Google this week explained how it weighs potentially harmful Android apps using the Verify Apps malware scanner and a scoring system it calls Dead or Insecure.

MedSec CEO Justine Bone talks to Mike Mimoso about the St. Jude Medical vulnerabilities, the considerations her company and Muddy Waters made in short selling St. Jude stock, and the current state of medical device security. Download: Justine_Bone_on_St._Jude_Vulnerabilities_and_Medical_Device_Security.mp3 Music by Chris Gonsalves

Carbanak has surfaced again with new campaigns using Google hosted services such as Forms and Sheets as command and control channels.

Docker has patched a privilege escalation vulnerability that could lead to container escapes, allowing a hacker to affect operations of a host from inside a container.

Oracle patched 270 vulnerabilities, many remotely exploitable, across 45 different products as part of its quarterly Critical Patch Update (CPU) on Tuesday.

Researchers are keeping close tabs on a new ransomware strain called Spora that offers victims unique payment options.

Samsung Smartcam devices are vulnerable to remote takeover via a malicious firmware update, researchers with the former GTVHacker group said.

Researchers say iTunes and Apple’s App Store suffer from a persistent input validation and mail encoding web vulnerability. If exploited, it could allow an attacker to inject their own malicious script.

Command injection vulnerabilities and accessible default admin credentials in home routers distributed by Thailand’s largest broadband provider remain unpatched despite private disclosures to the vendors last July.

Things are about to get a lot safer on the internet with SHA-2, but there is plenty of work still to be done when it comes to SHA-1 deprecation.