS distributor VendHQ...

New research is challenging what security researchers know about Furtim, a new malware strain that has been compared to Stuxnet because of its believed targeting of industrial controls in energy companies. According to security experts at Damballa, Furtim and the recently discovered SFG malware are one in the same – only varying by a few lines of code...

Linux users who frequent the Ubuntu forums may want to change their passwords following news that an attacker was able to breach the service and its two million users. Jane Silber, Chief Executive Officer at Canonical,the company that maintains the service, acknowledged on Friday that a known SQL injection vulnerability in Forumrunner, an add-on in the Ubuntu...

Juniper Networks patched a crypto bug tied to its public key infrastructure that could have allowed hackers to access the company’s routers, switches and security devices and eavesdrop on sensitive communications. The flaw was tied to Juniper products and platforms running Junos, the Juniper Network Operating System. The bug (CVE-2016-1280) was reported and patched by...

Attackers behind the Neutrino Exploit Kit didn’t take long to co-op a recently patched Internet Explorer zero-day into its arsenal. Researchers claim the kit has been pushing CVE-2016-0189, a vulnerability that was reportedly used in targeted attacks on South Korean organizations earlier this year. Microsoft fixed the vulnerability, which affects Internet Explorer’s scripting engines, in May....

An Internet scan of the IPv4 address space uncovered more than 100 critical facilities exposed to the public Internet, including hydropower plants in Germany and Italy, and a smart building in Israel hosting luxury apartments. The investigation, conducted by researchers at Internet Wache of Berlin, started in the fall of 2015 as a search for...

Mike Mimoso and Chris Brook discuss the news of the week, including privacy and Pokemon GO, a new MIT anonymity system, the Fiat Chrysler bug bounty program, and a patched printer spooler vulnerability. Download: Threatpost_News_Wrap_July_15_2016.mp3 Music by Chris Gonsalves

Digital rights advocates are again pleading with the World Wide Web Consortium (W3C) to reconsider standardizing DRM in Encrypted Media Extensions, a draft specification that would ultimately feed into HTML 5. Advocacy groups like the Electronic Frontier Foundation (EFF) and security researchers alike have gone on record decrying the move, stressing it could have implications for competition,...

Cisco Systems today released patches for two products, including one for a vulnerability rated a high criticality in Cisco IOS XR for the Cisco Network Convergence System series routers. The flaw rests in the management of system timer resources and could allow an attacker to remotely crash the router. “An attacker could exploit this vulnerability...