Eight out of 10 Android devices are affected by a critical Linux vulnerability disclosed last week that allows attackers to identify hosts communicating over the Transmission Control Protocol (TCP) and either terminate connections or attack traffic. The flaw has been present in the TCP implementation in Linux systems since 2012 (version 3.6 of the kernel),...

Less than a month after disclosing a Windows User Account Control bypass, researcher Matt Nelson today published another attack that circumvents the security feature and leaves no traces on the hard disk. This time, the bypass relies on Event Viewer (eventvwr.exe), a native Windows feature used to view event logs locally or remotely. Nelson said...

Hotels from Vermont to California have been victimized in a data breach that may have leaked payment data from tens of thousands of point of sale purchases. Customers who frequented 20 hotels run by HEI Hotels and Resorts, a hospitality owner that counts hotel chains like Marriott, Sheraton, and Westin, among its brand names, may be...

After painstakingly calculating the true cost of cybercrime in the European Union researchers conclude it’s nearly impossible to come up with hard numbers. In a study released this week by the European Union Agency For Network And Information Security (ENISA) researchers assert that it’s vitally important to identify the magnitude of cybercrime against the European...

An undocumented SNMP community string has been discovered in programmable logic controllers (PLCs) built by Allen-Bradley Rockwell Automation that exposes these devices deployed in a number of critical industries to remote attacks. Researchers at Cisco Talos today said the vulnerability is in the default configuration of MicroLogix 1400 PLC systems. Rockwell Automation, meanwhile, said versions...

Stealing data from air-gapped computers is one of the great exercises in computer security: advanced attackers covet what’s stored on these isolated machines, while researchers try to figure out the novel ways adversaries could jump those gaps. The latest effort doesn’t involve USBs, heat, acoustical mesh networks, or decoding radio signals. Instead, researchers from Ben-Gurion...

Academic researchers added another hack to a growing list of compromises involving vehicles, and this one should give drivers pause the next time they leave valuables locked in their trunk. This hack involves millions of Volkswagen, Ford and Chevrolet vehicles that rely on an outdated key fob technology, which creates an opportunity for even an “unskilled adversary”...

Google is expected soon to begin a gradual rollout of new security features in Gmail that warn users if the system could not authenticate the sender of an email message. Starting this week for browser-based users of Gmail and Android users, Google will display a question mark over a sender’s profile photo or user logo...

Opponents of the government’s constant talk about intentional backdoors and exceptional access finally may have their case study as to why it’s such a bad idea. Two researchers operating under aliases (my123 and slipstream) this week posted a report—accompanied by a relentless chiptune—that reveals how Microsoft inadvertently published a Secure Boot policy that acts as...

Sławomir Jasek with research firm SecuRing is sounding an alarm over the growing number of Bluetooth devices used for keyless entry and mobile point-of-sales systems that are vulnerable to man-in-the-middle attacks. Jasek said the problem is traced back to devices that use the Bluetooth Low Energy (BLE) feature for access control. He said too often...